[gnso-whois-study] my answers as I may leave earlier
- To: gnso-whois-study@xxxxxxxxx, liz.gasster@xxxxxxxxx
- Subject: [gnso-whois-study] my answers as I may leave earlier
- From: Jordi Iparraguirre <ipa@xxxxxxxxxx>
- Date: Tue, 15 Apr 2008 14:59:44 +0200
having read the docs for the meeting today, and not being sure to be
able to stay until the end (urgent family issues to attend), I'd like to
expose my answers to Liz's well structured documents and questions:
There are 2 main cases: registries that must abide to local data privacy
laws and registries that do not (yet). I'm focusing here on the ones
that must abide to local privacy laws as time is running against us. For
the ones that do not (yet) have to comply, the same model might apply if
F1- Regardless of the fact that whois data may or may not be misused
(1st category) we have the fact and the urgency that (category 2) data
protection compliance is a must in certain countries and for certain
F2- certain ccTLD and gTLD are moving to comply with local laws
(category 2), so different de facto standards on whois data access are
being created (.uk, .fr, .tel, ...) and making difficult, as we speak,
to get what categories 5 and 6 want to investigate.
F3- In addition, we may accept that in the same way phone customers may
opt out of yellow pages and similar services (robinson lists, etc),
registrants may also want to remove private data from whois public
access. Registrants, paranoids or not, have the right to protect their
privacy (privacy sense may be different in different parts of the
world). This is also why certain registrars offer it (category 3). Whois
data accuracy (category 7) is always an issue and it is another variable
that does not influence the decision of whois data public/protected.
The proposed studies are indeed interesting and can yield insight on the
market, issues, methods, etc, but wont fix the issue certain registries
face. Some studies may provide data to fine tune the solution but won't
help deciding if a registry can or cannot abide to local privacy laws;
registries just must do it, it's the law !
These 3 forces described above may drive us to elaborate guidelines for
a solution to that issue (rather than making more studies) that should:
G1- provide easy and fast access to all whois data to "all these that
need to know" for law enforcement and/or IP protection, etc.
G2- help registries to easily adapt to local data privacy laws in such a
way that grants item G1 above.
G3- allow individuals (registrants) to protect their privacy by allowing
them to hide phone, fax, address, email) form public indiscriminate view
if they wish.
All that can be achieved if, for instance (other methods an be equally
good, but let me propose one just to move forward):
S1- registries and registrars continue to collect registrant's data as
of today. Registrars just need to send to registries 2 more bits of
info: Individual (Y/N) and Privacy (Y/N) when sending a registration
S2- ICANN acts as a central clearing house for any company or entity
that "needs to access all Whois data in bulk and 24h/7d". Once endorsed
by ICANN, they my get full and fast access to whois data as they are
doing today. Registries could also do it, but ICANN may have a wider WW
view and may deal with it, for instance, similarly to accredited registrars.
S3- Registries that are to adapt to local laws can set up a tiered
access to all whois data. For instance: individual registrants decide
whether sensible whois data (phone, address, email, ..) is or not public
to all. Non individual registrants do not have this option and all their
data is public to all.
S4- entities "that need to know", once cleared by ICANN, can get from
registries the channel to access to all whois data, in particular,
sensible data of individual registrants.
So only registries that are forced to adapt to local privacy laws are to
implement whois tiered system. Registrars just need to send 2 more bits
of info and ICANN may help coordinating the "accreditation" to all
"these that need to know".
Instead of debating which studies seem more important, I'd rather work
on understanding th main forces driving the issue and defining the
guidelines that can help us to propose a solution.
Thanks for reading :-)
En/na GNSO.SECRETARIAT@xxxxxxxxxxxxxx ha escrit:
There will be a WHOIS Study Group call today, Tuesday 15 April at 15:00
that is: 08:00 PDT (California), 10:00 CDT (Cedar Rapids), 11:00 EDT
(Washington DC), 16:00 BST (London), 17:00 CEST (Brussels).