ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Board candidate response to Whois question - Registrants Charter(2)


on 8/9/01 11:23 PM, DannyYounger@cs.com at DannyYounger@cs.com wrote:
> 
> 13.  What is your position regarding the sale of Bulk WHOIS data?

This record may also be useful documentation with respect to an impact
statement that will be required to establish the current need for an
Individual Registrants Constituency.


----------
From: Joanna Lane <jo-uk@rcn.com>
Date: Mon, 21 May 2001 18:33:43 -0400
To: <ga-sys@dnso.org>
Subject: Re: [ga-sys] Registrants Charter - FREEDOMS - Part 2

ADVERSE EFFECTS ON INDIVIDUAL DOMAIN NAME REGISTRANTS OF:-

1. CURRENT REGISTRAR'S ACCREDITATION AGREEMENT
2. TUCOWS PROPOSAL FOR REGISTRANT PRIVACY PROTECTION
3. UNSPONSORED TLD AGREEMENTS AND NEW VERISIGN AGREEMENT
_________________________________________________________________

RELEVANCE OF THIS DOCUMENT TO THE GA

Danny Younger, Chair of the General Assembly of the DNSO (Domain Name
Supporting Organization) has noted,

"As the General Assembly is the only ICANN body that can currently represent
(to some degree) the interests of individuals, we have an obligation to make
sure that as an impacted party, individuals are well represented in ongoing
policy deliberations."

http://www.dnso.org/clubpublic/ga/Arc07/msg1077.html

____________________________________________________________________________

OUTREACH

This document is a SUMMARY of debate on the GA mailing list GA-Sys.

Comments received from members noted various difficulties and adverse
effects arising from lack of protection of personal data when individuals,
families and community organizations register Domain names. (see note 1).

Suggestions were offered for ways in which personal data may be protected
while complying with legal terms of Registrant agreements, (whichever of the
above may apply).(see note 2).

However, none of the options suggested would normally be available without a
cost implication for the Registrant, (see note 3.) neither without
compromising the technical stability of the Internet for the System
Administrator, (see note 4.)

While it was generally agreed that many difficulties relating to privacy
issues arise from ignorance of new Registrants as to possible alternatives
to disclosing personal data (see note 5), these are mainly available in the
US and no suggestions were received that provide both a satisfactory
solution on a global scale (see note 6) and comply with EU Privacy laws as
outlined in Part 1 of this document.

NOTE 1.
When the Registrant uses personal data as contact information, in effect,
he/she is:-

(i) Appointing him/herself as legal agent regarding service of process and
can only acquire a domain name on the basis of agreeing to UDRP. UDRP is a
legally binding process for the Registrant that exists to protect the rights
of trademark holders, but currently, there is no equivalent process to
protect the free speech and other rights of individuals, families and
community organizations in the registration and fair use of domain names on
the internet.
 
(ii) Publishing their personal data in a public directory, the WHOIS
database. Registries-Registrars are prevented from offering an unlisted,
personal domain name service, as could reasonably be expected of the
telecommunications industry with respect to unlisted, personal phone
numbers.

(iii) Relinquishing personal privacy and personal rights and protections to
obtain a domain name and being expected to do so in a manner that allows
millions of people to gain immediate access to potentially sensitive data.

(iv) The subject of a growing number of third party sales leads from the
sale of personal data to third party profiteers. Registrants are agreeing to
provide more than a technical contact for a DN without knowing how that data
may be used. Information is being collected by Registries-Registrars for
purposes other than billing, without information being provided to allow the
Registrant to make an informed decision.

NOTE 2.

1). "The registrar accreditation agreement does not say that you have to
supply "personal data" -- all you need to supply is the contact information
for a legal entity that is willing to assume responsibility for receiving
legal notice and passing it on to you.  This is actually an opportunity for
some enterprising registrar to add this kind of escrow of legal
responsibility as a value added service."

Kent Crispin: http://www.dnso.org/clubpublic/ga-sys/Arc00/msg00016.html

NOTE 3.
The individual is adversely affected by the cost of purchasing additional
services to protect privacy through the use of a PO Box, or by appointing a
third party agent for service of process.

Available options in the US include PO Boxes, which are widely available in
the US at a cost of about $45.00 per annum for a small box, but these would
not be available in all territories.

"Equally, MBE is a company called "Mail Boxes Etc", a private US competitor
to a Post Office branch office. In fact, many of them are PO branch offices,
by license. They are a general mail service with add-ons like; pre-sorting
and filtering, mail forwarding service, UPS and FedEx delivery point (USPS
will not accept FedEx and UPS parcels at a PO box, MBE will), Fax send/rcv,
etc. More importantly, an MBE address reads like a normal business address.
The sender does not know that they are sending to a PO box."

Roeland Meyer: http://www.dnso.org/clubpublic/ga-sys/Arc00/msg00033.html

Also, some Registrars may offer for profit escrow services. Registrars
should clarify what these may be for the benefit of the GA at this time.

NOTE 4.
For the system administrator, indirect contact information reduces
troubleshooting ability in the event of a network emergency such as denial
of service attack. 

"The fundamental problem is that there is no way to predict which SysAdmin,
in which domain, will need that data. In the case of DDoS (denial of
service) attacks, that information should really be fetched by automated
scripts. uuid/passwd protocols would make those scripts unusable. We are
talking about 10-20 cascaded lookups, with a number of different whois
servers, in under a second here."

Roeland Meyer: http://www.dnso.org/clubpublic/ga-sys/Arc00/msg00033.html

NOTE 5.

"Having the options and KNOWING about the options are two very different
things. My suggestion AGAIN is that Registrars or a third party be charged
with making sure every Registrant of a Domain Name knows their rights and
options regarding a domain name."

Chris McElroy: http://www.dnso.org/clubpublic/ga-sys/Arc00/msg00056.html

NOTE 6>

"We are talking about the *default* (which is likely to be used by the vast
majority). E.g. I note that voicemail systems are used *far* less frequently
in Germany (maybe also in the rest of Europe) than in the US, and that
relatively few private persons have a PO box."

Alexander Svensson:
http://www.dnso.org/clubpublic/ga-sys/Arc00/msg00035.html

__________________________________________________________________________

I will next compile input for WHOIS - conditions of use as PART 3.
__________________________________________________________________________


--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html




<<< Chronological Index >>>    <<< Thread Index >>>