<<<
Chronological Index
>>> <<<
Thread Index
>>>
Comment of The Walt Disney Company on Whois Task Force Preliminary Report
- To: <whois-services-comments@xxxxxxxxx>
- Subject: Comment of The Walt Disney Company on Whois Task Force Preliminary Report
- From: "Dow, Troy" <Troy.Dow@xxxxxxxxxx>
- Date: Mon, 15 Jan 2007 17:17:50 -0500
These comments are submitted on behalf of The Walt Disney Company
(Disney) in response to the request for comments on the Preliminary
report of the Whois Task Force
(http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm).
For more than 80 years, Disney has been committed to serving consumers
with unparalleled entertainment experiences. Today, Disney is a market
leader in each of the markets we serve, including Studio Entertainment,
Parks and Resorts, Consumer Products, and Media Networks. Each of our
businesses in these areas has a robust and constantly-growing online
presence and owns numerous domain names in the generic Top Level Domains
(gTLDs).
Disney makes frequent use of Whois data regarding gTLD domain name
registrations, for a variety of purposes. We rely upon this data in our
efforts to protect some of the world's best-known and valuable brands
against a range of illegal behavior, including cybersquatting, online
distribution of counterfeit products, and piracy of copyrighted Disney
audiovisual materials. Timely access to reliable Whois data is also
critical to addressing online fraud involving Disney products, services
or destinations. In all these instances, Whois data is the first stop
in identifying and locating those engaged in online misconduct. It
enables us to resolve many of these issues quickly and efficiently,
often without the need for litigation. Whois data is also essential to
us in investigating and preparing those cases that ultimately lead to
criminal prosecution. This data is used in many other ways as well,
including the management of our own domain name portfolio, and in due
diligence activities on the occasions when our company makes
acquisitions that involve a significant portfolio of domain names.
The ready availability of Whois data to the public facilitates all these
important activities. These activities benefit not only The Walt Disney
Company, but also our customers who rely on the Disney brand as an
indication of quality products and services. To the extent that contact
data on gTLD domain name registrants becomes unavailable, carrying out
these activities will become more difficult, more expensive, or simply
impossible. As a result, not only would it become more difficult for
companies like ours to police fraud, counterfeiting, theft and other
abuses related to our products and services (and become easier for bad
actors to engage in such illicit conduct), the trust and accountability
that is so important to support robust online commerce would be
significantly diminished.
Disney opposes the OPOC proposal (Appendix A) in its current form
because it would make inaccessible the majority of contact data now
available, without regard to any privacy justification for doing so.
While we believe the current Whois system has served the Internet well,
between the two proposals set forward in the Task Force's Preliminary
Report we are more favorably inclined toward the special circumstances
proposal (Appendix B). We believe the special circumstances proposal to
be preferable both because it would withdraw much less data from public
access, and because it would do so on a targeted and objective basis to
protect the privacy of individual registrants.
Under Appendix A, only the name and country (and state/province) of the
domain name registrant would be available through Whois, with all other
contact data eliminated in favor of those of an "operational Point of
Contact" or OPOC. It might be true that in some cases this entity would
facilitate our contacting the registrant to resolve the issue that gave
rise to the Whois request. However, it might as easily be true that
such a change would actually impede our ability to make such contact.
In its current form, the OPOC proposal provides very little assurance
that the OPOC would communicate these requests to the registrant in a
timely fashion, or at all. In fact, to the extent that an OPOC chooses
to treat our use of Whois as not involving "operational issues relating
to a domain name," a phrase that is left mostly undefined, the OPOC
would have no responsibility to "pass on data to resolve" them. Even
when an issue clearly falls within the OPOC's purview, the proposal
contains no performance standards for the OPOC, no method for enforcing
any such standards, and no penalty for failure to comply with such
standards. Current experience with the variable nature of and general
lack of responsiveness to requests to correct inaccurate Whois data
yields little confidence that there would be any meaningful compliance
with OPOC standards or responsibilities with regard to Whois requests.
Finally, in many cases involving criminal activity, fraud, infringement
or counterfeiting, it is essential to contact the registrant as soon as
possible to stop the misbehavior in question. Failure to identify the
registrant for even a matter of hours can result in thousands of
otherwise preventable acts of infringement or other illicit behavior It
seems almost certain that at a minimum under the OPOC proposal, in most
cases, such contact will take longer than it does today given that it
must be routed through a third party.
In sum it is hard to see that the OPOC proposal offers any advantage
over the status quo in terms of facilitating all the beneficial uses
that are made today of Whois data. It does provide a step forward in
one area, by clarifying what registrars must do in response to reports
of inaccurate Whois data. It is quite evident that the current Whois
Data Problem Reporting System is not working, and the modifications
proposed in Appendix A would be an improvement over the status quo.
However, more proactive steps are needed before the quality and
reliability of Whois data can be improved overall. Steps such as
requirements to verify contact data submitted by registrants, at least
on a spot-check basis, have been proposed by Whois Task Forces in the
past, but never acted upon. ICANN should revisit these ideas.
From Disney's perspective, the "special circumstances" proposal in
Appendix B has more to recommend it. It would withdraw some Whois data
from public access, but only after an objective determination that an
individual registrant needs this treatment to protect a concrete
personal security interest. The decision to withhold some Whois data
because of the presence of "special circumstances" would be made by an
independent third party and would be reviewed on an annual basis. A
similar system has been in place for some years in the .NL country code
TLD. There are some unresolved issues in the "special circumstances"
proposal but Disney encourages ICANN to explore this option further.
Clearly, it would provide some benefits to the privacy of individual
domain name registrants, while imposing reduced burdens on Whois
requesters by comparison to the OPOC proposal.
Since either proposal would withdraw some Whois data from public access,
it is essential to put in place a fast, reliable, and predictable
mechanism by which this hidden data will be made available to parties
with a legitimate need for it. The preliminary report sketches out
several mechanisms that could be used, but none of them is fully
formulated. The first option would essentially leave it up to the
registrar to decide whether to reveal the data, "subject to best
practices." While the development of best practices could be a positive
step, Disney strongly believes that its access to this data for the
purposes listed above should not depend solely on a registrar's
unilateral decision. Our experience in dealing with registrars who
operate private or proxy registration services underscores this belief.
In general, the practices of such providers in dealing with requests for
Whois information are divergent at best and nonresponsive in too many
cases. The preliminary report contains a statement from a registrar
representative that "in a typical case, after the request has been
deemed to have been made in good faith, the information is disclosed to
the requester." Regardless of whether this is an accurate depiction of
the practices of the registrar in question, this statement does not
accord with our overall experience in attempting to learn the contact
data of a registrant in a private registration program, even when we
have concrete evidence of actionable harm resulting from the
registration or use of the name in question.
Developing a workable and efficient mechanism for providing access to
this data in the future will not be an easy task. It will impose costs
and burdens on all participants and may provide only marginal additional
protection for personal privacy. It is worth remembering that we have a
workable and efficient access mechanism in place today, the same one
that has been in place since the inception of the domain name system:
free public access to Whois data. Individuals for whom privacy is a
dominant concern have many other available means for establishing a
robust online presence without registering a generic top level domain at
the second level, which is the step that brings their contact data into
the Whois service.
Disney believes that the current system has worked in the best interests
of Internet users. It has helped to provide the environment of online
accountability and reliability that attracts people to the Internet as a
mode of communications, commercial transactions, or other forms of
interaction. We urge ICANN to exercise caution in deviating from this
long-standing system. If public access to Whois data is to be
curtailed, that should occur in as limited and targeted a way as
possible, and in a manner that seeks to conserve, to the greatest extent
possible, the manifold benefits of the system we have today.
Respectfully Submitted
Troy Dow
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|