<<<
Chronological Index
>>> <<<
Thread Index
>>>
[council] Fw: [nc-whois] WHOIS policy primer
Title:
FYI
very well organized..
best wishes
ken stubbs
----- Original Message -----
Sent: Tuesday, August 27, 2002 2:01 PM
Subject: [nc-whois] WHOIS policy primer
http://log.does-not-exist.org/archive-0208.html#02082719481030470514
Here's a first fragment of a draft for a [1]WHOIS policy primer.
This one's a walk-through of the registrar accreditation
agreements (actually, there are two of these, with
small differences), which is hopefully at least a
bit more understandable than the agreements themselves.
Missing bits: A review of the .name appendix to the RAA
(which is currently missing from the ICANN web site),
which may contain changes to query-based access, and an
overview of registries' WHOIS provisions. In any event,
the most important policies (at least from a privacy
point of view...) are contained in the RAA: Even the
thick registries basically make the same query-based access
available as registrars (with [2].name as an exception),
with the same non-restrictions on use of the data, and,
possibly, advanced query possibilities. Bulk access to
thick registries' whois data is more limited than with
registrars. So I hope that this is useful even in its
current incomplete state. I'll add more when I find the
time. That means, in particular, not this
week.
References
1.
http://does-not-exist.org/whois-primer.html 2.
http://www.icann.org/tlds/agreements/name/registry-agmt-appo-29jun01.htm
--
Thomas
Roessler
<roessler@does-not-exist.org>
Access to Registrars' DataThomas
Roessler <roessler@does-not-exist.org> August 21,
2002
Access to registrars' data about domain name registrations is controlled by
the Registrar Accreditation Agreement (RAA). This agreement is available in two
versions from November
1999 (applicable to registrars accredited only for .com, .net, .org), and
from May
2001 (applicable to registrars in .biz, .info, .name, and to electing
registrars in .com, .net, .org). The rules on public access to these data can be
found in section 3.3 (II.F) of
the respective agreements.
Query-based Access
Availability of DataSection 3.3.1
(II.F.1)
of the RAA obligates registrars to provide, at their own expense, and to the
public, web-based and port
43 query access to up-to-date (i.e.,
updated at least daily) data concerning all active Registered Names sponsored by
Registrar for each TLD in which it is accredited.
Data elements
The agreement contains a provision which allows appendices for
specific TLDs to modify this list of requirements; no of the existing
TLD-specific appendices make any use of that provision.
Use of WHOIS dataSection 3.3.5
(II.F.5)
of the RAA determines the possible use of the data made available through
query-based whois. This is expressed in terms of restrictions registrars
may (or rather, may not) impose on data recipients. Registrars may impose
no restrictions besides those explicitly
listed in the accreditation agreement or determined by an ICANN policy; until
today, no such policy exists. WHOIS data obtained by query-based WHOIS access
may be used for any lawful purpose, with
two exceptions:
- Spamming. The 1999 RAA explicitly forbids use of WHOIS data for
e-mail spam in this section, while the 2001 agreement also mentions telephone
or facsimile advertising. Also, the 2001 agreement permits use of data
for such solicitations to data recipient's own customers.
- Automated high-volume processes which affect registry or registrar
systems. The 1999 agreement only talks about Registrar (or its systems); this is
generalized in the 2001 agreement.
Cross-registrar WHOIS / centralized databaseSection 3.3.4
(II.F.4)
of the RAA contains an obligation to registrars to cooperate in the
establishment of a distributed, cross-registrar query-based WHOIS. Alternatively
- if the Whois service implemented by
registrars does not in a reasonable time provide reasonably robust, reliable,
and convenient access to accurate and up-to-date data - it is the
registrar's obligation to supply data from its database to facilitate the development of a centralized Whois
database for the purpose of providing comprehensive Registrar Whois search
capability.
Bulk Access
Availability of Data
Section 3.3.6
(II.F.6)
imposes the additional obligation on registrars to make the same data subject to
query-based access available in bulk. Bulk data are made accessible for download
at least once per week (3.3.6.1;
II.F.6.a),
for an annual fee of at most USD 10,000 (3.3.6.2;
II.F.6.b).
Use of Bulk DataParagraphs 3.3.6.3-3.3.6.5
(II.F.6.c-II.F.6.e)
of the RAA describe the contents of registrars' access agreements. There
are both conditions the registrar shall
impose on data users, and conditions the registrar may impose on data users. This implies
that registrars may not impose any other conditions on the use of bulk WHOIS
data. The effectiveness of these provisions is, however, limited by section
3.3.7
(II.F.7)
of the RAA until the earlier of either establishment of a new ICANN policy on
bulk access to WHOIS data, or demonstration, to
the satisfaction of the United States Department of Commerce, that no individual
or entity is able to exercise market power with respect to registrations or with
respect to registration data used for development of value-added products and
services by third parties.
The possible provisions of registrars'
bulk access agreements are these:
- Data may not be used for spamming. Paragraph 3.3.6.3
of the 2001 RAA includes e-mail, telephone and telefax, and has an exception
for existing customers of the data recipient, while section II.F.6.c
of the 1999 RAA is limited to e-mail; note the analogy to the restrictions on
the use of WHOIS data obtained through the query-based access.This provision
is mandatory (shall require) and not
at the registrar's discretion.
- Data may not be used for high-volume processes which affect registry or
registrar systems. This is an optional provision (may require) in section II.F.6.d
of the 1999 RAA, and a mandatory provision (shall require) in section 3.3.6.4
of the 2001 RAA. Note that the 1999 RAA's language is restricted to Registrar (or its systems), analogously to
the provisions concerning the use of WHOIS data obtained from the query-based
access, while the 2001 language is generalized.
- Registrars may forbid the further
sale and distribution of bulk WHOIS data by data recipients. Registrars may not forbid that data recipients use
(sell, distribute) the data as part of value-added services and products.
However, registrars may demand
that these products and services do not permit the extraction of a substantial portion of the bulk data.
(3.3.6.5,
II.F.6.e)
Opt-out ProvisionSection 3.3.6.6
(II.F.6.f)
of the RAA provides that registrars may
establish an opt-out policy; note that this is not mandatory. This opt-out
policy - if established - is limited to individual domain name holders, and it
only covers bulk acess for marketing purposes
(except spamming, which is forbidden anyway - see above). The
opt-out cannot be limited to third parties' marketing use of registration data:
If registrants opt out of marketing use, Registrar may not use such data subject to opt-out
for marketing purposes in its own value-added product or service. It
should be noted that this provision is stated as an explicit allowance to
registrars. This implies that registrars may not establish any other policies with
respect to the availability of WHOIS data. WHOIS data provided for bulk
access (and supposed to be used for any non-marketing purpose) must be complete.
Information for RegistrantsSection 3.7.7.4
(II.J.7.b)
contains registrars' obligation to inform registrants about the purposes and
intended recipients (or categories of recipients) of any personal data collected
from the registrant. Personal data are defined, in section 1.6 (I.G) of
the agreement, as data about any identified or
identifiable natural person.
Title:
Access to Registrars' Data
Thomas Roessler <roessler@does-not-exist.org>
August 21, 2002
Access to registrars' data about domain name registrations is controlled
by the Registrar Accreditation Agreement (RAA). This agreement is available
in two versions from November
1999 (applicable to registrars accredited only for .com, .net, .org),
and from May 2001
(applicable to registrars in .biz, .info, .name, and to electing registrars
in .com, .net, .org). The rules on public access to these data can be found
in section 3.3
(II.F)
of the respective agreements.
Query-based Access
Availability of Data
Section 3.3.1
(II.F.1)
of the RAA obligates registrars to provide, at their own expense, and to the
public, web-based and port 43 query access
to up-to-date (i.e., updated at
least daily) data concerning all active Registered Names sponsored
by Registrar for each TLD in which it is accredited.
Data elements
The agreement contains a provision which allows appendices for specific
TLDs to modify this list of requirements; no of the existing TLD-specific
appendices make any use of that provision.
Use of WHOIS data
Section 3.3.5
(II.F.5)
of the RAA determines the possible use of the data made available through
query-based whois. This is expressed in terms of restrictions registrars
may (or rather, may not) impose on data recipients.
Registrars may impose no restrictions
besides those explicitly listed in the accreditation agreement or determined
by an ICANN policy; until today, no such policy exists.
WHOIS data obtained by query-based WHOIS access may be used for any lawful purpose, with two exceptions:
- Spamming. The 1999 RAA explicitly forbids use of WHOIS data for
e-mail spam in this section, while the 2001 agreement also mentions telephone
or facsimile advertising. Also, the 2001 agreement permits use of data
for such solicitations to data recipient's own customers.
- Automated high-volume processes which affect registry or registrar
systems. The 1999 agreement only talks about Registrar (or its systems); this is generalized
in the 2001 agreement.
Cross-registrar WHOIS / centralized database
Section 3.3.4
(II.F.4)
of the RAA contains an obligation to registrars to cooperate in the establishment
of a distributed, cross-registrar query-based WHOIS. Alternatively - if the Whois service implemented by
registrars does not in a reasonable time provide reasonably robust, reliable,
and convenient access to accurate and up-to-date data - it
is the registrar's obligation to supply data from its database to facilitate the development of a centralized
Whois database for the purpose of providing comprehensive Registrar Whois
search capability.
Bulk Access
Availability of Data
Section 3.3.6
(II.F.6)
imposes the additional obligation on registrars to make the same data subject
to query-based access available in bulk. Bulk data are made accessible for
download at least once per week (3.3.6.1;
II.F.6.a),
for an annual fee of at most USD 10,000 (3.3.6.2;
II.F.6.b).
Use of Bulk Data
Paragraphs 3.3.6.3-3.3.6.5
(II.F.6.c-II.F.6.e)
of the RAA describe the contents of registrars' access agreements. There
are both conditions the registrar shall
impose on data users, and conditions the registrar may impose on data users. This implies
that registrars may not impose any other conditions on the use of bulk WHOIS
data.
The effectiveness of these provisions is, however, limited by section 3.3.7
(II.F.7)
of the RAA until the earlier of either establishment of a new ICANN policy
on bulk access to WHOIS data, or demonstration,
to the satisfaction of the United States Department of Commerce, that no
individual or entity is able to exercise market power with respect to registrations
or with respect to registration data used for development of value-added
products and services by third parties.
The possible provisions of registrars' bulk access agreements are these:
- Data may not be used for spamming. Paragraph 3.3.6.3
of the 2001 RAA includes e-mail, telephone and telefax, and has an exception
for existing customers of the data recipient, while section II.F.6.c
of the 1999 RAA is limited to e-mail; note the analogy to the restrictions
on the use of WHOIS data obtained through the query-based access.This provision
is mandatory (shall require) and
not at the registrar's discretion.
- Data may not be used for high-volume processes which affect registry
or registrar systems. This is an optional provision (may require) in section II.F.6.d
of the 1999 RAA, and a mandatory provision (shall require) in section 3.3.6.4
of the 2001 RAA. Note that the 1999 RAA's language is restricted to Registrar (or its systems), analogously
to the provisions concerning the use of WHOIS data obtained from the query-based
access, while the 2001 language is generalized.
- Registrars may forbid the
further sale and distribution of bulk WHOIS data by data recipients. Registrars
may not forbid that data recipients
use (sell, distribute) the data as part of value-added services and products.
However, registrars may demand
that these products and services do not permit the extraction of a substantial portion of the bulk data.
(3.3.6.5,
II.F.6.e)
Opt-out Provision
Section 3.3.6.6
(II.F.6.f)
of the RAA provides that registrars may
establish an opt-out policy; note that this is not mandatory. This opt-out
policy - if established - is limited to individual domain name holders, and
it only covers bulk acess for marketing
purposes (except spamming, which is forbidden anyway - see above).
The opt-out cannot be limited to third parties' marketing use of registration
data: If registrants opt out of marketing use, Registrar may not use such data subject
to opt-out for marketing purposes in its own value-added product
or service.
It should be noted that this provision is stated as an explicit allowance
to registrars. This implies that registrars may not establish any other policies with
respect to the availability of WHOIS data. WHOIS data provided for
bulk access (and supposed to be used for any non-marketing purpose) must be complete.
Information for Registrants
Section 3.7.7.4
(II.J.7.b)
contains registrars' obligation to inform registrants about the purposes and
intended recipients (or categories of recipients) of any personal data collected
from the registrant. Personal data are defined, in section 1.6
(I.G)
of the agreement, as data about any identified
or identifiable natural person.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|