[gnso-whois-study] my answers as I may leave earlier

[Jordi Iparraguirre <ipa@xxxxxxxxxx>]

Hi,

having read the docs for the meeting today, and not being sure to be 
able to stay until the end (urgent family issues to attend), I'd like to 
expose my answers to Liz's well structured documents and questions:

There are 2 main cases: registries that must abide to local data privacy 
laws and registries that do not (yet). I'm focusing here on the ones 
that must abide to local privacy laws as time is running against us. For 
the ones that do not (yet) have to comply, the same model might apply if 
they wish.

F1- Regardless of the fact that whois data may or may not be misused 
(1st category) we have the fact and the urgency that (category 2) data 
protection compliance is a must in certain countries and for certain 
registries. Then:
F2- certain ccTLD and gTLD are moving to comply with local laws 
(category 2), so different de facto standards on whois data access are 
being created (.uk, .fr, .tel, ...) and making difficult, as we speak, 
to get what categories 5 and 6 want to investigate.
F3- In addition, we may accept that in the same way phone customers may 
opt out of yellow pages and similar services (robinson lists, etc), 
registrants may also want to remove private data from whois public 
access. Registrants, paranoids or not, have the right to protect their 
privacy (privacy sense may be different in different parts of the 
world). This is also why certain registrars offer it (category 3). Whois 
data accuracy (category 7) is always an issue and it is another variable 
that does not influence the decision of whois data public/protected.

The proposed studies are indeed interesting and can yield insight on the 
market, issues, methods, etc, but wont fix the issue certain registries 
face. Some studies may provide data to fine tune the solution but won't 
help deciding if a registry can or cannot abide to local privacy laws; 
registries just must do it, it's the law !

These 3 forces described above may drive us to elaborate guidelines for 
a solution to that issue (rather than making more studies) that should:
G1- provide easy and fast access to all whois data to "all these that 
need to know" for law enforcement and/or IP protection, etc.
G2- help registries to easily adapt to local data privacy laws in such a 
way that grants item G1 above.
G3- allow individuals (registrants) to protect their privacy by allowing 
them to hide phone, fax, address, email) form public indiscriminate view 
if they wish.

All that can be achieved if, for instance (other methods an be equally 
good, but let me propose one just to move forward):
S1- registries and registrars continue to collect registrant's data as 
of today. Registrars just need to send to registries 2 more bits of 
info: Individual (Y/N) and Privacy (Y/N) when sending a registration 
request.
S2- ICANN acts as a central clearing house for any company or entity 
that "needs to access all Whois data in bulk and 24h/7d". Once endorsed 
by ICANN, they my get full and fast access to whois data as they are 
doing today. Registries could also do it, but ICANN may have a wider WW 
view and may deal with it, for instance, similarly to accredited registrars.
S3- Registries that are to adapt to local laws can set up a tiered 
access to all whois data. For instance: individual registrants decide 
whether sensible whois data (phone, address, email, ..) is or not public 
to all. Non individual registrants do not have this option and all their 
data is public to all.
S4- entities "that need to know", once cleared by ICANN, can get from 
registries the channel to access to all whois data, in particular, 
sensible data of individual registrants.

So only registries that are forced to adapt to local privacy laws are to 
implement whois tiered system. Registrars just need to send 2 more bits 
of info and ICANN may help coordinating the "accreditation" to all 
"these that need to know".

Proposal:
Instead of debating which studies seem more important, I'd rather work 
on understanding th main forces driving the issue and defining the 
guidelines that can help us to propose a solution.
Thanks for reading :-)
jordi


En/na GNSO.SECRETARIAT@xxxxxxxxxxxxxx ha escrit:
> Dear All,
>
> REMINDER:
>
> There will be a WHOIS Study Group call today, Tuesday 15 April at 15:00 
> UTC,
> that is: 08:00 PDT (California), 10:00 CDT (Cedar Rapids), 11:00 EDT
> (Washington DC), 16:00 BST (London), 17:00 CEST (Brussels).
--
Jordi Iparraguirre
Fundació puntCAT
www.domini.cat