ICANN/DNSO


GNSO WHOIS Task Force Teleconference on 31 January 2003



http://www.dnso.org/dnso/mp3/20030131.WHOISTF-teleconf.mp3

Attendees:
ISP - Tony Harris - co- chair
BC - Marilyn Cade - co-chair
Registry - Becky Burr
Registrar - Ken Stubbs
Former GA Chair - Thomas Roessler
Former GA additional - Abel Wisman
Former GA additional - Kristy McKee
IPC - Steve Metalitz
Non Com Users Constit. - Ruchika Agrawal

GNSO Sec - Glen de Saint Géry

Marilyn Cade noted the documents at hand:
- WHOIS Implementation committee did not comment on recommendations made to ICANN staff.
- Thomas's report
- Steve Metalitz's analysis from the implementation committee
- Two document from Bruce
http://www.dnso.org/dnso/notes/20030110.NCWhoisTF-accuracy.html http://www.dnso.org/dnso/notes/20030110.NCWhoisTF-bulkaccess.html
- WHOIS Implementation Committee Final report
http://www.dnso.org/dnso/notes/20030130.WHOISImpFinalReport_v4.html
- European Commission Comments
http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf
Security Advisory Committee document
http://www.icann.org/committees/security/whois-recommendation-01dec02.htm.

Marilyn Cade proposed:
- examining the implementation committee report
- discussing Louis Touton's interpretation of the 15 days
- aligning the work into Thomas Roessler's final report
- how to address new input relevant to the ICANN recommendations

Marilyn Cade reported on a discussion with Louis Touton on the standing of European Commission communiqué which came from a more senior person than the initial contact, who is in the Media and Data Steve Metalitz said he was not sure how this would be implemented.
The Commission is following with interest the work of the WHOIS task force and looking forward to being involved in further work and discussions relating to WHOIS undertaken by ICANN and contributing to the task force reports.
Louis Touton has suggested a dialogue based on Q & A on the final report and the 3 page submission without making any judgments.
The transmittal came to ICANN and from there it was sent to the appropriate vechile in ICANN, the WHOIS task force dealing with the matter.
Marilyn Cade said that there had been some concern about engagement.
It was suggested that an updated version of the WHOIS report be discussed, that it form part of the comments section in the report and the basic differential access mode responds to an issue in the WHOIS report and fits into the searchability section. Other comments, such as bulk access for any purpose, being unacceptable in principle, also support the WHOIS task force report.
Marilyn Cade insisted that all sections had to be easily identified by the reader
Thomas Roessler went through the modified Final Report and the Implementation Report side by side
http://does-not-exist.net/final-report/final-report-feb03-030131v1.html
http://www.dnso.org/dnso/notes/20030130.WHOISImpFinalReport_v4.html
From the Implementation report, table 2 ,dealing with policy of accuracy on WHOIS data, the registrar should present the WHOIS data to the registrant on an annual basis, but not tied to the renewal, which means that data will be reviewed more frequently.
Steve Metalitz suggested that it be made clear it was an implementation committee recommendation and a change that the task force accepts.

Thomas went on to the new wording for table 2, number 2:
When registrations are deleted on the basis of submission of false contact data or non-response to registrar inquiries, the redemption grace period -- once implemented -- should be applied. However, the redeemed domain name should be placed in Registrar Hold status until the registrant has provided updated WHOIS information to the registrar-of-record.
Steve Metalitz said he was not sure how this would be implemented.
Discussion followed commented that inaccurate and false data were different. The implementation dealt with deletions for false contact data and it was shown that normally registrars would not delete for false contact but would rather put the domain name on registrar hold, and the question that arose was how to redeem the name
from Registrar Hold.
The Task force went into private session for some minutes.
Tony Harris commented that it could be circumvented, so that when the there is a second complaint about the same registrant, the registrar could hold the registration and have the data verified by an agent, at the cost of the registrant.
Abel Wisman said that leaving too much room for the registrar could lead to hoarding and abuse.
Marilyn Cade suggested that it should be noted in an issues report for further work that the task force is concerned about the need for reasonable and affordable accuracy process to provide accurate data when there are repeated occurrences.
Thomas Roessler suggested that this go into a later section.

The following two suggested wordings by the implementation committee were accepted:
The suggested revised section 3.3.6.3 is:

"Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts."

The suggested revised section 3.3.6.5 is:
"Registrar's access agreement shall require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.
The word shall in the first line replaced the word "may".

On Bulk Access the the task force recommended that registrars be required to change their bulk access agreements and while the implementation committee construed this as a recommendation that “registrars modify their bulk WHOIS access agreements to eliminate the use of data for marketing purposes.” The task force agreed with the implementation committee observation that the definition of “marketing purposes” should be clarified by a small working group.

Thomas went on to note that the section 3 under Practical recommendations to ICANN had been struck because maintaining such a contact point could be used as data gathering.
Marilyn Cade suggested striking the word "optional" in number 4.
Accepted

Thomas went on to section 3 of the implementation committee report and said that the 15 day issue should be handled separately in conjunction with advice from ICANN general Counsel.
Further in the section, registrars should be responsible for reminders, was changed to registrars should encourage agents to send reminders.

Ken Stubbs however, argued that this should be a requirement.
Discussion that followed about using "advise" or "should" in this context.
Kristy McKee suggested :
Registrars are responsible for ensuring that their agents provide such reminders.
Abel Wisman said there was a responsibility on the registrar.
It was decided to draft the sentence in an e-mail and ask the advice of Louis Touton on the wording.
Section D, 2.
Accordingly, where registrars send inquiries to registrants in this situation, they should require not only that registrants respond to inquiries within 15 days but that the response be accompanied by documentary proof of the accuracy of the "corrected" data submitted, and that a response lacking such documentation may be treated as a failure to respond. The specifics of acceptable documentation in this situation should be the subject of further discussions.
Suggested Replacement text:(a) Upon receiving a complaint about WHOIS accuracy, a registrar may seek evidence or justification from the complainant.
(b) If the complaint appears justified, then a registrar must at a minimum send an e-mail to all contact points available in the WHOIS (including registrant, admin, technical and billing) for that domain name with: a copy of the current disputed WHOIS information and requesting the WHOIS contact information be updated if the information is incorrect, and. a reminder that if the registrant provides false WHOIS information that this can be grounds for cancellation of their domain name registration.
(c) When the registrant responds, a registrar must take commercially reasonable steps (e. g apply some heuristic automated data validation techniques (possibly via an automated tool centrally provided by ICANN)) to check that the new WHOIS information is plausible. If the data is found to be not plausible, the registrant must provide further justification (which may be documentary evidence) before the data will be accepted.-
(d) If no response is received or no acceptable data has been provided after a time limit (to be agreed) a Registrar must place a name in REGISTRAR-HOLD (or equivalent) status, until the registrant has updated the WHOIS information.
(e) For a name to be removed from REGISTRAR-HOLD status to active status, the registrant must contact the registrar with updated WHOIS information (as per (c) above), and the registrar must confirm that the registrant is contactable via this new information (for example by requiring that the registrant respond to an e-mail sent to a new e-mail contact address).

Marilyn Cade and Steve Metalitz proposed accepting the implementation committee language.
Abel Wisman asked for,clarification on 2 words:
plausible, to which Steve metalitz replied that commercially reasonable steps should be undertaken and that in the United states of America it was easier to check an address than elsewhere, and at this point a human being should look at the registration,
"may" seek evidence, Abel maintained that the registrar could put a valid complaint aside with the wording as it stood.
Steve Metalitz explained it in the context, that if a complaint came in, the registrar does not have to send it to the registrant.
Steve Metalitz undertook to redraft on the section.

Marilyn Cade proposed the following additions for the report:
- attaching the e-mail received from Louis Touton dealing with the 15 day period to the report.
- Include the sentence in principle:
ICANN staff should use the important mechanisms presently in place as well as other means to gather information on the effect
ivity and safety of that mechanism.
add the new recommendation about the review process
- additional submissions from the Security Advisory Committee
- additional submission from the European Commission

Thomas Roessler will provide another draft in a short time.

Marilyn Cade closed the call at 1:10 PM EST.

The teleconference ended at 18:10 UCT

Secretariat.