Access to data not displayed in Whois (was Re: [gnso-dow123] Alternative proposal re Whois)

["Jordyn Buchanan" <jordyn.buchanan@xxxxxxxxx>]

One topic that we have scheduled for discussion next week is how to access
contact information not displayed in the Whois system.

Here is a concept that I have sketched out very roughly--further input (or
completely different approaches) are welcome:

- Unpublished information will be made available under the following
circumstances:
 1) The reason the data was withheld is no longer valid, OR
 2a) The domain name, or the resources referenced by the domain, is being
used in an illegal manner, or in a manner that negatively effects the
security and stability of other internet resources, AND
 2b) There is no other more appropriate source for the data, or the data is
not available from such a source.*
- If a requester needs access to non-published data, they could apply for
access to the data.  The requester would make a prima facie case that one of
the circumstances above had been met, and would make a request of the data.
- As in Steve's special circumstances proposal, some reasonable third party
would evaluate the request and determine whether the circumstnaces for the
release of data had been met.  This request would be evaluated by the third
party with a fairly short expectation for turnaround (e.g., within 3
business days).  If the third party agrees that the data should be released,
the registrar would provide the non-published data to the requester.
- When the request for the data is made, the registrant will be notified of
the request** (I'd like to hear perspectives on whether or not the identity
of the requester should be included).  At any time prior to the disclosure
of the data, the registrant may request that the registration be cancelled
instead of the data being disclosed.

* For example, if the complaint was that a DOS attack was originating from a
particular IP address (that was also associated with a domain name) and the
information was available from the IP address registry, the data would not
be disclosed through this mechanism.

** I recognize that in some circumstances, investigations may be underway
where criminal wrongdoing is taking place and we don't want the bad guy to
realize this and destroy evidence of their crime.  However, in these cases
it should be possible to use a subpoena or some other aspect of legal due
process in order to obtain the information confidentially.

Jordyn

On 10/30/06, Metalitz, Steven <met@xxxxxxx> wrote:
> I had hoped to be able to improve the proposal with comments from other
> task force members, but since these do not seem to have materialized, I
> will aim to put this in final form this week.
>
> Steve
>
> -----Original Message-----
> From: Ross Rader [mailto:ross@xxxxxxxxxx]
> Sent: Sunday, October 29, 2006 8:56 PM
> To: ross@xxxxxxxxxx
> Cc: Metalitz, Steven; gnso-dow123@xxxxxxxxxxxxxx
> Subject: Re: [gnso-dow123] Alternative proposal re Whois
>
> Resent - not sure if it was sent/received last time around.
>
> Ross Rader wrote:
> > When do you expect this proposal to move to a more finished state?
> >
> > Metalitz, Steven wrote:
> >>  Attached please find an alternative proposal on Whois which I hope
> >> the TF can consider.  It is the result of discussions among members
> >> of the IPC and other constituencies and is a working draft, based
> >> largely on the model used for several years in the Dutch ccTLD, .NL.
>
> >> I would be glad to take a few minutes on today's call to present it
> >> and will ask that it be discussed in more detail on our next call. I
> >> look forward to your comments and suggestions and would note again
> >> that this is intended as a working draft, not a final product.
> >> Steve Metalitz
> >>
> >>
> >