Re: [gnso-thickwhois-dt] weekly status report

[Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>]

Hi Bob,

the Whois Escrow is still ongoing. It is a contractual obligation of 
registrars and is enforced by ICANN compliance.
Best,


Volker
> Hi,
>
> There is serious underlying problem in that ICANN does not own the 
> whois data nor does have it have any authority over it. This problem 
> came to the forefront several years ago with the RegisterFly incident. 
> The whois data was then escrowed for a while (Iron Mountain), but only 
> with the cooperation of the registrars/registries. I am not sure, but 
> I think the escrow program is no longer happening.
> The registrars/registries appear to be the authority over the data, 
> not because of their relationship with their customers, but just 
> because they
> are the authority.
>
>              --bob
>
> On Thu, 27 Sep 2012, Mike O'Connor wrote:
>
> > hi Ray,
> >
> > i think i agree -- i was thinking the word in the database/technical 
> > way when Tim originally raised the point -- whereas there is indeed a 
> > broader definition relating to who has authority over the data.  i 
> > can imagine a scenario where the authoritative data store (in a 
> > database sense) is with the registry, but the registrars are the 
> > entities that have authority over that data due to their relationship 
> > with customers.
> > i think we need clearer words, and we also need to pick which one we 
> > intend.  i'm stuck on what those clearer words would be, but i think 
> > that may be because of my unfamiliarity with the nuance here.  are 
> > there two good words that highlight the difference?
> > once we've got the right words, we've then got an interesting choice 
> > to make as to which one.  clearly, a key "scope" discussion that 
> > needs to get resolved before we wrap up the chartering.
> > thanks,
> >
> > mikey
> >
> >
> > On Sep 27, 2012, at 10:48 AM, "Ray Fassett" <ray@xxxxxxxxx> wrote:
> >
> > > It seems to me that Mikey’s suggestion of “adding something like 
> > > this”: Other implications of migrating the "authoritative" 
> > > repository for registrant data from Registrars to the Registry has 
> > > had the effect of us identifying a “vast majority” vs. those not 
> > > part of the vast majority.  If so, I think this means the scope of 
> > > the issues may have the result of the WG segregating a minority of 
> > > gTLD’s from the majority of gTLD’s in going about their work on the 
> > > issues.  Personally, I think the word “authoritative”, and trying to 
> > > fit this word into the Charter in some common and understood 
> > > context, has complicated things.
> > > Ray
> > >
> > > From: owner-gnso-thickwhois-dt@xxxxxxxxx 
> > > [mailto:owner-gnso-thickwhois-dt@xxxxxxxxx] On Behalf Of Metalitz, 
> > > Steven
> > > Sent: Thursday, September 27, 2012 10:44 AM
> > > To: 'Volker Greimann'; Drazek, Keith
> > > Cc: Gnso-thickwhois-dt@xxxxxxxxx PDP DT
> > > Subject: RE: [gnso-thickwhois-dt] weekly status report
> > >
> > > Volker makes the important point that this issue already exists, it 
> > > is not created by a move to thick Whois.  And what Keith says about 
> > > a registry that “has always had thick whois” is equally true about 
> > > any registry that “has not always had thick Whois” – “The 
> > > registrants in those TLDs gave their consent for the data transfer 
> > > upon registration of their domain name(s).” This is true of every 
> > > single gTLD domain name in existence, because of the RAA provision 
> > > that requires registrars to obtain this consent.
> > > Similarly, the issue of “authoritativeness” of Whois data in the 
> > > thick registry setting already exists in the vast majority of gTLD 
> > > registries.  I appreciate Tim’s view that perhaps registrars that 
> > > service thick registries should not be required to maintain Whois 
> > > data any more, but that would require a change in the RAA and 
> > > clearly seems out of scope for this PDP.
> > > In sum I think the draft adequately captures the scope of the issues 
> > > that the Working Group needs to address.
> > > Steve Metalitz
> > >
> > >
> > >
> > > From: owner-gnso-thickwhois-dt@xxxxxxxxx 
> > > [mailto:owner-gnso-thickwhois-dt@xxxxxxxxx] On Behalf Of Volker 
> > > Greimann
> > > Sent: Tuesday, September 25, 2012 4:23 AM
> > > To: Drazek, Keith
> > > Cc: Gnso-thickwhois-dt@xxxxxxxxx PDP DT
> > > Subject: Re: [gnso-thickwhois-dt] weekly status report
> > >
> > > Hi Keith,
> > >
> > > I agree that cross-border transfers of data would be an issue for 
> > > registries switching to a thick model, however all registrants have 
> > > allready agreed to the publication of the data, and in many cases 
> > > also to a transfer abroad due to many registrar policies having been 
> > > written with both thick and thin models in mind. Registrants also 
> > > agreed to be bound by policy changes. Still, the issue is not 
> > > negligible. Maybe it could be solved by the registry by setting up 
> > > data centers in such jurisdictions where data transfer would be 
> > > problematic, and the central register only pointing to the 
> > > geographic location of the domain, just as currently they point to 
> > > the individual registrars?
> > > This is an issue that needs more thought.
> > >
> > > Volker
> > >
> > > Hi Volker,
> > >
> > > Thanks for the insight. It sounds like there could be multiple 
> > > models of Whois Data authority, which seems appropriate.
> > > Another question around the “authoritative” issue concerns privacy 
> > > laws and anticipated cross-border transfers of data.
> > > For a TLD that has always had Thick Whois, the rules were 
> > > established (and presumably accepted by the registrants in their 
> > > registration agreement with the registrar) from their initial launch 
> > > date. The registrants in those TLDs gave their consent for the data 
> > > transfer upon registration of their domain name(s).
> > > However, transferring personal Whois data for 100+ million 
> > > registrations from scores of international jurisdictions to a single 
> > > entity could raise additional privacy concerns. The question of 
> > > which entity in which jurisdiction has “authority” over the Whois 
> > > data may need to be considered by the WG and should not necessarily 
> > > be presumed to be the registry in every case, dependent upon 
> > > national laws and the range of service offerings across various 
> > > registries.
> > > Thanks, Keith
> > >
> > >
> > > <image001.gif>
> > > Keith Drazek
> > > Director of Policy
> > > kdrazek@xxxxxxxxxxxx
> > >
> > > m: +1-571-377-9182
> > > 21345 Ridgetop Circle Dulles, VA 20166
> > >
> > > VerisignInc.com
> > > <image003.gif>
> > >
> > >
> > > From: Volker Greimann [mailto:vgreimann@xxxxxxxxxxxxxxx]
> > > Sent: Monday, September 24, 2012 1:05 PM
> > > To: Drazek, Keith
> > > Cc: Gnso-thickwhois-dt@xxxxxxxxx PDP DT
> > > Subject: Re: [gnso-thickwhois-dt] weekly status report
> > >
> > > Hi Keith,
> > >
> > > I see your point, but I do not believe it to be as much of an issue 
> > > as you make of it. The registry in any thick whois TLD is the 
> > > central repository of all whois data, regardly of where it was 
> > > registered. The registrar is responsible to provide the data to the 
> > > registry. Verification can be assumed and performed by either. In 
> > > the new RAA, registrars will most likely assume some of the 
> > > responsibility, but the launch of .XXX has show this can also be 
> > > performed on a registry level. In fact, some ccTLDs such as .US also 
> > > perform routine validations on the registration requirements.
> > > On the other hand, we have now seen cases where a "thick registry" 
> > > has made modifications to the registration based on court orders or 
> > > other events, which were not always notified to the registrar, i.e. 
> > > left the registrar database out of synch with the registrar 
> > > database, yet these changes were authoritative as far as the 
> > > ownership of the domain is concerned. Whereas registrars must always 
> > > update the registry to effect a change of data in a thick TLD. In 
> > > other words, as the registry database is the last word on the data, 
> > > it should be the authoritative source.
> > > Best,
> > >
> > > Volker
> > >
> > >
> > > Tim raises an important point, including the question of whether 
> > > registries or registrars are authoritative for Whois data.
> > > I have concerns about a registry being authoritative for Whois data 
> > > when it has no direct connection to the registrant. As discussed on 
> > > our last call, the registry receives Whois data from the Registrar, 
> > > not from the registrant. As such, the registry has no way of 
> > > independently confirming/verifying/validating that the data is 
> > > accurate. I think this distinction becomes more of an issue if 
> > > there’s a future requirement for validation or verification of 
> > > registrant Whois data, as requested by the GAC.
> > > Ultimately, having a Thick Whois database at the registry level only 
> > > centralizes the data…it doesn’t make it any more accurate, 
> > > validated, verified, etc. since registries simply accept what is 
> > > submitted by the registrars.
> > > I understand that some of the existing thick registries may already 
> > > be authoritative for their TLD’s Whois data, so perhaps we can 
> > > benefit from their experience.
> > > This issue may or may not fit into the draft charter, but it’s 
> > > probably worth discussing further on our next call.
> > > Thanks, Keith
> > >
> > > <image001.gif>
> > > Keith Drazek
> > > Director of Policy
> > > kdrazek@xxxxxxxxxxxx
> > >
> > > m: +1-571-377-9182
> > > 21345 Ridgetop Circle Dulles, VA 20166
> > >
> > > VerisignInc.com
> > > <image003.gif>
> > >
> > >
> > > From: owner-gnso-thickwhois-dt@xxxxxxxxx 
> > > [mailto:owner-gnso-thickwhois-dt@xxxxxxxxx] On Behalf Of Tim Ruiz
> > > Sent: Monday, September 24, 2012 12:27 PM
> > > To: Mike O'Connor; Gnso-thickwhois-dt@xxxxxxxxx PDP DT
> > > Subject: RE: [gnso-thickwhois-dt] weekly status report
> > >
> > > Thanks Mikey,
> > >
> > > Sorry I haven't been able to make the calls, one thing or another 
> > > has come up. I think the current draft and changes look good but I 
> > > do have one comment/concern.
> > > It seems to assumes if all regitries are thick that registrars will 
> > > still be required to maintain a set of WHOIS data themselves. 
> > > However, if the registries are all thick and authoritative for WHOIS 
> > > data then I see no reason why a registrar should continue to be 
> > > required to maintain a duplicate set of the data, especially since 
> > > it will also be escrowed by the registry. I would think a number of 
> > > registrars would find it useful and cost effective to simply use a 
> > > registry's authoritative data instead of trying to maintain it 
> > > themselves. And I can easily see an effort by registrars to change 
> > > the RAA and/or policies to reflect that. So I don't think the PDP 
> > > group should assume that both registrars and registries will 
> > > continue to maintain the data. It may be good to note that 
> > > possibility. Or alternatively, that may be a question they want to 
> > > consider. I don't think it would necessarily be out of scope since 
> > > it is tightly associated with whether all registries are thick or 
> > > not, but others may have a different opinion. Best, Tim
> > > -------- Original Message --------
> > > Subject: [gnso-thickwhois-dt] weekly status report
> > > From: "Mike O'Connor" <mike@xxxxxxxxxx>
> > > Date: Sat, September 22, 2012 10:03 am
> > > To: "Gnso-thickwhois-dt@xxxxxxxxx PDP DT"
> > > <Gnso-thickwhois-dt@xxxxxxxxx>
> > >
> > > hi all,
> > >
> > > here's the status report for this week. i *think* we're wringing out 
> > > the last issues in the draft. so this would be a good time to take a 
> > > look at the latest version. what seems to be working well is to run 
> > > your ideas through the list so then we can work through them on the 
> > > call. here's a link to the draft i pushed out after the last call.
> > > http://forum.icann.org/lists/gnso-thickwhois-dt/doc3QzSkLIUIQ.doc
> > >
> > > and here's the status report. i'm hoping we can get to a draft we 
> > > can push out for a consensus call by the end of the meeting on 
> > > Thursday.
> > > thanks,
> > >
> > > mikey
> > >
> > >
> > >
> > >
> > >
> > > - - - - - - - - -
> > > phone 651-647-6109
> > > fax 866-280-2356
> > > web http://www.haven2.com
> > > handle OConnorStP (ID for public places like Twitter, Facebook, 
> > > Google, etc.)
> > >
> > >
> > >
> > >
> > > --
> > > Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> > >
> > > Mit freundlichen Grüßen,
> > >
> > > Volker A. Greimann
> > > - Rechtsabteilung -
> > >
> > > Key-Systems GmbH
> > > Im Oberen Werk 1
> > > 66386 St. Ingbert
> > > Tel.: +49 (0) 6894 - 9396 901
> > > Fax.: +49 (0) 6894 - 9396 851
> > > Email: vgreimann@xxxxxxxxxxxxxxx
> > >
> > > Web: www.key-systems.net / www.RRPproxy.net
> > > www.domaindiscount24.com / www.BrandShelter.com
> > >
> > > Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> > > www.key-systems.net/facebook
> > > www.twitter.com/key_systems
> > >
> > > Geschäftsführer: Alexander Siffrin
> > > Handelsregister Nr.: HR B 18835 - Saarbruecken
> > > Umsatzsteuer ID.: DE211006534
> > >
> > > Member of the KEYDRIVE GROUP
> > > www.keydrive.lu
> > >
> > > Der Inhalt dieser Nachricht ist vertraulich und nur für den 
> > > angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, 
> > > Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist 
> > > unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so 
> > > bitten wir Sie, sich mit uns per E-Mail oder telefonisch in 
> > > Verbindung zu setzen.
> > > --------------------------------------------
> > >
> > > Should you have any further questions, please do not hesitate to 
> > > contact us.
> > > Best regards,
> > >
> > > Volker A. Greimann
> > > - legal department -
> > >
> > > Key-Systems GmbH
> > > Im Oberen Werk 1
> > > 66386 St. Ingbert
> > > Tel.: +49 (0) 6894 - 9396 901
> > > Fax.: +49 (0) 6894 - 9396 851
> > > Email: vgreimann@xxxxxxxxxxxxxxx
> > >
> > > Web: www.key-systems.net / www.RRPproxy.net
> > > www.domaindiscount24.com / www.BrandShelter.com
> > >
> > > Follow us on Twitter or join our fan community on Facebook and stay 
> > > updated:
> > > www.key-systems.net/facebook
> > > www.twitter.com/key_systems
> > >
> > > CEO: Alexander Siffrin
> > > Registration No.: HR B 18835 - Saarbruecken
> > > V.A.T. ID.: DE211006534
> > >
> > > Member of the KEYDRIVE GROUP
> > > www.keydrive.lu
> > >
> > > This e-mail and its attachments is intended only for the person to 
> > > whom it is addressed. Furthermore it is not permitted to publish any 
> > > content of this email. You must not use, disclose, copy, print or 
> > > rely on this e-mail. If an addressing or transmission error has 
> > > misdirected this e-mail, kindly notify the author by replying to 
> > > this e-mail or contacting us by telephone.
> > >
> > >
> > >
> > >
> > >
> > > --
> > > Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
> > >
> > > Mit freundlichen Grüßen,
> > >
> > > Volker A. Greimann
> > > - Rechtsabteilung -
> > >
> > > Key-Systems GmbH
> > > Im Oberen Werk 1
> > > 66386 St. Ingbert
> > > Tel.: +49 (0) 6894 - 9396 901
> > > Fax.: +49 (0) 6894 - 9396 851
> > > Email: vgreimann@xxxxxxxxxxxxxxx
> > >
> > > Web: www.key-systems.net / www.RRPproxy.net
> > > www.domaindiscount24.com / www.BrandShelter.com
> > >
> > > Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
> > > www.key-systems.net/facebook
> > > www.twitter.com/key_systems
> > >
> > > Geschäftsführer: Alexander Siffrin
> > > Handelsregister Nr.: HR B 18835 - Saarbruecken
> > > Umsatzsteuer ID.: DE211006534
> > >
> > > Member of the KEYDRIVE GROUP
> > > www.keydrive.lu
> > >
> > > Der Inhalt dieser Nachricht ist vertraulich und nur für den 
> > > angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, 
> > > Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist 
> > > unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so 
> > > bitten wir Sie, sich mit uns per E-Mail oder telefonisch in 
> > > Verbindung zu setzen.
> > > --------------------------------------------
> > >
> > > Should you have any further questions, please do not hesitate to 
> > > contact us.
> > > Best regards,
> > >
> > > Volker A. Greimann
> > > - legal department -
> > >
> > > Key-Systems GmbH
> > > Im Oberen Werk 1
> > > 66386 St. Ingbert
> > > Tel.: +49 (0) 6894 - 9396 901
> > > Fax.: +49 (0) 6894 - 9396 851
> > > Email: vgreimann@xxxxxxxxxxxxxxx
> > >
> > > Web: www.key-systems.net / www.RRPproxy.net
> > > www.domaindiscount24.com / www.BrandShelter.com
> > >
> > > Follow us on Twitter or join our fan community on Facebook and stay 
> > > updated:
> > > www.key-systems.net/facebook
> > > www.twitter.com/key_systems
> > >
> > > CEO: Alexander Siffrin
> > > Registration No.: HR B 18835 - Saarbruecken
> > > V.A.T. ID.: DE211006534
> > >
> > > Member of the KEYDRIVE GROUP
> > > www.keydrive.lu
> > >
> > > This e-mail and its attachments is intended only for the person to 
> > > whom it is addressed. Furthermore it is not permitted to publish any 
> > > content of this email. You must not use, disclose, copy, print or 
> > > rely on this e-mail. If an addressing or transmission error has 
> > > misdirected this e-mail, kindly notify the author by replying to 
> > > this e-mail or contacting us by telephone.
> > - - - - - - - - -
> > phone     651-647-6109
> > fax          866-280-2356
> > web     http://www.haven2.com
> > handle    OConnorStP (ID for public places like Twitter, Facebook, 
> > Google, etc.)