RE: [gnso-dow123] For your review: Revised version of preliminary task force report on Whois services

["Marilyn Cade" <marilynscade@xxxxxxxxxxx>]

A couple of thoughts for fellow TF'ers.

I have concerns about the registrars  being put into a very challenging
situation of creating 'on the fly' procedures for how to work with law
enforcement and other legitimate users of WHOIS data.  I see that Ross
thinks that the present situation will 'scale' and I respect his personal
views, and those of the registrars. 

However, I don't believe that this is supportable over 800 registrars. Some
form of standardized procedures will undoubtedly be needed to bring
certainty and predictability to registrants, irregardless of the interests
of registrars to develop kinds of services in this area. 

The registrars will also find, over time, I suggest, that law enforcement
requests from the myriad number of law enforcement agencies, around the
world, are hard to deal with, and they will have to retain special lawyers,
etc. to ensure that they are getting the right legal documents, etc.
Instead, it appears that a standardized administrative procedure, with a
common format, and that always contains the relevant identifying information
of the requestor, would be advantageous. 

In the development of the request related to the 'safe harbor' related to
data transfer, etc. there was a good deal of discussion about this kind of
situation and the demands that the multiple and diverse kinds of requests
meant to the intermediary. 

I am concerned that it appears that registrars are emerging in some topics
as a new form of intermediary to negotiate on behalf of a registrant with
anyone who would need WHOIS data that is not publicly displayed. Registrants
today, in general, are not aware of that proposed new role. Some may say
that if you sign up for a proxy service that you read the agreement and
understand that you have agreed to that, and I am not disputing that,
however, OPOC puts this on a whole new scale and in my view, the public
comment process should take further comments on this, and also this question
should be asked of governments via the GAC, as one of the considerations of
both proposals for change. 

I have previously posted that from the BC perspective, we wish to see the
special circumstances proposal developed along with the OPOC, but have
concerns that there are areas that neither address from the fuller ToR to
the TF. For instance, we have not discussed the possibilities that moving to
web based Whois could be a possible deterrent to using emails; or that
moving to standardized contractual terms for access to bulk access data, or
to port 43 data might help to cut down on any possible misuse of the data by
third parties. 

Also, I have sent Steve a few thoughts on possible edits to the special
circumstances proposal, that I need to leave in his hands as author of the
proposal or perhaps David Fares, another BC rep to the TF can read them. I
am unfortunately at the ITU and tied up due to circumstances of
intergovernmental organizational politics. 

Finally, I keep hearing words of concern about ICANN becoming 'regulator',
etc. and that is why there can't be any guidelines, standards, etc. I think
that we need to get down to a realization that 'we' created ICANN to be in
lieu of intense and heavy regulation and a patchwork of laws and regulations
that gTLD registries and registrars have to study, analyze, and perform
against, as do the ISPs and communications service providers. 

Certainly the threat of regulation is indeed out there. Better a form of
light contract based self governance then having to turn to the oversight
that is provided by the intergovernmental organizations. Or having to turn
to 140 different countries and complying with laws one by one, with
different services or some small variation by country. That's the present
situation in other sectors, such as in the data retention directive
implementation going on now. 



Apologies for missing the call. 


-----Original Message-----
From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx] On
Behalf Of Ross Rader
Sent: Friday, November 03, 2006 9:35 PM
To: Maria Farrell
Cc: gnso-dow123@xxxxxxxxxxxxxx
Subject: Re: [gnso-dow123] For your review: Revised version of preliminary
task force report on Whois services

Maria Farrell wrote:
> Dear all,
>  
> Please find attached a revised version of preliminary task force report 
> on Whois services for your review and discussion on next Monday's call.
>  
> Please also be aware that constituency statements will be solicited 
> during the public comments period that will be launched regarding this 
> report.
>  
> All the best, Maria


I've attached a marked up draft with my preliminary comments, here are 
the accompanying notes:

pg. 4 -  Points on which we have consensus - I don't believe we have 
consensus that "most Registrants" do not understand the meaning or 
purpose of the different contacts, but I believe that we have consensus 
that "many Registrants and Whois users" do not understand the meaning. 
Without doing some sort of exhaustive survey, we would be hard pressed 
to state with any certainty whether or not the majority (most) of 
registrants and whois users are confused by the purpose and use of contacts.

pg. 4 - Points on which we have consensus - we have consensus that less 
data should be published in Whois. Both the OPOC proposal and the 
Steve's special interest draft indicate that less data should be made 
available. The OPOC proposal takes this a step further and says "less 
data and different data" but no one has disagreed that less data should 
be published (otherwise, why would there be a need for exceptions that 
limit the data that gets published)

pg. 4 - Points on which we don't have consensus - we don't have 
consensus on the OPOC proposition that "different" data should be 
published. Steve's draft doesn't talk about publishing different data, 
it talks about publishing less data, as does the OPOC proposal. The OPOC 
proposal also talks about publishing different data, a point on which 
there is no consensus (see above as well).

pg. 12 - I added some language to reflect the specific fact that the 
proposal includes input and revisions from all constituencies.

pg 13 - I don't know if anyone has specifically proposed that processes 
from the telecoms space would be used for access to unpublished data, 
but that registrars would continue with current means of working with 
law enforcement and rightsholders and document them in a statement of 
best practices.

pg 20 - I'm not sure that the general agreement is that providing 
consumer education is within ICANN's mandate or not, so I have rephrased 
this as a "should"

pg 25 - Steve's implication that the availability of a privacy option 
increasing overall data accuracy is simply his conjecture - i.e. it is 
not fact based. To the contrary, we have heard time and time again in 
this TF from various industry experts, groups and stakeholders that the 
when faced with a mandatory publication requirement, registrants are 
induced to provide false data. Furthermore, a large body of research 
exists suggesting that specific registrants will provide false data no 
matter what the privacy option is. This stands in stark contrast to 
Steve's guess that the availability of such an option might prove to 
increase overall data accuracy. Therefore, I have removed the word 
"indicated" and changed it to "surmised" based on the lack of factual 
support for this statement.

pg 55 - Steve has clearly indicated that the version circulated to the 
mailing list was a working draft and that a final submission would be 
provided to the task force. The text of the submission also indicates 
that the document is a draft copy, and not a final submission. 
Therefore, the Annex title should be clearly marked as a draft for 
review purposes and not as a final submission so as not to confuse the 
reader as to the status of this proposal.

Please let me know if you have any questions.

-ross