ICANN/DNSO
DNSO Mailling lists archives

[nc-whois]


<<< Chronological Index >>>    <<< Thread Index >>>

[nc-whois] Getting back to work and assignments for Tuesday

  • To: "Antonio Harris" <harris@cabase.org.ar>, "NC-WHOIS (E-mail)" <nc-whois@dnso.org>
  • Subject: [nc-whois] Getting back to work and assignments for Tuesday
  • From: "Cade,Marilyn S - LGCRP" <mcade@att.com>
  • Date: Sat, 22 Feb 2003 14:35:47 -0500
  • Cc: "Anne Rachel Inne (E-mail)" <inne@icann.org>, "Bruce Tonkin (E-mail)" <bruce.tonkin@melbourneit.com.au>
  • Sender: owner-nc-whois@dnso.org
  • Thread-Index: AcLZ0RMmoCIXQ0EySBu8VypB2bhbeQARYrnQ
  • Thread-Topic: [nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report

First, I support my co-chair's comments reminding us that we need to return to our usual collaborative approach to dealing with tough topics: THIS TF is KNOWN for its hard work! LONG hours, and LONG and FREQUENT conference calls.  Obviously, we'll be returning to that to get work done for the Rio meeting. And to ensure that we present a professional product in all the areas we have accepted responsibilty for. 
 
Issues Reports are new to the Council, and we have few models. We will be doing three.  All three are important.
So, let's make further discussions on this, or other related topics about the work we have before us.
 
How we are proceeding on Issues Reports:
I. Consistency/uniformity of data elements/searchability:
Kristy and Ram held a conf. call this week to move along on assignments. They have done a great job of trying to broadly include other interested TF members. Tony and Marilyn were on the call this week and suggested that they ask ICANN staff for a particular clarification. Kristy/Ram, let us know if you need any help on moving that item forward.  Some TF members who have indicated concerns about the topics have not actively participated nor made contributions to the work to date. Time is running out on this. On this week's Tuesday call, we'll make some decisions about what is feasible to wait for.
 
II. Further recommendations on Accuracy and marketing uses of data:
Steve can't be on Tuesday's call. Tony and Marilyn to follow up with him separately on when he will have a draft.
 
III. Privacy Issues Report:
 Several individual members of the TF have re-stated their interest and commitment to participating in the development of the Issue Report on Privacy. Tony and I are re-confirming that the work on this Issues Report is being conducted as a TF and that Tony and Marilyn will co-chair.  Several assignments are made below, or reconfirmed from previous agreements and assignments. * indicates a previous assignment which is simply restated for the record.
 
 
*Reconfirmation from previous assignment: Ruchika had agreed to undertake gathering questions from the TF and previous submissions.
Ruchika: can you turn your separate submission as a minority report into a document which is separately usable in the Issues Report by Tuesday or Wednesday? At a minimum, it should include your minority report but in a format which can be an insertion into this Issues report -- it should include the links to the previous comments made related to privacy and to access. This would need to include those comments where people comment on the importance of access to the data for consumer protection concerns as well, or law enforcement concerns and should include a succinct summary of each contribution --a few sentences  is the usual format we 've followed, so that there is a good historical summary of the contributions. 
 
We understand that you have a strong concern and interest in this particular area,  and that is why we asked you to undertake this. 
 
 
An outline for how we propose to proceed in the development of input to the Issues Report:
 
-All members of the TF will participate in the Privacy Issues Report's development.
-Tony and Marilyn will co-chair these sessions. Two, possibly three sessions will be held.
-Assignments will be made by the co-chairs for additional work to various members of the TF so that we can meet our commitment to the Council. Again, other assignments have already been made and they are simply restated with an *.
-Tuesday's call will be an important part of meeting our commitment and we need as many of you as possible on the call.
 
Next Tuesday's agenda:
 
*Ram is still working on a briefing with a member of the IESG so we will hope to have a 30 minute dialogue to launch the meeting. TENTATIVE.
 
The rest of the agenda is as follows:
 
*-5-7 minute report  -Ram/Kristy on Issues Report
*-Steve: can you give us a short email update, since you cannot attend in person?
-development of Issues/Questions/Views/Supporting reports/documents:
 
WHITE BOARDING/Brainstorming session on issues/questions/views
    We will follow the typical neutral and professional rules for "brainstorming"/white boarding. All that means is that we will ask each individual to provide a short input for capturing for the record on the views, perspectives, concerns, issues and interests of ALL users of WHOIS to our best ability.     We'll give 5 minutes to EACH TF member [please see the "rules" below for what to focus on in your time slot.   No questions/no challenges during brainstorming.
 
NOTE: We have invited two members to make short presentations before we start brainstorming.
- We have asked Becky Burr to provide a specific 10 minute briefing on how .name is operating. We
- Ram: is there something unique to .info that would make a similar useful briefing?
   
After those presentations, we will start the brainstorming. We'll work through each of the constituencies/groups.
 
We strongly suggest that all TF members think through how they present their input so they can fit in the time slots.
 
We realize that 5 minutes seems short, but let' s give this some thought: IF you are a witness before either the US Congress or most European Parliaments, OR the Commission in public forums, opening comments are from 3-5 minutes, with a sharp cut off. :-)  And we are all familiar with the time limits at the mike on Public Forum day in the ICANN meetings. We can do this, IF we each organize our input succinctly.
 
 Let's try to make this work.
 
WHAT WE ARE DOING IN THE BRAINSTORMING: Our goal is to advance understanding, to remember that we are trying to understand the views of ALL users of WHOIS, not just our own perspective,  and to, identify further resources for consultation and identify any views we haven't heard to date.
 
Rules for Brainstorming:
 
Each TF member has a "segment" of dedicated time to present
Please, in your brainstorming, try to
1) identify problems, issues or questions related to privacy in WHOIS which are specific to your constituency which should be addressed, or answered?
2) identify concerns of others [not your constituency] which you are familiar with [try to be specific is possible/generalizations and speculations are of limited contribution]
3) suggest groups or organizations who have documents or surveys, or studies which are related to WHOIS privacy -- meaning they are ABOUT WHOIS privacy
4) identify studies or surveys which are not about WHOIS privacy, but which might be relevant and identify why they are relevant [it may be interesting to consider non related studies, but it is important to be able to make the link of their relevance, as well. ]
5) identify any government studies, or multi-lateral organization reports, studies or surveys which could be useful
e.g. {OECD, APEC, EC, etc.] and clarify how they are relevant, if they are not directly about WHOIS privacy
6) are there other views which you think should be included? How do you suggest learning more about them?
7) identify any technical resources, standards work, or similar activities which the TF should include in its Issues Report
 
 
The contributions will be captured by the secretariat and provided to all TF members.
 
Following this session, we may return to bi-weekly calls in order to get our work completed. We will MOST probably make further assignments to TF members for reports for the next call, including reviewing recommended reports, and summarizing them, etc.
 
Marilyn and Tony
 
-----------------------email string maintained -- -----------------------------------------------------
 
 -----Original Message-----
From: Antonio Harris [mailto:harris@cabase.org.ar]
Sent: Friday, February 21, 2003 12:53 PM
To: NC-WHOIS; Ruchika Agrawal
Cc: Bruce Tonkin (E-mail); discuss@icann-ncc.org; ehchun@peacenet.or.kr
Subject: Re: [nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report

Ruchika,
 
Marilyn as co-chair of the TF has already replied to
you on behalf of both of us. Nonetheless, I feel
prompted to add some further comments on your
submission:
 
1) I am uncomfortable with the phrase "some members of the Task
Force continue to overlook". Until very recently, the Task Force
worked in unison with all, repeat all, members participating and
contributing freely. The Task Force report that was discussed
on yesterday's call, is the collective outcome of the work and
contributions of the various members, as well as those affected
by the policy recommendations (the Registrars and Registries)
whose input was sought via the Implementation Committee. We
worked, collectively, for almost two years, and the matter of
privacy was not, and is not, overlooked in the least.
 
2) I question the declaration that "some domain name registrants
have legitimate reasons for providing inaccurate information", since
they are contracting a domain name under the conditions specified
by the delivering registrant. If these are unsatisfactory, i.e., the
registrant is unwilling to provide personal data for the Whois, then
maybe he/she would be better off not contracting a domain name.
The alternative of submitting false data is not, in my opinion, an
action that can be justified as being committed for "legitimate
reasons". No one is forcing the registrant to obtain a domain
name and risk exposure? 
 
3) During the GNSO Council teleconference
yesterday, Bruce Tonkin correctly identified the privacy issue as
being related to " the Display of Whois Data", not to its accuracy.
As we begin to look at the privacy issues, this will obviously be
a good starting point in evaluating privacy protection alternatives.
 
 
4) Neither I nor any other members of the Whois Task Force,
as far as I can recall, have ever demanded guarantees of
any sort in order to participate in, and contribute to, work
in process. As co-chair I would be willing to guarantee you
a lot of hard work and dedicated time, since this issue is
so important to you, but not much else...
 
Regards
 
Tony Harris
 
 
 
 
 
 
  
 
----- Original Message -----
Sent: Friday, February 21, 2003 12:44 AM
Subject: [nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report

Dear Co-Members of the WHOIS Task Force:

Based on some of your comments during our teleconference call this week, email postings, and GNSO teleconference meeting today, I want to emphasize a very important point that some members of the Task Force continue to overlook. 

Enforcement of accuracy of WHOIS data has serious implications on privacy.  Some domain name registrants have legitimate reasons for providing inaccurate WHOIS information -- for example, to protect their privacy and protect their personally identifiable information from being globally, publicly accessible -- and especially when there are no privacy safeguards in place.  A number of studies demonstrate that when no privacy safeguards are in place, individuals often engage in privacy "self-defense."  When polled on the issue, individuals regularly claim that they have withheld personal information and have given false information.  See:
·       Privacy, Costs, and Consumers Privacy, Consumers, and Costs: How the Lack of Privacy Costs Consumers and Why Business Studies of Privacy Costs are Biased and Incomplete, Robert Gellman, March 26, 2002, http://www.epic.org/reports/dmfprivacy.html;
·       Trust and Privacy Online: Why Americans Want to Rewrite the Rules, Pew Internet & American Life Project, August 20, 2000, http://www.pewinternet.org/reports/toc.asp?Report=19; and
·       Graphic, Visualization, & Usability Center 7th WWW User Survey, April 1997, http://www.gvu.gatech.edu/user_surveys/survey-1997-04/#exec.

Please also see the report I submitted to the Federal Trade Commission for their panel on "Cooperation Between the FTC and Domain Registration Authorities." <attached >  Again, while I do not oppose accurate data per se, I do oppose the Task Force’s recommendation to enforce accuracy of WHOIS information when the Task Force has failed to adequately address privacy issues.  Minimally, enforcement of accuracy and insurance of privacy safeguards should be concurrent. 

As per Ram’s email and the gTLD constituency’s views on accuracy and privacy, I quote:
“My constituency members are saying that they are under considerable pressure from legal, corporate, community and other bodies to tie implementation of better accuracy and privacy together, so that enhanced accuracy standards and mechanisms do not lead to unlawful privacy methods/practices (for those who operate under the EU Data protection restrictions, for instance).” http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00932.html

I am happy to work on the privacy issues report as long as the WHOIS Task Force can guarantee that enforcement of accuracy and implementation of privacy safeguards would be concurrent (or that implementation of appropriate privacy safeguards would precede enforcement of accuracy).  This guarantee does not conflict with the vote taken during the GNSO Council meeting today, as the GNSO Council specifically and only voted on the WHOIS Task Force’s Final Report’s consensus policies (see below).

Bruce -- can you please confirm my interpretation of the GNSO’s vote on the WHOIS Task Force’s Final Report? 

Sincerely,
Ruchika Agrawal
WHOIS Task Force Member
Non-Commercial Constituency

----------------------------------
I. Consensus Policies

1. Consensus Policies: Accuracy of WHOIS Data.

These two policies match the alternative wording proposed in the Implementation Committee's report, sections 1 and 2, which was accepted by the WHOIS Task Force. Further comments and additions are marked by underlining.

A. At least annually, a registrar must present to the Registrant the current WHOIS information, and remind the registrant that provision of false WHOIS information can be grounds for cancellation of their domain name registration. Registrants must review their WHOIS data, and make any corrections.

B. When registrations are deleted on the basis of submission of false contact data or non-response to registrar inquiries, the redemption grace period -- once implemented -- should be applied. However, the redeemed domain name should be placed in registrar hold status until the registrant has provided updated WHOIS information to the registrar-of-record.

The Task Force observes that the purpose of this policy is to make sure that the redemption process cannot be used as a tool to bypass registrar's contact correction process.

2. Consensus Policies: Bulk Access to WHOIS Data.

There are no substantial changes to to the policies contained in section 3.2 of the Policy Report. However, the extensive discussion presented in that report has been removed in this document. Additionally, some technical changes proposed by ICANN's General Counsel have been incorporated.

A. Use of bulk access WHOIS data for marketing should not be permitted. The Task Force therefore recommends that the obligations contained in the relevant provisions of the RAA be modified to eliminate the use of bulk access WHOIS data for marketing purposes. The obligation currently expressed in section 3.3.6.3 of the RAA could, for instance, be changed to read as follows (changed language underlined):

"Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts."

The bulk-access provision contained in 3.3.6.6 of the RAA would then become inapplicable.

B. Section 3.3.6.5 of the Registrar Accreditation Agreement currently describes an optional clause of registrars' bulk access agreements, which disallows further resale or redistribution of bulk WHOIS data by data users. The use of this clause shall be made mandatory.


<<< Chronological Index >>>    <<< Thread Index >>>