ICANN ICANN Email List Archives

[whois-comments-2007]


<<< Chronological Index >>>    <<< Thread Index >>>

Public Comment - WHOIS CHANGES

  • To: whois-comments-2007@xxxxxxxxx
  • Subject: Public Comment - WHOIS CHANGES
  • From: "RJGlass | America@Large" <jipshida@xxxxxxxxx>
  • Date: Thu, 25 Oct 2007 09:56:07 -0400

With respect to the ICANN Board of Directors, the following is
submitted by AmericaAtLarge.US

With regard to:
STAFF OVERVIEW OF RECENT GNSO WHOIS ACTIVITIES
http://gnso.icann.org/drafts/icann-staff-overview-of-whois11oct07.pdf

1. Operational Point of Contact (OPOC).  If the OPOC is intended to
replace the 3 datasets currently required for domain registration,
this would simplify the registration of domains, but does not seem to
accommodate the privacy concerns of natural persons (real, live
individuals) and ensure adherence with relevant national privacy laws.
 Responsibilities and obligations of the OPOC would still need to be
clearly defined, including accelerated and adequate time frames for
response.

2. We support the outcome of this discussion that the "ICANN staff
take the necessary steps to proceed with a comprehensive, objective
study on the issues identified by the WHOIS Working Group, by the
Governmental Advisory Committee in its statement of principles on
WHOIS, and by the Council."

3. "There was support (but not agreement) that verification of an
OPOC's active email address must be obtained before enabling a website
to resolve."  If the underlying purpose of having an OPOC is to be
held valid, it would seem that obtaining verification of the OPOC
through email is a valid idea.  However, the advisory should consider
the situation of OPOCs who are appointed to many domains and therefore
verification of the OPOC prior to EACH domain registration would
hinder the performance of the system.  The validity of the OPOC should
need only to be verified once per stated period (year), not per each
domain registration.

4. We support the use of registration by proxy.

5. We do not agree with a public WHOIS in any scope.  The registration
of a domain and the administration thereof is a situation between the
Resgistrant/OPOC and the Registrar.  The public has no valid need for
unbridled access to this data.

6. Charging access fees for WHOIS data does not preclude privacy
rights.  Charging fees does not replace the need for maintaining
privacy of the database.

7. Suggestion for maintaining privacy: A requestor should be able to
contact the registrar to request contact info.  The purpose of the
request should be clearly defined.  The registrant should be able to
decide what types of requests should be approved.

- Summary -
The outcome of the WHOIS task force is far from complete.  However, it
does touch on many considerations and offers to resolve many issues.
We recommend further work on this issues which supports (a) registrant
privacy, (b) ICANN By-Laws, (c) stability of the DNS, (d) a non-public
WHOIS, (e) fully considers the scope and detail of any changes
implemented, (f) continues streamlined registration.

With regard to:
STAFF IMPLEMENTATION NOTES
http://gnso.icann.org/drafts/gnso-whoiswg-report-staff-implementation-notes-11oct07.pdf

1. The paper states, "The WG Report notes that implementing an OPOC
would change the way certain data is collected, displayed and
accessed, resulting in increased costs for service providers (WG
Report, Sec. 1) and delays for requesters of unpublished WHOIS data,
compared with the status quo (WG  report, Sec. 3.1). These
implications are highlighted where applicable below."  However, the
increased costs stated are superficial.  Whenever changes are
suggested within the DNS, providers state there will be increased
costs.  They suggest this to keep from having to submit to changes
within the system and to seemingly validate higher costs for
operations.  These costs are associated primarily with reprogramming
and data migration, the operation of the system itself is primarily
automated and has no inherent variable costs associated.

2. The paper states, "A more robust, "full-blown" OPOC implementation
might require automated OPOC email verification and affirmative
consent to the registrar, and fully authenticated access to
unpublished WHOIS data. Of course each option has important
consequences including questions of cost, accuracy, reliability,
timeliness and recourse."
We appreciate the attentiveness to this matter and ask that this study
continue based on this statement with the expectation that data
privacy be a concern.

3.  We primarily disagree with the stated purposes of the OPOC:
"The purpose of the OPOC is to provide a point of contact in lieu of
the registrant. The WG Report identifies three roles the OPOC might
perform:
- To relay requests in a timely manner and meet certain key
implementation requirements
- To reveal unpublished information about natural persons in a timely
manner when there is
reasonable evidence of actionable harm; or reasonable evidence of
inaccurate WHOIS data;
or when relay fails after a specified period of time
- To determine and implement a remedy, but only when the registrant consents"

In specific, we agree with the first issue - but strongly disagree to
the 2 additional issues.  We further suggest the role of the OPOC to
be:
- To relay requests in a timely manner and meet certain key
implementation requirements.
- To be no different than that currently established as the
registrant, and any proxy services provided be held strictly between
the OPOC and their client, and should not be required to provide to
anyone the contact information of said client, except to the courts or
UDRP panel under a special request.
- To determine and implement a speedy remedy for technical issues with
regard to the registrar/registry and as designated by registrant.
- The OPOC should act as the registrant in all matters regarding the
DNS.  Likewise, the DNS should consider the OPOC as the registrant,
whether it is the actual registrant, registrant by proxy, or assigned
as point of contact by another entity.

4. The paper states, "The WG agreed on several characteristics of the
OPOC. For example, there may be up to two OPOCs; the OPOC may be a
registrant, registrar or third party appointed by the registrant; and
all registrants (legal and natural persons) must appoint an OPOC. The
OPOC would have a consensual relationship with the registrant and
defined responsibilities. The WG also agreed that implementing an OPOC
may simplify contact information currently displayed in WHOIS."

On the surface, we agree with this assumption.  However, instead of
the ability to appoint 2 OPOCs, we suggest establishing A) Primary
OPOC, and the ability to, if necessary, appoint B) a Secondary OPOC.
The Secondary OPOC should be able to act in the Primary's absence.

5. Implementation options for verification identified by the WG:
• Verification could be done by requiring a reply to an auto-generated e-mail.
• Verification may be obtained at the same time as consent (see below)
• The name may be put on hold status by the registrar pending
verification and then put on
active status.
• Registrars may engage with registries with respect to hold status.
• Where registration is not bound to subsequent web-site activation,
no process will be
required.

We support the requirement of auto verification by email, and
verification at the same time of consent.  We support putting the name
on hold status until confirming the identity of the OPOC.  The fourth
point is confusing.  The last point does not coincide with the first 3
points and therefore should be clarified.

We further call on future studies to consider the fact that one OPOC
may be assigned to many domains and given that fact, once an OPOC is
defined it should not need to be verified for each domain.  In the
early days of the DNS, this process was used briefly and historical
records should be consulted as to the process of using this system.

6. With regard to Section 6 (Examining how legitimate interests will
access registration data
no longer published via WHOIS (Section 3, Section 5, Section 6), we
restate our request that the WHOIS be revised to consider privacy of
OPOCs and registrants.  We request that WHOIS be made private and only
accessible through the respective registrar and through revised
channels and proper requests.  Establishing fees for data requests is
not an acceptable option for maintaining privacy.

7. With regard to Section F. Authentication (6.6):
The WG considered whether registrars should authenticate parties
requesting access. The WG Report notes concerns that authentication
would introduce delays and impose cost.

We request that, in order to promote fairness, that registrars should
authenticate parties requesting access to WHOIS data.  The assumption
that this would introduce delays and costs is preposterous.  Rather,
it changes the business rules of the registrar and can be accomplished
by changing the processes in which it operates.  In other words, if a
party wants access to WHOIS records, then it too should be required to
provide means for authentication.  Primarily, this process too could
be automated for certain parties (legal enforcement authorities) and
other consideration for other parties which is to include prior
authorization of the OPOC/registrant.

8. In the section III, Examining whether publication of registration
contact information should be based on the type of registered name
holder (legal vs. natural persons) or the registrant's use of a domain
name (Section 5), the paper states, "The WG agreed that the OPOC
proposal should change WHOIS policy on publication of data to
distinguish between natural persons, where there would be only limited
public display of WHOIS records, and legal persons (company, business,
partnership, non-profit entity etc) for which there would be full
display. However, the WG felt that a distinction based on use was
neither sufficiently timely at the point of registration nor easily
operational."

We do not feel that there is a need to discriminate on either the type
of registrant or the purpose of its use.

-- End of comments --

We thank the contributors to these papers and further ask ICANN to
continually consider the stability of the DNS in making decisions
regarding its operation.

Randy Glass
America@Large
-------------------------
AmericaAtLarge.org



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy