Re: [gnso-dow123] redraft of earlier proposal submitted by Marilyn Cade/for discussion on Monday's WHOIS TF call

[Ross Rader <ross@xxxxxxxxxx>]

This proposal is extremely unclear in what it is proposing - less so 
even than the last one you circulated. Could you provide us with a 
bullet summary of your recommendations prior to the call this week?

I am extremely confused by this document.


Marilyn Cade wrote:
> Pragmatic and Achievable Steps toward Addressing Concerns about Public Access to WHOIS Services 
>
> Author:  Marilyn Cade
>
> This paper is authored by Marilyn Cade, in her individual capacity. It draws upon experience in co-chairing the original WHOIS Task Force; participating and reviewing an extensive survey that received slightly over 3,000 responses; reviewing public comments to various Task Force reports; attending and participating in ICANN’s extensive workshop series on WHOIS Issues, and upon her experience in today’s GNSO WHOIS Task Force.  
>
> I. Background: 
>
> Attempts to define the original purpose of WHOIS services encounter many disputes, according to who is speaking, whether it is a business user; an ISP/connectivity provider; a privacy activist/organization; a registry or registrar, law enforcement agency, a sys-adm dealing with network attacks; a legal advisor inside/outside a corporation. 
>
> Much of the debate on WHOIS centers around whether and what data should be publicly displayed. There has been less disagreement about the need for accurate data, and that there are legitimate uses for contact data. There are some different views on which ‘Internet tools’ or other resources might substitute for access to accurate WHOIS data, but little exploration and there is no agreement on whether such ‘tools’ are indeed substitutes. 
>
> 2. Incremental Steps in the Right Direction:
>
> This proposal takes into account that there has been extensive discussion, over a number of years, about the uses, and potential misuses of WHOIS. The proposal is agnostic on the mission and purpose of ICANN and merely addresses a pragmatic approach to addressing certain concerns about public access to displayed data in WHOIS. 
>
> The proposed approaches described below are not intended to be the total answer to all questions raised about publicly available WHOIS data. Thus, the author’s proposal takes a short term to medium term approach to how public access to WOIS data can be addressed, while a more informed analysis/study is undertaken, but on a fast track. The author recognizes that the approach suggested is remedial, but notes that it can take place while further analysis and study is undertaken. 
>
> II. Proposed Changes in Display of WHOIS Services: 
>
> The proposal seeks to create significant changes to the display method, and therefore the access to public displayed data. Such changes can help to curtail, if not eliminate alleged and/or actual data mining and harvesting of email and telephone numbers.  In addition, this proposal would, if implemented, create strict limits to how bulk access and Port 43 access to WHOIS data is granted, and the creation of a ‘white list’ of authorized uses, and users for bulk access.  
>
> 1.      All WHOIS access should be changed in all WHOIS services to web based 
> access. Such web based services should include an Image Verification Check 
> (IVC) of sufficient security strength so that the random letters generated are 
> not easily machine readable. The requirement to implement such a system should 
> become a part of consensus policy, but the mechanism that each 
> registrar/registry uses for IVC should be of their selection, as long as 
> sufficient security is ensured.
>
> 2.	All bulk access should be moved to ICANN managed contractual terms for access, with an application/accreditation process for parties allowed to have such contracts.  This consideration was first proposed by the initial DNSO WHOIS Task Force and deserves further consideration. The ‘white list’ should be maintained by ICANN, and will require a suitable cost based fee to bear the cost of implementation. Criteria for application/accreditation will need further examination, and should be posted for public comment as part of the development of said criteria.  ICANN should develop standard terms and conditions for the agreements, and ICANN should provide enforcement when they are violated and complaints are received from the registry/registrar for such violation, including removing the accreditation for the ‘white list’; such as charging additional fee penalties, etc. 
>
> 3.	In general, parties who need bulk access for legitimate purposes are trademark and other firms that provide trademark defense or portfolio management services. Consensus policy may be needed to establish the framework for collaboration to achieve a balanced solutions and terms.  ICANN operational staff will play a significant role in helping to develop and implement a suitable approach. 
>
> This approach does need further exploration with law enforcement and consumer protection authorities to ensure how best to address their need for port 43 access or bulk access. 
>
>
> III. Study of WHOIS: 
>
> Today, there are close to one billion users of the Internet; with approximately 
> 87 million registered domain names. While estimates vary, approximately 75%+ of 
> these are registered in gTLDs, and approximately 25% are registered in country 
> codes.  It is clear that while some users may find identity in a domain name as 
> an individual, the vast majority of Internet users do  not rely on domain 
> names, but rely on ISPs, web hosters, and connectivity providers to provide 
> them with identity online via web email addresses, individual web pages, etc.
>
> In short, what and who will support identity on the Internet is yet to be determined and continues to evolve.  
>
> Certainly, some individual users do, and will turn to domain names to create identity sites, as well as to provide online services, communications, provide email addresses. But for the vast majority – the jury is still out.   Especially since the vast majority are yet to actually come online. IDNs and other innovations in affordable devices; new affordable access technologies, and increased ‘online literacy’ all hold great promise to draw the second billion users to the Internet. 
>
> Given the changes in gTLDs, and in the Internet itself, it is critical that ICANN undertake and fund an independent third party study to establish neutral and documented research – which will undoubtedly help to provide factual information that can help to inform policy making in WHOIS.  It is time for a comprehensive study which should address the characteristics of registrants and of users of WHOIS data in the non sponsored gTLD registry space.  This study should be undertaken by a neutral third party, retained and funded by ICANN, and study such issues as the characteristics of registrants; whether a domain name is actually in use [live DNS], uses and misuses/abuses of WHOIS data. 
>
> Elements of a study of non sponsored gTLDs and WHOIS, to encompass at least the following issues and questions should include:   
> 	Uses, misuses and abuses of WHOIS data, as publicly displayed
> 	Characteristics of registrants in the non sponsored/open gTLDS, 
> 	e.g.: numbers of registrants who: 1) use the domain name for personal use; 2)for ‘speculation/holding/resale; 3)for traffic aggregation; 4)for non commerce; and 5)for commerce online and 6) governmental or related purpose 7) other
> 	Identify the number of sites that are registered, but do not have ‘live DNS’ versus those that are actually in use
> 	Identify the percentage of inaccurate data, and a sample examination of why the data is inaccurate – e.g. a) aged data; b) typo/registrant error c) purposeful provision of inaccurate data  d) other
>
>
> IV. Consequences and Considerations in Changes in WHOIS Access and Display:
>
> System wide changes in any ‘system’ have to take into account not just the parties who make the changes in the systems that they provide, such as the registrars and registries, but also the users and registrants of such systems, and how they will be informed and assimilate such changes. The impacts of significant changes that affect users/registrants have not yet been addressed in the earlier two proposals. This issue remains a vital, and significant challenge to any system wide change, including those changes proposed in this proposal.  Consideration of the impact and cost will still need to be undertaken.  
>
> Incremental versus Revolutionary Change Approaches: In any operating system that needs to be used and accessible on a 24/7 basis, consideration also has to be given to when and how to make changes; whether dual systems can coexist for a period, what the cost implications are, impact on service and on service provider. No exploration of that has been done by the author.  Such explorations are still pending for the other two proposals as well. 
>
>
> V. The role of IRIS/CRISP:  
>
> Much discussion has been given to the role of IRIS/CRISP as a replacement protocol. Making such a system wide change will be an extensive change and require extensive time to implement. The change in the protocol will enable more flexibility in data access and display than presently exists in the systems utilized by the registrars. However, the timing of any such shift by all the registrars, or by the majority of the larger registrars is unclear.  It would be useful for any and all considerations for change in data display/access to be informed by the status or likelihood of a move to IRIS. 
> This proposal’s recommendations should also be discussed regarding any relationship, or implications.