<<<
Chronological Index
>>> <<<
Thread Index
>>>
[nc-whois] Getting back to work and assignments for Tuesday
- To: "Antonio Harris" <harris@cabase.org.ar>, "NC-WHOIS (E-mail)" <nc-whois@dnso.org>
- Subject: [nc-whois] Getting back to work and assignments for Tuesday
- From: "Cade,Marilyn S - LGCRP" <mcade@att.com>
- Date: Sat, 22 Feb 2003 14:35:47 -0500
- Cc: "Anne Rachel Inne (E-mail)" <inne@icann.org>, "Bruce Tonkin (E-mail)" <bruce.tonkin@melbourneit.com.au>
- Sender: owner-nc-whois@dnso.org
- Thread-Index: AcLZ0RMmoCIXQ0EySBu8VypB2bhbeQARYrnQ
- Thread-Topic: [nc-whois] Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook and My Contribution to the WHOIS Privacy Issues Report
First, I support my co-chair's comments
reminding us that we need to return to our usual collaborative approach to
dealing with tough topics: THIS TF is
KNOWN for its hard work! LONG hours, and LONG and FREQUENT conference
calls. Obviously, we'll be returning to that to get work done for the Rio
meeting. And to ensure that we present a professional product in all the areas
we have accepted responsibilty for.
Issues Reports are new to the Council, and
we have few models. We will be doing three. All three are important.
So,
let's make further discussions on this, or other related topics about the
work we have before us.
How we are proceeding on Issues
Reports:
I. Consistency/uniformity of data
elements/searchability:
Kristy and Ram held a conf. call this week
to move along on assignments. They have done a great job of trying to
broadly include other interested TF members. Tony and Marilyn were on
the call this week and suggested that they ask ICANN staff for a particular
clarification. Kristy/Ram, let us know if you need any help
on moving that item forward. Some TF members who have indicated
concerns about the topics have not actively participated nor made contributions
to the work to date. Time is running out on this. On this week's
Tuesday call, we'll make some decisions about what is feasible to wait
for.
II.
Further recommendations on Accuracy and marketing uses of data:
Steve can't be on Tuesday's call. Tony and
Marilyn to follow up with him separately on when he will have a
draft.
III. Privacy Issues Report:
Several individual members of the TF
have re-stated their interest and commitment to participating in the
development of the Issue Report on Privacy. Tony and I are re-confirming that
the work on this Issues Report is being conducted as a TF and that Tony and
Marilyn will co-chair. Several assignments are made below, or reconfirmed
from previous agreements and assignments. * indicates a previous assignment
which is simply restated for the record.
*Reconfirmation from previous assignment:
Ruchika had agreed to undertake gathering questions from the TF and previous
submissions.
Ruchika: can you turn your separate
submission as a minority report into a document which is separately usable
in the Issues Report by Tuesday or Wednesday? At a minimum, it should include
your minority report but in a format which can be an insertion into this Issues
report -- it should include the links to the previous comments made related to
privacy and to access. This would need to include those comments where people
comment on the importance of access to the data for consumer protection concerns
as well, or law enforcement concerns and should include
a succinct summary of each contribution --a few sentences is the
usual format we 've followed, so that there is a good historical summary of the
contributions.
We understand that you have a
strong concern and interest in this particular area, and that is why
we asked you to undertake this.
An outline for how we propose to
proceed in the development of input to the Issues Report:
-All members of the TF will participate in
the Privacy Issues Report's development.
-Tony and Marilyn will co-chair these
sessions. Two, possibly three sessions will be held.
-Assignments will be made by the
co-chairs for additional work to various members of the TF so that we can
meet our commitment to the Council. Again, other assignments have already been
made and they are simply restated with an *.
-Tuesday's call will be an important part of
meeting our commitment and we need as many of you as possible on the call.
Next Tuesday's agenda:
*Ram is still working on a briefing with a
member of the IESG so we will hope to have a 30 minute dialogue to launch the
meeting. TENTATIVE.
The rest of the agenda is as
follows:
*-5-7 minute report -Ram/Kristy
on Issues Report
*-Steve: can you give us a short email
update, since you cannot attend in person?
-development of
Issues/Questions/Views/Supporting reports/documents:
WHITE BOARDING/Brainstorming session on
issues/questions/views
We will follow the
typical neutral and professional rules for "brainstorming"/white boarding. All
that means is that we will ask each individual to provide a short input for
capturing for the record on the views, perspectives, concerns, issues and
interests of ALL users of WHOIS to our best ability. We'll give 5 minutes to EACH TF
member [please see the "rules" below for what to focus on in your time
slot. No questions/no
challenges during brainstorming.
NOTE: We have invited two members to
make short presentations before we start brainstorming.
- We have asked Becky Burr to provide a
specific 10 minute briefing on how .name is operating. We
- Ram: is there something unique to .info
that would make a similar useful briefing?
After those presentations, we will start the
brainstorming. We'll work through each of the
constituencies/groups.
We strongly suggest that all TF members
think through how they present their input so they can fit in the time slots.
We realize that 5 minutes seems short, but
let' s give this some thought: IF you are a witness before either the US
Congress or most European Parliaments, OR the Commission in public forums,
opening comments are from 3-5 minutes,
with a sharp cut off. :-) And we are all familiar with the time limits at
the mike on Public Forum day in the ICANN meetings. We can do this, IF we each
organize our input succinctly.
Let's try to make this
work.
WHAT WE ARE DOING IN THE BRAINSTORMING:
Our goal is to advance understanding, to remember that we are trying to
understand the views of ALL users of WHOIS, not just our own perspective,
and to, identify further resources for consultation and identify any views we
haven't heard to date.
Rules for Brainstorming:
Each TF member has a "segment" of dedicated
time to present
Please, in your brainstorming, try to
1) identify problems, issues or questions
related to privacy in WHOIS which are specific to your constituency which should
be addressed, or answered?
2) identify concerns of others [not your
constituency] which you are familiar with [try to be specific is
possible/generalizations and speculations are of limited
contribution]
3)
suggest groups or organizations who have documents or surveys, or studies which
are related to WHOIS privacy -- meaning they are ABOUT WHOIS
privacy
4) identify studies or surveys which are not
about WHOIS privacy, but which might be relevant and identify why they are
relevant [it may be interesting to consider non related studies, but it is
important to be able to make the link of their relevance, as well.
]
5) identify any government studies, or
multi-lateral organization reports, studies or surveys which could be
useful
e.g. {OECD, APEC, EC, etc.] and clarify
how they are relevant, if they are not directly about WHOIS
privacy
6) are there other views which you think
should be included? How do you suggest learning more about them?
7) identify any technical resources,
standards work, or similar activities which the TF should include in its Issues
Report
The contributions will be captured by the
secretariat and provided to all TF members.
Following this session, we may return to
bi-weekly calls in order to get our work completed. We will MOST probably make
further assignments to TF members for reports for the next call, including
reviewing recommended reports, and summarizing them, etc.
Marilyn and Tony
-----------------------email string maintained --
-----------------------------------------------------
-----Original
Message----- From: Antonio Harris
[mailto:harris@cabase.org.ar] Sent: Friday, February 21, 2003 12:53
PM To: NC-WHOIS; Ruchika Agrawal Cc: Bruce Tonkin (E-mail);
discuss@icann-ncc.org; ehchun@peacenet.or.kr Subject: Re: [nc-whois]
Critical Relationship Between Accuracy and Privacy That the WHOIS Task Force
Continues To Overlook and My Contribution to the WHOIS Privacy Issues
Report
Ruchika,
Marilyn as co-chair of the TF has already replied to
you on behalf of both of us. Nonetheless, I feel
prompted to add some further comments on your
submission:
1) I am uncomfortable with the phrase "some members of the Task
Force continue to overlook". Until very recently, the Task Force
worked in unison with all, repeat all, members participating and
contributing freely. The Task Force report that was discussed
on yesterday's call, is the collective outcome of the work and
contributions of the various members, as well as those affected
by the policy recommendations (the Registrars and Registries)
whose input was sought via the Implementation Committee. We
worked, collectively, for almost two years, and the matter of
privacy was not, and is not, overlooked in the least.
2) I question the declaration that "some domain name registrants
have legitimate reasons for providing inaccurate information",
since
they are contracting a domain name under the conditions specified
by the delivering registrant. If these are unsatisfactory, i.e.,
the
registrant is unwilling to provide personal data for the Whois,
then
maybe he/she would be better off not contracting a domain name.
The alternative of submitting false data is not, in my opinion, an
action that can be justified as being committed for "legitimate
reasons". No one is forcing the registrant to obtain a domain
name and risk exposure?
3) During the GNSO Council teleconference
yesterday, Bruce Tonkin correctly identified the privacy issue as
being related to " the Display of Whois Data", not to its accuracy.
As we begin to look at the privacy issues, this will obviously be
a good starting point in evaluating privacy protection
alternatives.
4) Neither I nor any other members of the Whois Task Force,
as far as I can recall, have ever demanded guarantees of
any sort in order to participate in, and contribute to, work
in process. As co-chair I would be willing to guarantee you
a lot of hard work and dedicated time, since this issue is
so important to you, but not much else...
Regards
Tony Harris
-----
Original Message -----
Sent: Friday, February 21, 2003 12:44
AM
Subject: [nc-whois] Critical Relationship
Between Accuracy and Privacy That the WHOIS Task Force Continues To Overlook
and My Contribution to the WHOIS Privacy Issues Report
Dear Co-Members of the WHOIS Task Force:
Based on some
of your comments during our teleconference call this week, email postings,
and GNSO teleconference meeting today, I want to emphasize a very important
point that some members of the Task Force continue to overlook.
Enforcement of accuracy of WHOIS data has serious implications on
privacy. Some domain name registrants have legitimate reasons for
providing inaccurate WHOIS information -- for example, to protect their
privacy and protect their personally identifiable information from being
globally, publicly accessible -- and especially when there are no privacy
safeguards in place. A number of studies demonstrate that when no
privacy safeguards are in place, individuals often engage in privacy
"self-defense." When polled on the issue, individuals regularly claim
that they have withheld personal information and have given false
information. See:
- · Privacy,
Costs, and Consumers Privacy, Consumers, and Costs: How the Lack of
Privacy Costs Consumers and Why Business Studies of Privacy Costs are
Biased and Incomplete, Robert Gellman, March 26, 2002, http://www.epic.org/reports/dmfprivacy.html;
- · Trust and
Privacy Online: Why Americans Want to Rewrite the Rules, Pew Internet
& American Life Project, August 20, 2000, http://www.pewinternet.org/reports/toc.asp?Report=19;
and
- · Graphic,
Visualization, & Usability Center 7th WWW User Survey, April 1997, http://www.gvu.gatech.edu/user_surveys/survey-1997-04/#exec.
Please
also see the report I submitted to the Federal Trade Commission for their
panel on "Cooperation Between the FTC and Domain Registration Authorities."
<attached > Again, while I do not oppose accurate data per se, I
do oppose the Task Force’s recommendation to enforce accuracy of WHOIS
information when the Task Force has failed to adequately address privacy
issues. Minimally, enforcement of accuracy and insurance of privacy
safeguards should be concurrent.
As per Ram’s email and the
gTLD constituency’s views on accuracy and privacy, I quote:
- “My constituency members are saying that they are under considerable
pressure from legal, corporate, community and other bodies to tie
implementation of better accuracy and privacy together, so that enhanced
accuracy standards and mechanisms do not lead to unlawful privacy
methods/practices (for those who operate under the EU Data protection
restrictions, for instance).” http://www.dnso.org/clubpublic/nc-whois/Arc00/msg00932.html
I
am happy to work on the privacy issues report as long as the WHOIS Task
Force can guarantee that enforcement of accuracy and implementation of
privacy safeguards would be concurrent (or that implementation of
appropriate privacy safeguards would precede enforcement of accuracy).
This guarantee does not conflict with the vote taken during the GNSO Council
meeting today, as the GNSO Council specifically and only voted on the WHOIS
Task Force’s Final Report’s consensus policies (see below).
Bruce --
can you please confirm my interpretation of the GNSO’s vote on the WHOIS
Task Force’s Final Report?
Sincerely, Ruchika
Agrawal WHOIS Task Force Member Non-Commercial
Constituency
---------------------------------- I. Consensus
Policies
1. Consensus Policies: Accuracy of WHOIS Data.
These
two policies match the alternative wording proposed in the Implementation
Committee's report, sections 1 and 2, which was accepted by the WHOIS Task
Force. Further comments and additions are marked by underlining.
A.
At least annually, a registrar must present to the Registrant the current
WHOIS information, and remind the registrant that provision of false WHOIS
information can be grounds for cancellation of their domain name
registration. Registrants must review their WHOIS data, and make any
corrections.
B. When registrations are deleted on the basis of
submission of false contact data or non-response to registrar inquiries, the
redemption grace period -- once implemented -- should be applied. However,
the redeemed domain name should be placed in registrar hold status until the
registrant has provided updated WHOIS information to the
registrar-of-record.
The Task Force observes that the purpose of this
policy is to make sure that the redemption process cannot be used as a tool
to bypass registrar's contact correction process.
2. Consensus
Policies: Bulk Access to WHOIS Data.
There are no substantial changes
to to the policies contained in section 3.2 of the Policy Report. However,
the extensive discussion presented in that report has been removed in this
document. Additionally, some technical changes proposed by ICANN's General
Counsel have been incorporated.
A. Use of bulk access WHOIS data for
marketing should not be permitted. The Task Force therefore recommends that
the obligations contained in the relevant provisions of the RAA be modified
to eliminate the use of bulk access WHOIS data for marketing purposes. The
obligation currently expressed in section 3.3.6.3 of the RAA could, for
instance, be changed to read as follows (changed language
underlined):
"Registrar's access agreement shall require the third
party to agree not to use the data to allow, enable, or otherwise support
any marketing activities, regardless of the medium used. Such media include
but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and
wireless alerts."
The bulk-access provision contained in 3.3.6.6 of
the RAA would then become inapplicable.
B. Section 3.3.6.5 of the
Registrar Accreditation Agreement currently describes an optional clause of
registrars' bulk access agreements, which disallows further resale or
redistribution of bulk WHOIS data by data users. The use of this clause
shall be made mandatory.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|