Whois Changes -- Comment by ASIPI (Inter American Association of Intellectual Property)

["Fischer, Ricardo" <fischer.ricardo@xxxxxxxxxxxx>]

The following comment is posted by the Inter American Association of 
Intellectual Property (ASIPI), a not-for-profit Association whose goals include 
the study, dissemination and development of intellectual property laws, and to 
coordinate and harmonize such laws in the Americas. Among its members are 
Intellectual Property (IP) practitioners and owners, members of academia, and 
IP related commissioners and officers. 

As the Internet has developed from a military tool to a project used in 
academia, to its current state as a primary source of information, commerce and 
advertising amongst others, measures have been developed to ensure that the 
general public is protected and able to rely on trusted sources, and to allow 
owners of IP assets to enforce their rights in a new trade channel. 

Requiring special attention and additional thought was the development of a 
proper mechanism for the registration of domain names to avoid disrupting the 
dynamics of the Internet while also providing fast solutions for cases were 
certain rights were violated. Within this context, a consensus was reached to 
continue having a swift and somewhat immediate process for the registration of 
domain names, and also create safeguards for those who felt that their rights 
were threatened to have a fast dispute resolution mechanism to handle their 
claims. The end result was the Uniform Dispute Resolution Policy (UDRP). 

Even though the UDRP was the consensus mechanism created, in many instances IP 
owners need to access alternate forums to enforce their rights, such as courts 
and administrative agencies. For all of these actions and processes, the need 
for information is critical. 

A basic tool in this information gathering process is the WHOIS query/response 
protocol.  At this time, the information provided by a WHOIS query includes an 
address, and telephone and fax numbers of the individual or entity that appear 
as the registrant of a domain name. Additional information includes technical 
and administrative contacts, IP server addresses, and dates related to the 
creation and expiration of the domain name. In many cases, WHOIS serves as the 
only tool for a third party to obtain information regarding the ownership of a 
domain. Moreover, this information can be used by the public, IP owners, as 
well as law enforcement agencies looking to investigate illegal activities that 
may be associated with IP addresses linked to a particular domain. In turn, the 
freedom to access information regarding domain ownership is critical for the 
well being of the Internet as an instrument that carries the means to obtain 
massive amounts of information, provide services, and carry-out commercial 
transactions.  Additionally, any restriction to the access of this information 
affects the ability of IP owners to act against those infringing their legal 
rights, as well as endanger public safety by curtailing the ability of law 
enforcement agencies to investigate and act against illegal activities taking 
place in the Internet.

The WHOIS Task Force worked on a report that proposes changes to the current 
WHOIS system using as a benchmark the following definition recommended by the 
Generic Names Supporting Organization (GNSO): "the purpose of the gTLD Whois 
service is to provide information sufficient to contact a responsible party for 
a particular gTLD domain name who can resolve, or reliably pass on data to a 
party who can resolve, issues related to the configuration of the records 
associated with the domain name within a DNS nameserver."  

The Internet Corporation for Assigned Names and Numbers (ICANN) is now 
requesting public comments on the most recent GNSO WHOIS Task Force and Working 
Group (the Task Force) reports and recommendations.

The core of the changes proposed by the Task Force calls for the creation of a 
new type of contact or operational point of contact (OPOC) that should correct 
current confusion with regards to the current roles of the technical, billing 
and administrative contacts within a WHOIS query result. The recommendation 
would also limit the amount of public information related to individual 
registrants including the address and contact information to only display 
information related to the Domain Name Service (DNS) servers and dates 
regarding the creation and expiration of the domain. In turn, the only contact 
person would be the individual or entity in the OPOC who may not be the domain 
registrant. Further, in the event that a third party, including consumers, IP 
owners, law enforcement agencies, etc., wish to access additional information, 
they would have to show the OPOC that they have an actionable harm. The OPOC 
would then decide whether such harm warrants the release of the requested 
information. 

We agree that the creation of OPOC can serve to eliminate current confusion 
with regards to the roles and limitation of the various contact information 
obtained through a WHOIS query. However, other recommendations have been made 
which exceeds the role of the OPOC not only as a "universal" contact 
information, but also in allowing for the release to the general public of 
selected information related to the registrant, which OPOC in its current form 
would curtail.  Additionally, while some of the considerations for limiting the 
amount of information available through a WHOIS query relates to privacy issues 
and activities such as domain name renewal scams, data-mining, phishing, 
identity theft and others, these activities should be regulated via specific 
policies, but not by undermining the basic principle of information access 
which is intrinsic to the Internet.
 
Moreover, the proposal to limit access to currently available WHOIS query 
information will severely hamper the ability of consumers, law enforcements 
agencies and IP owners to gain critical information on domain name ownership 
and source, parties responsible for criminal activities, and infringers of 
legal rights. In essence, the basic principles of the DNS would be compromised. 

In addition, the burden to show "actionable harm" to obtain the release of 
critical information is also too high a standard to satisfy (even in courts).  
It also raises questions as to why would a lay person such as an OPOC will have 
the power to decide what constitutes actionable harm, which has proven to be a 
difficult task even for trained lawyers and judges. 

Therefore, all Internet users MUST have the right to access domain ownership 
information related to the Internet spaces that they are reading, chatting, 
trading with, etc.  This information is critical in a virtual world where 
individuals don't have the opportunity to have personal contact with the 
individual or entity with which they are dealing. The proposal as it stands 
would essentially eliminate the level of transparency of the Internet that the 
general public currently enjoys, and entails too high a price just to regulate 
specific acts and to correct certain confusions created by the current model.

The WHOIS query/response protocol is not perfect, yet has proven to be an 
invaluable service to those in need of protecting their rights, consumers to 
confirm sources, and agencies searching for help in a highly complex virtual 
world. Data privacy issues, illegal acts such as phishing, identity theft and 
others should be addressed through alternate specialized mechanisms, and the 
WHOIS query/response protocol is not the appropriate tool to do so. The WHOIS 
protocol was designed as a mechanism for third parties to access information 
and curtailing such access would essentially destroy the WHOIS basic purpose. 
Replacing the WHOIS information access protocol with a system where decisions 
have to be made as to what is actionable harm would create new and far worse 
complexities than those in the current WHOIS protocol.

In view of the foregoing, we urge the Committee to adopt Motion No. 2, to 
engage in a far more substantive analysis of the current WHOIS and to 
strengthen (not restricting) the system by requiring that registrars provide 
complete and accurate information, and for swift measures for those registrants 
that provide misleading or false information intended to deceive consumers, law 
enforcement agencies and limit the ability of IP owners to enforce their rights.

Respectfully Submitted,

Martin Michaus (President)
presidente@xxxxxxxxx
Fernando Triana (Second Vice President)
vicepresidente2@xxxxxxxxx

Juan Vanrell (Secretary)
Secretaria@xxxxxxxxx

Ricardo Fischer (Internet Committee)
fischer.ricardo@xxxxxxxxxxxx


















IRS Circular 230 disclosure:
To ensure compliance with requirements imposed by the IRS, we inform you that, 
unless expressly stated otherwise, any U.S. federal tax advice contained in 
this communication (including any attachments) is not intended or written to be 
used, and cannot be used, for the purpose of (i) avoiding penalties under the 
Internal Revenue Code or (ii) promoting, marketing or recommending to another 
party any transaction or matter addressed herein.