Re: [alac] DRAFT: Impact statement on WHOIS. COMMENT BEFORE TUESDAY.

[Thomas Roessler <roessler-mobile@xxxxxxxxxxxxxxxxxx>]

On 2003-02-16 17:25:20 +0100, Vittorio Bertola wrote:

> About the process through which accuracy complaints are handled by the
> registrars: there should be guarantees that sufficient effort is made
> by the registrar to contact the registrant prior to the domain being
> put on hold. IMHO this should at least include:

> - at least 1 telephone call to any phone number listed in registrant
> data and contact persons data, during business hours in the
> registrant's timezone;
> - at least 1 e-mail to any e-mail address listed in registrant and
> contact persons data;
> - at least 1 postal letter to the physical address (even if it seems
> unlikely to be true!) listed in the registrant contact.

The e-mail part of this is already in there.  The phone calls and
postal letters are something against which registrars will
vehemently be opposed, since it's not automatable, and causes cost
they may not be able to recover.  That's the translation for
"unimplementable" these days.

> Generally speaking: I think that we should try to make it more
> evident that privacy protection mechanisms are to be implemented
> asap in WHOIS. Each registrant or contact person should be free
> to hide partly or totally his identity and personal data to the
> general public, and in this case this information should be kept
> by the registrar and/or registry (according to the registry
> model) and not disclosed to anyone but official law enforcement
> agencies. This would automatically make people much more
> collaborative in providing true data, and is the only way through
> which accurate data can be ultimately obtained. And, by the way,
> this is required by law in Europe.

I don't want to disgress, but even privacy commissioners in Europe
have already accepted some kind of WHOIS service in the past.  For
instance, the current form of the .de WHOIS is the result of a
compromise between the relevant privacy commissioner and the
registry.

> I would even consider saying that no further steps should be
> taken towards "WHOIS accuracy" until a privacy protection scheme
> can be designed and deployed, but perhaps this could be a little
> too extreme.

I'll try to add more explicit language that the shift of balance
"concerns" us, etc.  However, I'll have to leave quite soon, so I
won't be able to do that before it's afternoon in Europe.

Regards,
-- 
Thomas Roessler                         <roessler@xxxxxxxxxxxxxxxxxx>