[gnso-dow123] Access to data (from the report)

["Jordyn Buchanan" <jordyn.buchanan@xxxxxxxxx>]

Here's the discussion of Access to data included in our preliminary
report.  This may be useful for today's discussion:

(1) Representatives of the registrar constituency proposed that such
data could be made available by contacting the registrar of record for
the domain name, without any new rules or policies, but be made
subject  to best practices. Today, registrars handle many requests for
other  information not published in the Whois, and they expect to
handle requests  to data removed from the Whois in a similar manner.

2) UDRP mechanism: The special  circumstances proposal calls for
procedures in this area to be "coordinated to the extent feasible
with existing procedures such as the UDRP," to which only minor
adaptations would be needed. When the "legitimate complaint of abuse"
that gives rise to the need to access actual registrant data is a
claim  of bad faith registration and use of the domain name, the
customary notification  by the dispute resolution provider to the
registrar of the filing of  a UDRP complaint could also include a
directive for the registrar to provide  to the complainant the contact
information that it holds on a registrant  in the special circumstance
program. Under the UDRP, the registrar is  contacted only after review
of the complaint for administrative compliance,  which is a safeguard
against abuse.  Of course, where the legitimate  complaint of abuse
concerns behavior not covered by the UDRP, a separate  procedure may
be needed.

(3) The task force chair proposed a mechanism that would allow Whois
users to request access to the removed data elements if the reason the
information was removed was no longer valid, or if the domain was
being  used illegally or to harm the security or stability of other
Internet  resources.  A third party would evaluate the request, and
allow the release  of the data if the party making the request proved
that one of these  conditions had been met.

(4) Representatives of the IP constituency suggested that one element
of another of the task force chair's proposals be considered in this
area.  That proposal would allow the data to be accessed by anyone
entering  into a contract agreeing to (as yet undefined) limitations
on the use  of the data.  Under this proposal, a third party would
handle the contracting  process and would also supply a set of
credentials that could be used  to access the data.  A number of
specific technical mechanisms for accessing  the data were also
presented.


(5) In lieu of having data corrected  or revealed, registrant shall
have the option of allowing the domain  name to lapse.  Where the
registrant requests the "lapse"  option, the domain name shall be
stopped from resolving and registrant's  identifying information shall
not be turned over to the requesting party.   Registrant may request
suspension pending resolution of the dispute  in a "John Doe"
(anonymous) proceeding, or cancellation (where  registrant does not
respond or challenge the request).  In either  case, registrant's
information shall not be turned over [unless that  is specifically
ordered in a judicial proceeding].