Summary/analysis of public comments
Posted by general manager of public participation Kieren McCarthy, on behalf of Senior Policy Counselor, Liz Gasster. ---------------------------------------------------------------------------- -------------------- Summary of Public Suggestions on Further Studies of WHOIS Background On 31 October 2007, the Generic Names Supporting Organization (GNSO) Council concluded that a comprehensive, objective and quantifiable understanding of key factual issues regarding the gTLD WHOIS system will benefit future GNSO policy development efforts, and plans to ask ICANN staff to conduct several studies for this purpose. Before defining the details of these studies, the Council solicited suggestions from the community for specific topics of study on WHOIS that community stakeholders recommend be conducted. Public Comments Received 25 recommendations on WHOIS studies were received (note that each submission is referred to by number, correlating to the number assigned on the WHOIS public comments chronological index, http://forum.icann.org/lists/whois-comments-2008/, except the comment submitted by Steven Metalitz on 14 February, which is referred to in this summary and in the chronological index as the "Metalitz comment"). These can be summarized as follows: Four proposals (suggestions #1, #14, #15 and #21) suggest that ICANN study documented misuse of WHOIS data to determine the connection, if any, between WHOIS and illegal activities; one to study the extent to which WHOIS data is being misused to harass, abuse or stalk registrants; one to study the connection, if any, between the various means of access to WHOIS and illegal activity, and whether policies should be changed to address these problems. Seven proposals (suggestions # 2, #5, #13, #17, #18, #20 and the Metalitz comment) suggest that ICANN study various aspects of proxy and privacy services, including the availability of WHOIS privacy protection options; the connection, if any, between proxies and phishing; why users of proxy and privacy services use these services; the percentage of proxy registrations that resolve to commercial sites, and/or pay-per-click or advertising sites; the timeliness of proxy services in relaying communications to registrants and/or revealing the identity of the underlying registrant; the degree to which these services are effective in protecting personal privacy; and the prevalence of the use of proxies and their impact on Uniform Dispute Resolution (UDRP) proceedings in gTLDs. Two proposals (suggestions #3, #24) suggest that ICANN study certain aspects of compliance by registrars with applicable provisions of the Registrar Accreditation Agreement, including whether registrars include in their registration agreements WHOIS terms required by the RAA, to determine the extent to which registrars reveal registrant information when there is reasonable evidence of actionable harm. Three proposals (suggestions #6, #22 and #23) suggest that ICANN study various aspects of ccTLD registries with different WHOIS policies, one to determine the impact of more restrictive data display policies on crime and other abuse; one to study the extent to which ccTLD WHOIS policies reflect national data protection laws and policies; and one to perform a legal comparison of national data protection laws. One proposal (suggestion #16) suggests that ICANN study the extent to which registrants have consented to the disclosure of personal information under various national data protection laws, to determine whether additional measures are needed to bring WHOIS into conformance with national privacy laws. One proposal (suggestion #19) suggests that ICANN study certain characteristics of registrants, such as how many are legal persons, natural persons or registrants using proxies. Two proposals (suggestions #8 and #11) suggest that ICANN study certain questions of WHOIS data accuracy. Proposal #8 suggests that ICANN study the participation of certain registrars in spam abuse by tolerating falsified WHOIS records, as demonstrated by failure to take action on WHOIS data problem reports, to determine whether there are chronic violators that should have their accreditation revoked. Proposal #11 suggests that ICANN study the implications for data accuracy when IDN TLDs are used in WHOIS records. One proposal (suggestion #12) suggests that ICANN study how the private information of individuals might be secured while allowing law enforcement entities proportional access for law enforcement purposes. One comment (suggestion #10) suggests that there is ample information already available, and that further study will not inform the debate on WHOIS policy. Thus, this commenter recommends that ICANN not conduct any further studies on WHOIS. Three proposals (suggestions #4, #7 and #9) appear out of scope. These include a suggestion to study transport layer security for WHOIS database lookups, a suggestion to study the theft of domain names by unscrupulous providers, and a suggestion to survey webmasters to determine whether they have observed the largest registrars locking domains following a domain name search. Next steps The GNSO Council will be considering the public input received on further WHOIS studies, and at an upcoming meeting will direct staff to develop costs and estimated time frames for the study proposals they would like pursued. Following that input, the Council will identify the specific studies, if any, that should be conducted.