ICANN ICANN Email List Archives

[At-Large Advisory Committee]

<<< Chronological Index >>>    <<< Thread Index >>>

Re: [alac] Various

  • To: alac@xxxxxxxxx
  • Subject: Re: [alac] Various
  • From: Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>
  • Date: Thu, 19 Jun 2003 14:12:40 +0200

On 2003-06-19 00:45:38 -0300, Sebastian Ricciardi wrote:

> Anyway, can somebody here explain me why is WHOIS service so
> critical for the "health" of the Internet ?

Whether it is critical is something on which intelligent people
might differ.

I'm certainly *not* convinced that it's *critical* myself, but I see
a lot of political weight behind the demand to keep it in some form,
and I can see some arguments why it might be good to give some
classes of data users access to registrant identity data, in some
way.  (Law enforcement, e.g.)

Others go further and argue in favor of truly anonymous

> 1./ Is WHOIS a critical service? Why?

IMHO, no.

> 2./ Does it need to be public?


> 3./ There might be a thousand technical ways to limit port 43
> access. Why is this still an issue ?

Because port 43 is in the RAA, so turning it off requires a
consensus policy or a change of contract.  Also, Port 43 is used by
any tools which provide "unified portals" to whois.

> 4./ Are we agree on the principle that user privacy should be
> protected? 

Yes, as far as I'm concerned.

> What are the limits of the privacy rights of the individual user?

That's the critical question...

> 5./ Wouldn't be better if the registrar keep the information (at
> least a part of it, i.e. e-mail address and telephone number)
> safe and bring it to an interested party in a need to know basis?

That's what tiered access is all about...

I'm attaching some bullet points which we might use when asked to
speak about WHOIS on the record in Montreal.  Comments?

Thomas Roessler                       <roessler (at) does-not-exist.org>
                       Notes on GNSO Consensus Policies

     * ALAC has submitted comments to GNSO Council (February 2003)
     * Accuracy
          + WHOIS Reminder Policy: Opportunity for good-faith registrants
            to verify data accuracy.
          + Concern:  Any  enforcement  of  data  accuracy  shifts actual
            balance  in  favor  of  data availability. Address by finding
            properly  balanced  policy  in the future (which policy could
            include making "accuracy" optional).
     * Bulk Access
          + No marketing uses.
          + No resale of bulk data.
          + Support these changes.


                              Future Policy Work

     * Don't have the magic bullet, either.
     * Concerns and some ideas, not formal position.
     * Building on public record of previous discussions.
          + DNSO WHOIS Survey.
          + Public comments received by WHOIS Task Force.
          + Don't just start from current state of affairs.
     * Soliciting input on ALAC web site.
     * Participating in GNSO policy work.
     * Discuss with private and public sector.
     * Discuss with users and suppliers.


                           Some Concerns: e.g., ...

     * Where  registrants  have privacy expectations backed by applicable
       law, these expectations (and applicable law) must be respected.
     * Availability  of  personal  data to anyone for any purpose invites
       abuse  and  even criminal activities. There's more to privacy than
       just spam.
     * Anonymity  and  privacy  foster  free  speech.  Obligatory speaker
       identification chills it.
     * How to balance concerns against legitimate data user interests?


                             Some Ideas: e.g., ...

     * Look closely at data collection and uses:
          + Are   they  actually  important  for  the  operation  of  the
          + Are  they best served by the current mandatory WHOIS system -
            or  would  a  system be more appropriate in which registrants
            themselves determine what's published and where?
     * Tiered  access  to  WHOIS:  Some  data  public,  some  private  or
          + Differentiate  by  registrant?  (Or  just  give  registrant a
            choice instead?)
          + Differentiate by data user and purpose?
          + Could  reliable  identification of data user + audit trail be
            enough  to  grant  privileged  access? To any identified data
          + Audit trail available to registrant? To public? When?


                        Future Policy Work - Next Step

     See you at the WHOIS Workshop!

<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy