[alac] GNSO report from Rome

[Thomas Roessler <roessler@xxxxxxxxxxxxxxxxxx>]

On 2004-03-05 12:36:01 +0100, Vittorio Bertola wrote:

> 3. Every liaison, task force member etc. is to send a report to
> the mailing list at the end of each month.

Here's my report from Wednesday's and Thursday's GNSO sessions,
coming to you directly from MUC airprt.

1. New registry services PDP.  That PDP had, for quite some time,
suffered from the ack of a constituency statement from the new gTLD
registries' constituency; the situation had started to becomee
interesting when .biz had submitted a complete process proposal to
the GNSO.  At the beginning of the workshop on Wednesday, the
registry constituency was essentially meeting in the back of the
room, and published a constituency statement about ten minutes into
the meeting.  The rest of the 90 minute workshop were,
unfortunately, spent on discussing whether the flow chart on which
the council is now working should contain the decision point where
the registry decides whether or not to submit a proposal to ICANN.
Of course, this decision is *always* made by the registry, so the
discussion was essentially futile.

There was a second meeting of the council on new registry services
on Thursday morning; during that session, a basic flow-chart for the
process was agreed on, and the council started collecting criteria
for the various decision points.  The flow chart is some mixture of
the processes proposed by .biz and by the Intellectual Property
Constituency (IPC had produced an extremely thorough submission; one
of the basic elements there was to have a brief public comment
period after *every* report published or decision made by ICANN staff.

The council still has quite a bit of terrain to cover, in particular
when it comes to registries' desires for making as much of the
process as possible confidential.  With regard to actual criteria
that are to be used at the various decision points, the council now
has a long list of possible criteria (the result of a brainstorming
session), but has not yet vetted these criteria thoroughly.  The
list includes all the underlying points of our submission.

Minutes of this meeting will probably become available within the
next one or two weeks; I understand that they will also contain a
copy of the flow chart that was agreed at the meeting.

2. WHOIS #1, modes of access.  The workshop on Wednesday was
relatively productive.  I threw in the idea of having something like
two tiers of access to WHOIS data, one tier completely anonymous
(with, presumably, just some uncritical technical data), and one
tier authenticated (through, say, an SSL cient certificate from a
well-known certification authority).  That idea is also presented in
a one-page paper that is currently discussed in the registrars'
constituency; given this and the fact that Papapavlou had given the
registrars a good lecture on European privacy regulations, it's
maybe not surprising that several registrars supported the idea at
the workshop.  I argued against the notion that special access
should be granted to certain groups: Instead of granting access just
to, say, IP lawyers, acceess must be granted for specific purposes,
or -- since that will practically be quite a challenge -- to any
party that fulfills some conditions which permit a reasonabe
assumption that the purpose of access is indeed acceptable.

Authenticated access would also enable registrars to inform
registrants about who is accessing their data.

Other discussion was about using inverse Turing tests to protect
web-based access to WHOIS databases; these tests have the goal to
provide some heuristic on whether or not the database is being
accessed by a human being or by an automated process.  They
typically involve displaying a not very well readable character
string (that's supposed to be unreadable for automated character
recognition tools), that must then be entered into a web form.  I
explained how this kind of service is being broken elsewhere, and
strongly suggested not to go down the path of having a policy that
encourages or even mandates this kind of test.  After the meeting, I
was approached by the operator of a large public database who
reported that they have been using these kinds of tests for four
years, but that the tests have regularly been broken.  I will be in
touch with them in order to get their experiences added to the
record of TF #1.

WHOIS TF #1 also asked for more input in response to its
questionnaire.

3. WHOIS #2, data elements.  Discussion here was mostly covering
well-known arguments about why certain parties believe they need any
data element they can get, and why other parties believe that this
is inappropriate.

TF #2 is seeking more input in response to its questionnaire.

4. WHOIS #3, accuracy.  Vittorio was on the panel at this workshop;
I'll leave it to him to report on this.

5. GNSO Council open session.  The open session of the GNSO council
on Wednesday afternoon mostly covered administrative ground; there
were no significant policy discussions at this meeting, as far as I
recall.

Regards,
-- 
Thomas Roessler  <roessler@xxxxxxxxxxxxxxxxxx>
At-Large Advisory Committee: http://alac.info/