Comments on the IRT report regarding the URS and Thick WHOIS

[Patrick Vande Walle <patrick@xxxxxxxxxxxxxx>]

The URS system that is contemplated intends to suspend domain names by
changing their DNS records to point to the third party provider. The
provider would also host a web page explaining the domain is suspended.

While this may work for web-centric content, it is not going to work for
other services running on  one of the 65.534 other ports allowed by the
TCP/IP protocol.
What would happen to e-mail sent to the suspended domain ? This is a
privacy issue. We already had this issue with Sitefinder five years ago. 
What happens if the suspended domain hosts authoritative DNS servers for
legitimate domains ?
What about applications which rely on the failure of DNS queries to
adapt their behaviour ?

The only proper way to implement this at the DNS level is to return
NXDOMAIN for every query.The proposed web-centric approach is
technically unsound.

The use of E-mail for notifications is a problem in itself. We know that
more 95% of e-mails circulating on the Internet are spam. In my part of
the world, English is not the main language. The average user would
consider messages in English to be spam. How will you be able to
demonstrate that the notification you sent has been received, read and
understood ? How about people who never read their e-mail ?

A 14 day notification period is unrealistic for the average individual
domain name registrant. One would not dare taking a vacation anymore.

Whois

While I do not disagree on the concept of a thick whois, I draw your
attention to the numerous comments and warnings sent over the last 10
years to ICANN by the European Commission regarding the privacy of
personal data of individuals. The European legislation does not only
apply to registry operators located in the EU, but also to registries
located in other countries and processing data of EU citizens. In the
latter case, the country should demonstrate equivalent data protection
rules. If not, the registry is prohibited to do business with with EU
citizens. This would be a loss for the greater public, but also for
registries and registrars.

The Telnic model of WHOIS, that was agreed by ICANN, represents a
reasonable solution that respects both the right to privacy of
individuals and the legitimate concerns of those that have a genuine
need to access the full data.  ICANN having stated it wants a standard
contract with all new gTLDs, I suggest to implement the Telnic model of
WHOIS as a standard in all new contracts, regardless of where the
registry is located.

-- 
Patrick Vande Walle
ALAC member, speaking in a personal capacity