Re: Access to data not displayed in Whois (was Re: [gnso-dow123] Alternative proposal re Whois)

[marilynscade@xxxxxxxxxxx]

Jordyn, Thanks 

I appreciate seeing this. 
I am reviewing carefully. 

However, I suggest that there has to be discussion of a "rapid response" 
mechanism, and this doesn't meet that goal, although it provides a good 
framework for dialogue and exchange of views in what I hope will return to 
civil discourse. 

I am at the IGF and have seen  days of really civility in even extreme 
disagreements in perspective upon ocassion. Oh, there have been jmoments' but 
really rare, in my view. 
Seems a good objective. 

I am interested in discussion this administrative procedure, without prejudice, 
 but suggest that the split, even if do reach agreement on processes, might be 
on 'urgent' time frames. 

More discussion is needed on the procedures, etc. And I will think abt that for 
a possible posting. 

For now, 
I would suggest that in urgent situations there must be better than 2-3 days-- 
I am sure that the technical folks understand that something like a phishing or 
distributed attack' takes all concerted efforts, and law enfoecement calls are 
not always the first action taken. Calls to law enforcement do take place and 
are pursued, along side fighting attacks with great urgency. This needs to be a 
recognized problem. 
Secondly, the registrars seem to be volunteering to take on vastly increased 
numbers of 'requests' whether or from whence they cometh. 
Has the registrar constituency reps done a survey of their members/ or some of 
them regarding how they envision dealing with for instance hundreds to perhaps 
thousands of requests? Is there a sizing of costs available to take into 
account in terms of feasibility of implementability of a possible policy? 
Something Council must consider and a responsible and informed discussion is 
needed. I hear a lot abt narrow margins in registrars and I have sympathy for 
concerns abt 'unfunded mandates'. (Having run a business that had high customer 
service' costs). 

May have more thoughts, but perhaps these few, offered for discussion. 
Regards,
Marilyn Cade
  

-----Original Message-----
From: "Jordyn Buchanan" <jordyn.buchanan@xxxxxxxxx>
Date: Wed, 1 Nov 2006 17:42:52 
To:"Metalitz, Steven" <met@xxxxxxx>
Cc:gnso-dow123@xxxxxxxxxxxxxx
Subject: Access to data not displayed in Whois (was Re: [gnso-dow123] 
Alternative proposal re Whois)

One topic that we have scheduled for discussion next week is how to access 
contact information not displayed in the Whois system.

Here is a concept that I have sketched out very roughly--further input (or 
completely different approaches) are welcome: 

- Unpublished information will be made available under the following 
circumstances:
  1) The reason the data was withheld is no longer valid, OR
  2a) The domain name, or the resources referenced by the domain, is being used 
in an illegal manner, or in a manner that negatively effects the security and 
stability of other internet resources, AND 
  2b) There is no other more appropriate source for the data, or the data is 
not available from such a source.*
- If a requester needs access to non-published data, they could apply for 
access to the data.  The requester would make a prima facie case that one of 
the circumstances above had been met, and would make a request of the data. 
- As in Steve's special circumstances proposal, some reasonable third party 
would evaluate the request and determine whether the circumstnaces for the 
release of data had been met.  This request would be evaluated by the third 
party with a fairly short expectation for turnaround ( e.g., within 3 business 
days).  If the third party agrees that the data should be released, the 
registrar would provide the non-published data to the requester.
- When the request for the data is made, the registrant will be notified of the 
request** (I'd like to hear perspectives on whether or not the identity of the 
requester should be included).  At any time prior to the disclosure of the 
data, the registrant may request that the registration be cancelled instead of 
the data being disclosed. 

* For example, if the complaint was that a DOS attack was originating from a 
particular IP address (that was also associated with a domain name) and the 
information was available from the IP address registry, the data would not be 
disclosed through this mechanism. 

** I recognize that in some circumstances, investigations may be underway where 
criminal wrongdoing is taking place and we don't want the bad guy to realize 
this and destroy evidence of their crime.  However, in these cases it should be 
possible to use a subpoena or some other aspect of legal due process in order 
to obtain the information confidentially. 

Jordyn


On 10/30/06, Metalitz, Steven <met@xxxxxxx
: <mailto:met@xxxxxxx> > wrote: I had hoped to be able to improve the proposal 
with comments from other
task force members, but since these do not seem to have materialized, I
will aim to put this in final form this week.

Steve

-----Original Message----- 
From: Ross Rader [mailto:ross@xxxxxxxxxx: <mailto:ross@xxxxxxxxxx> ]
Sent: Sunday, October 29, 2006 8:56 PM
To: 
ross@xxxxxxxxxx: <mailto:ross@xxxxxxxxxx> 
Cc: Metalitz, Steven; 
gnso-dow123@xxxxxxxxxxxxxx: <mailto:gnso-dow123@xxxxxxxxxxxxxx> 
Subject: Re: [gnso-dow123] Alternative proposal re Whois

Resent - not sure if it was sent/received last time around.

Ross Rader wrote:
> When do you expect this proposal to move to a more finished state? 
>
> Metalitz, Steven wrote:
>>  Attached please find an alternative proposal on Whois which I hope
>> the TF can consider.  It is the result of discussions among members
>> of the IPC and other constituencies and is a working draft, based 
>> largely on the model used for several years in the Dutch ccTLD, .NL.

>> I would be glad to take a few minutes on today's call to present it
>> and will ask that it be discussed in more detail on our next call. I 
>> look forward to your comments and suggestions and would note again
>> that this is intended as a working draft, not a final product.
>> Steve Metalitz
>>
>>
>