Re: [gnso-whois-wg] Comments on WWG report draft 1.5

["Palmer Hamilton" <PalmerHamilton@xxxxxxxxxxx>]

On behalf of the banks who I represent, I would like to state that Steve's 
expressions of support mirror the support of my banks for the provisions upon 
which he commented.

As I have indicated repeatedly, banks can provide consumers their most 
effective defense against phishing and other forms of internet fraud.  The 
WHOIS data is a necessary tool in order to shut down such activity.  I confess 
that the current draft WHOIS OPoC proposal gives insufficient comfort that this 
tool will be as readily available were it to be ultimately adopted by the Task 
Force, the GNSO Council, and the ICANN Board.  In fact, we believe our proposal 
to give banks access via governmental bank regulators through the carefully 
constructed mechanism we proposed would protect consumers far better.

However, in terms of the current draft, we believe that Steve's points are 
essential.  To weaken them would take a flawed mechanism and make it totally 
unworkablke from the standpoint of fighting fraud on the consumer.

The REVEAL function is crucial in this regard.  It is also absolutely necessary 
that the OPoC acknowledge and consent to its role.  Without this, the proposal 
would truly be gutted.

Also, Steve's poiint comncerning the registrar's obligation to REVEAL if the 
OPoC fails to do so is extremely important.

Finally, I would note that Steve, I am sure, unintentionally characterized our 
bank proposal as "self-authenticating."  Actually, under our bank proposal, 
governmental bank regulators would authenticate banks entitled to access AND 
all access would be through the bank regulators with an audit trail to confirm 
proper usage.  No self-authenticating would be permitted.  As I state above, we 
still believe this is the preferable approach for banks, and it addresses the 
various concerns expressed in our Subgroup B discussions.  


-----Original Message-----
From: owner-gnso-whois-wg@xxxxxxxxx <owner-gnso-whois-wg@xxxxxxxxx>
To: gnso-whois-wg@xxxxxxxxx <gnso-whois-wg@xxxxxxxxx>
Sent: Tue Jul 31 16:37:27 2007
Subject: [gnso-whois-wg] Comments on WWG report draft 1.5 

 Since we have already discussed Sections 1-3 of version 1.5 on last
week's call, and understand that some modifications will be forthcoming
in version 1.6,  we'd just like to offer a few observations as IPC
representatives to the Working Group.  

In general, we support most of the AGREED statements in Sections 1-3 of
the report. To be more specific, we think it essential that the
responsibilities of the OPOC include RELAY in virtually all cases, and
REVEAL when the requester presents reasonable evidence of actionable
harm, or when there has been a demonstrable failure of the RELAY
process.  The REMEDY responsibility should apply only to a narrow class
of abuses in which immediate action is required; there has been little
progress in defining the boundaries of this class.   

We also believe it is essential that the OPOC acknowledge and consent to
its role and to these responsibilities.  The draft report sets out a
feasible and lightweight method for doing so, in our view.  

These observations form the basis for our comments on the remaining
sections of the report, as follows: 

Section 4:  While we AGREE with the general statement made on lines
357-366, it might clarify matters to state that the registrar's
obligation to REVEAL arises from a failure of an OPOC to REVEAL or to
RELAY.  Any other actions listed would occur (if at all) only for
failure of the OPOC to REMEDY in the narrow class of cases to which that
action applies.  We note again that that class had not been defined yet.


Section 5:  We generally agree with the AGREED statements in this
section, in the context of OPOC roles and responsibilities as outlined
above.  

Section 6:   In the AGREED statement in section 6.1, the parenthetical
should read "(web-based, Port 43 or bulk)" to reflect the status quo.
While we think it could be fruitful to discuss modification of the
current requirement for providing Port 43 access, that discussion should
take place in a venue other than this Working Group.  

We generally agree with the AGREED statements in section 6.5 and 6.6.
Entities other than law enforcement need a practical mode of access to
data that would be removed from public access under the OPOC proposal,
and no viable means of third-party authentication has been proposed
(without prejudice to the various proposals for authentication on behalf
of bank requesters, which have not been discussed in much detail).  The
self-declaration route, which has not been discussed in depth, should
include safeguards against abuse.  

Steve Metalitz (for himself and Kristina Rosette and Ute Decker), IPC
representatives to Working Group