[gnso-dow123] Whois tf teleconf draft minutes 13 September 2005
[To: gnso-dow123[at]gnso.icann.org] Dear All, Attached please find the draft minutes of the WHOIS task force meeting held on 13 September 2005. Please let me know what changes you would like made. Thank you. Kind regards, Glen -- Glen de Saint Géry GNSO Secretariat - ICANN gnso.secretariat[at]gnso.icann.org http://gnso.icann.org <!--#set var="bartitle" value="WHOIS Task Force teleconference minutes"-->
<!--#set var="pagetitle" value="WHOIS Task Force teleconference minutes"-->
<!--#set var="pagedate" value="13 September 2005" value=""-->
<!--#set var="bgcell" value="#ffffff"-->
<!--#include virtual="/header.shtml"-->
<!--#exec cmd="/usr/bin/perl /etc/gnso/menu.pl 'WHOIS Task Force teleconference
minutes'"-->
<h4 align="center"> </h4>
<h4 align="center"><font face="Arial, Helvetica, sans-serif"><b>WHOIS Task
Force<br>
<br>
13 September 2005 - Minutes</b></font></h4>
<p><font face="Arial, Helvetica, sans-serif"><b>ATTENDEES:<br>
GNSO Constituency representatives:<br>
</b> Jordyn Buchanan - Chair<br>
gTLD Registries constituency - David Maher <br>
gTLD Registries constituency - Phil Colebrook <br>
Registrars constituency - Paul Stahura <br>
Registrars constituency - Ross Rader <br>
Registrars constituency - Tim Ruiz (alternate)<br>
Intellectual Property Interests Constituency - Steve Metalitz<br>
Intellectual Property Interests Constituency - Niklas Lagergren<br>
Internet Service and Connectivity Providers constituency - Tony Harris <br>
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
<br>
Non Commercial Users Constituency - Kathy Kleiman<br>
Commercial and Business Users Constituency - David Fares <br>
<br>
<br>
<strong>Liaisons</strong><br>
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer - absent<br>
GAC Liaison - Suzanne Sene - absent - apologies <br>
<b>ICANN Staff</b>: <br>
Olof Nordling - Manager, Policy Development Coordination<br>
Maria Farrell Farrell - ICANN GNSO Policy Officer <br>
<b>GNSO Secretariat </b>- Glen
de Saint Géry <br>
<br>
<br>
<br>
<b>Absent:</b><br>
Internet Service and Connectivity Providers constituency - Greg Ruth <br>
gTLD Registries constituency - Ken Stubbs<br>
gTLD Registries constituency - Tuli Day <br>
Non Commercial Users Constituency - Milton Mueller <br>
Non Commercial Users Constituency - Frannie Wellings <br>
Commercial and Business Users Constituency - Sarah Deutsch - apologies<br>
Commercial and Business Users constituency - Marilyn Cade - apologies<br>
Registrars constituency - Tom Keller - apologies <br>
<br>
<a href="http://gnso-audio.icann.org/WHOIS-20050913-tf123.mp3";>MP3 Recording
</a><strong><br>
<a href="http://forum.icann.org/lists/gnso-dow123/msg00606.html";>Summary</a>
</strong>(the date on the summary should be 13 September and not 12 September
2005)<br>
<strong><br>
Agenda <br>
<a href="http://forum.icann.org/lists/gnso-dow123/msg00515.html";>Types of
problems that Whois is intended to address.</a><br>
<br>
Maria reported that the<a
href="http://www.gnso.icann.org/issues/whois-privacy/tf-prelim-rpt-12sep05.htm";>
recommendation 2 </a>had been posted for<a
href="http://www.gnso.icann.org/comments-request/";> public comment</a>.<br>
</strong></font><font face="Arial, Helvetica, sans-serif"><br>
<a href="http://forum.icann.org/lists/gnso-dow123/msg00539.html";>All
constituency statements </a>on the purpose of WHOIS, except for the Registrar
constituency, and the statement on purpose of the contacts by the NCUC have
been received<br>
<br>
<strong>Ross Rader</strong> gave a high level summary of the registrar's
statement saying the purpose should be limited, technical in nature, and
facilitate the purposes supported under the ICANN contract such as
transfers.<br>
Ross further clarified technical saying that it was an issue if a domain was
being used for spam, or if there was a web server non-functioning, sending
out spam. <br>
<strong><br>
Jordyn Buchanan</strong> noted that the purpose of constituency statements
was to inform the ongoing process, serve as a base line to the discussion and
ascertain common ground. <br>
<br>
<br>
<strong>Jordyn Buchanan</strong> referred to his<a
href="http://forum.icann.org/lists/gnso-dow123/msg00515.html";> email of August
17- Purpose of WHOIS - types of problems</a><br>
"1) Some constituency statements indicate that the purpose of the Whois
system is to provide contact information to assist in the resolution of
specific types of problems. For example, the NCUC statement suggests that the
purpose is limited to resolving "technical problems". On the other
hand, the IPC statement does not limit the purpose to resolving a specific type
of problem. The CBUC Statement gives a broader range </font></p>
<p><font face="Arial, Helvetica, sans-serif">Should the purpose of Whois be
defined in resolving specific types of problems?<br>
</font><font face="Arial, Helvetica, sans-serif">...if so...</font></p>
<p><font face="Arial, Helvetica, sans-serif">2) What types of problems should
the purpose encompass? Technical problems? Legal problems relating to the
domain name itself? Legal problems relating to the content hosted using the
domain? Non-legal issues relating to content? Others?"</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong><br>
Jordyn</strong> asked whether it was the ISP and IPC view that the purpose
of WHOIS should not include a type of problem or was it something not
incorporated into their statements ?<br>
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Tony Harris</strong>, ISP
representative, responded that there was a risk, giving as an example cyber
crime which was an evolving science, impacting different issues, legal and
technical and specific definitions of types of problems today, no longer
applied in a short while. Thus, if problems were to included, the definition
should be broad. <br>
<strong>Maggie Mansourkia </strong>added that a useful approach would be a
white list versus a black list and the ISP considered a black list more
helpful than an all-inclusive list, because future legitimate uses were
difficult to predict.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Steve Metalitz</strong>
IPC representative, generally agreed with Tony and Maggie and commented that
there were some uses of WHOIS that were already prohibited by contracts, and
there were some uses in certain countries that were not allowed.<br>
<br>
<strong>Jordyn Buchanan</strong> summarised the views, as a directory of
contact information which might not be allowed for certain things but there
was no judgment about what types of issues it addressed. In addition, caution
was expressed about the terminology "uses" versus
"purpose".<br>
<br>
<strong>David Maher </strong>expressed the opinion that "purpose"
and "use" could not be disconnected. The issue was the public
availability of the names. Historically the WHOIS kept track of the very
limited number of people who had domain names. Things had changed, and the
entire world who uses the internet can see every one's private information.
There was no consensus on this. The IP constituency had clearly stated that
all the information should be publicly available while the Registry
constituency totally rejected that concept. Thus there was no consensus
possible if the purpose of WHOIS was based on the IP constituency's version of
purpose. Attempting to limit the concept of purpose was not very useful.<br>
<strong><br>
Paul Stahura</strong> commented that the purpose of the WHOIS was not to
display contact information but be able to contact the registrant. So, another
technology or mechanism to contact the registrant without displaying the
contact information could be a solution but as long as it was defined as
displaying the contact information, there would not be a solution. It was a
subtle, but important difference.<br>
<br>
<strong>Jordyn Buchanan</strong> suggested another variant, whether the
purpose of WHOIS was to provide a directory or display of contact information
or to allow registrants to be contacted?</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Kathy Kleiman
</strong>quoted the from the Working Party 29 comments that addressed the
question of purpose. <br>
“from the data protection view point it is essential to determine in
very clear terms what is the purpose of WHOIS and which purpose or purposes can
be considered as legitimate and compatible with the original purpose."
Purposes could not be extended to other purposes considered desirable just
because they were useful thus Jordyn's question was important. A similar
comment came from the EU DG Market. <br>
<br>
<strong>David Fares</strong> commented that the Working Party 29 views were
non-binding opinion and while the CBUC enumerates the purpose of WHOIS at a
high level, the task force would be perpetual if all the specific purposes of
WHOIS were enumerated.<br>
<strong>Jordyn Buchanan</strong></font> <font face="Arial, Helvetica,
sans-serif">clarified</font> <font face="Arial, Helvetica, sans-serif">that
the question was whether there should be a list. If the WHOIS was simply a
list of contact information that was not intended to resolve problems, other
issues such as accuracy or access would fall away.The issues were contingent,
if the data was intended for something rather than just plain data.<br>
<br>
<strong>Steve Metalitz </strong>commented that the issue was not either a
finite list of WHOIS purposes or that WHOIS was intended to solve problems.The
NCUC and Ross Rader expressed the view that it could be used to resolve
technical problems and that It might be helpful to understand what was in that
category. <br>
<strong>Jordyn Buchanan</strong> commented that it was important to look into
the reasons for listing the contact information.<br>
<strong><br>
Paul Stahura </strong>commented that if the problems to be solved were not
defined the risk was that the information could be used for undesirable
purposes such as marketing. <br>
<strong>Kathy Kleiman </strong>suggested inviting people to address the task
force on the technical purpose of WHOIS. <br>
<br>
<strong>David Maher </strong>commented that there were two purposes for the
WHOIS : for what and for whom and believed that the original and existing
purpose was to serve the registrars to contact their customers directly for
such purposes as billing, transfers or expiring domain names. If it could be
agreed that the purpose was to supply the registrars only with the data,
except in limited other instances, progress would be made.
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Tony Harris</strong>
commented that in fact the critical data was the credit card data which was the
key to contact the registrant for any purpose and it was independent from what
was shown to the public.
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Ross Rader </strong>and
<strong>Paul Stahura </strong>were not of the same opinion as Tony and Ross
commented that not all registrars had the same business model and process for
registering and that in 20 – 50% of registrations that assumption was not
valid </font><font face="Arial, Helvetica, sans-serif"> that data was collected
at the ISP level rather than from the registrar.</font><font face="Arial,
Helvetica, sans-serif"></font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Tim Ruiz</strong>
commented that even retail registrars and resellers were bound by agreements
on the payment process or with paypal about what they could and could not do
with the information. So there were other agreements and legal uses of the
information.<br>
<br>
</font><font face="Arial, Helvetica, sans-serif"><strong>Jordyn
Buchanan</strong> asked, since there appeared to be concern about being overly
constraining in defining types of problems, whether a definition of the purpose
of WHOIS, as broad as the CBUC 's was helpful in addressing the purpose of
WHOIS?<br>
<br>
<a href="http://forum.icann.org/lists/gnso-dow123/msg00539.html";>CBUC proposed
the following purpose of the Whois database:</a> </font></p>
<p><font face="Arial, Helvetica, sans-serif">"A database of contact
information sufficient to contact the registrant or their agent(s) to enable
the prompt resolution of technical, legal and other matters relating to the
registrant’s registration and use of its domain name."<br>
The purpose of defining purpose was to further frame the discussion and
additional actionable items would be clearer once the purpose was established.
If the CBUC definition were adopted, would there be issues that WHOIS was
supposed to address that would not be incorporated in that definition? <br>
<br>
<strong>Maggie</strong> and <strong>Tony</strong>, responded "no"
</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Paul Stahura
</strong>commented that the CBUC ruled out the purposes that were not problems,
the statement used the terminology"matters" and not problems, for
example the use of WHOIS for obtaining a certificate. Was the purpose to know
the identity of the registrant or to contact them?<br>
<strong><br>
Jordyn </strong>Buchanan summarised saying that assuming it was considered
useful to formulate a definition of what WHOIS was intended to accomplish, how
should it be defined </font></p>
<p><font face="Arial, Helvetica, sans-serif">The NCUC mentioned "technical
problems" and the CBUC mentioned "matters related to the registration
or use of the domain name", and David Maher suggested that the purpose was
limited to providing data to a certain group of people - registrars.<br>
<br>
Was there a need to go beyond technical problems?
<br>
</font><font face="Arial, Helvetica, sans-serif"><br>
</font><font face="Arial, Helvetica, sans-serif"><strong>David Maher</strong>
proposed including Law Enforcement and Intellectual Property as the purposes
of the WHOIS list provided they were limited so that the entire list of names
and personal data was not available to the public globally. Since the members
of the group had different viewpoints, an approach that looked at the meaning
of purpose in a different way was needed.<br>
<br>
The general trend of the discussion that followed indicated that the terms
"technical" and "legal" should be fleshed out.<br>
<br>
<strong>Jordyn Buchanan</strong> proposed two sub groups to examine
"technical" and "legal" issues to reach a useful definition
and incorporate some specific scenarios as well. <br>
<strong>Ross Rader</strong> suggested that in policy discussions, the focus
should be on what was practical and possible and there was a distinct body of
work that referred to WHOIS.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Jordyn Buchanan</strong>
reminded the group that WHOIS was a directory of contact information which
placed a that constraint on what could be done. </font></p>
<p><font face="Arial, Helvetica, sans-serif">It was suggested that the Proposed
NCUC definition of purpose be used a the starting point for
"technical" <br>
<br>
</font><font face="Arial, Helvetica, sans-serif">"The purpose of the WHOIS
is to provide to third parties an accurate and authoritative link between a
domain name and a responsible party who can either act to resolve, or reliably
pass information to those who can resolve, technical problems associated with
or caused by the domain. </font></p>
<p><font face="Arial, Helvetica, sans-serif">By "technical problems"
we mean problems affecting the operational stability, reliability, security,
and global interoperability of the Internet."<br>
<br>
<strong>Jordyn Buchanan summarised: </strong></font></p>
<p><font face="Arial, Helvetica, sans-serif">Two subgroups tasked with creating
language on "Technical issues " and "Legal issues "<br>
within the context of the WHOIS, ICANN core values and mission, national and
legal laws and refer back to the terms of reference. </font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>ACTION: </strong><br>
Two separate mailing lists set up for the subgroup work.<br>
"Technical issues " subgroup - Steve Metalitz, Kathy Kleiman, Ross
Rader<br>
"Legal issues" subgroup
- Davis Fares, Maggie Mansourkia, Jordyn Buchanan<br>
<br>
Other task force members were encouraged to join the groups. </font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>Next Call:<br>
27 September 2005</strong></font></p>
<p><font face="Arial, Helvetica, sans-serif">Report back from the"
technical" and "legal" subgroups.<br>
</font><font face="Arial, Helvetica, sans-serif"><br>
<strong>Jordyn Buchanan </strong>thanked all the task force members for
participating.</font></p>
<p><font face="Arial, Helvetica, sans-serif"><strong>The WHOIS task force call
ended at 17 :10 CET </strong></font></p>
<p> <font face="Arial, Helvetica, sans-serif"><br>
</font></p>
<p><font face="Arial, Helvetica, sans-serif">-</font></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<h1> </h1>
<p> </p>
<p align="center"> </p>
<p> </p>
|