ICANN/DNSO
GNSO WHOIS Task Force Teleconference on 31 January 2003 |
http://www.dnso.org/dnso/mp3/20030131.WHOISTF-teleconf.mp3
Attendees:
ISP - Tony Harris - co- chair
BC - Marilyn Cade - co-chair
Registry - Becky Burr
Registrar - Ken Stubbs
Former GA Chair - Thomas Roessler
Former GA additional - Abel Wisman
Former GA additional - Kristy McKee
IPC - Steve Metalitz
Non Com Users Constit. - Ruchika Agrawal
GNSO Sec - Glen de Saint Géry
Marilyn Cade noted the documents
at hand:
- WHOIS Implementation committee did not comment on recommendations made to
ICANN staff.
- Thomas's report
- Steve Metalitz's analysis from the implementation committee
- Two document from Bruce
http://www.dnso.org/dnso/notes/20030110.NCWhoisTF-accuracy.html
http://www.dnso.org/dnso/notes/20030110.NCWhoisTF-bulkaccess.html
- WHOIS Implementation Committee Final report
http://www.dnso.org/dnso/notes/20030130.WHOISImpFinalReport_v4.html
- European Commission Comments
http://www.dnso.org/dnso/notes/ec-comments-whois-22jan03.pdf
Security Advisory Committee document
http://www.icann.org/committees/security/whois-recommendation-01dec02.htm.
Marilyn Cade proposed:
- examining the implementation committee report
- discussing Louis Touton's interpretation of the 15 days
- aligning the work into Thomas Roessler's final report
- how to address new input relevant to the ICANN recommendations
Marilyn Cade reported on a discussion with Louis Touton on the standing
of European Commission communiqué which came from a more senior person
than the initial contact, who is in the Media and Data Steve Metalitz said he
was not sure how this would be implemented.
The Commission is following with interest the work of the WHOIS task force and
looking forward to being involved in further work and discussions relating to
WHOIS undertaken by ICANN and contributing to the task force reports.
Louis Touton has suggested a dialogue based on Q & A on the final
report and the 3 page submission without making any judgments.
The transmittal came to ICANN and from there it was sent to the appropriate
vechile in ICANN, the WHOIS task force dealing with the matter.
Marilyn Cade said that there had been some concern about engagement.
It was suggested that an updated version of the WHOIS report be discussed, that
it form part of the comments section in the report and the basic differential
access mode responds to an issue in the WHOIS report and fits into the searchability
section. Other comments, such as bulk access for any purpose, being unacceptable
in principle, also support the WHOIS task force report.
Marilyn Cade insisted that all sections had to be easily identified by the reader
Thomas Roessler went through the modified Final Report and the Implementation
Report side by side
http://does-not-exist.net/final-report/final-report-feb03-030131v1.html
http://www.dnso.org/dnso/notes/20030130.WHOISImpFinalReport_v4.html
From the Implementation report, table 2 ,dealing with policy of accuracy on
WHOIS data, the registrar should present the WHOIS data to the registrant on
an annual basis, but not tied to the renewal, which means that data will be
reviewed more frequently.
Steve Metalitz suggested that it be made clear it was an implementation
committee recommendation and a change that the task force accepts.
Thomas went on to the new wording for table 2, number 2:
When registrations are deleted on the basis of submission of false contact data
or non-response to registrar inquiries, the redemption grace period -- once
implemented -- should be applied. However, the redeemed domain name should be
placed in Registrar Hold status until the registrant has provided updated WHOIS
information to the registrar-of-record.
Steve Metalitz said he was not sure how this would be implemented.
Discussion followed commented that inaccurate and false data were different.
The implementation dealt with deletions for false contact data and it was shown
that normally registrars would not delete for false contact but would rather
put the domain name on registrar hold, and the question that arose was how to
redeem the name from Registrar
Hold.
The Task force went into private session for some minutes.
Tony Harris commented that it could be circumvented, so that when the
there is a second complaint about the same registrant, the registrar could hold
the registration and have the data verified by an agent, at the cost of the
registrant.
Abel Wisman said that leaving too much room for the registrar could lead
to hoarding and abuse.
Marilyn Cade suggested that it should be noted in an issues report for
further work that the task force is concerned about the need for reasonable
and affordable accuracy process to provide accurate data when there are repeated
occurrences.
Thomas Roessler suggested that this go into a later section.
The following two suggested wordings
by the implementation committee were accepted:
The suggested revised section 3.3.6.3 is:
"Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, SMS, and wireless alerts."
The suggested revised section
3.3.6.5 is:
"Registrar's access agreement shall require the third party to agree not to
sell or redistribute the data except insofar as it has been incorporated by
the third party into a value-added product or service that does not permit the
extraction of a substantial portion of the bulk data from the value-added product
or service for use by other parties.
The word shall in the first line replaced the word "may".
On Bulk Access the the task
force recommended that registrars be required to change their bulk access agreements
and while the implementation committee construed this as a recommendation that
“registrars modify their bulk WHOIS access agreements to eliminate the use of
data for marketing purposes.” The task force agreed with the implementation
committee observation that the definition of “marketing purposes” should be
clarified by a small working group.
Thomas went on to note that
the section 3 under Practical recommendations to ICANN had been struck because
maintaining such a contact point could be used as data gathering.
Marilyn Cade suggested striking the word "optional" in number
4.
Accepted
Thomas went on to section
3 of the implementation committee report and said that the 15 day issue should
be handled separately in conjunction with advice from ICANN general Counsel.
Further in the section, registrars should be responsible for reminders, was
changed to registrars should encourage agents to send reminders.
Ken Stubbs however, argued
that this should be a requirement.
Discussion that followed about using "advise" or "should"
in this context.
Kristy McKee suggested : Registrars
are responsible for ensuring that their agents provide such reminders.
Abel Wisman said there was a responsibility on the registrar.
It was decided to draft the sentence in an e-mail and ask the advice of Louis
Touton on the wording.
Section D, 2.
Accordingly, where registrars send inquiries to registrants in this situation,
they should require not only that registrants respond to inquiries within 15
days but that the response be accompanied by documentary proof of the accuracy
of the "corrected" data submitted, and that a response lacking such documentation
may be treated as a failure to respond. The specifics of acceptable documentation
in this situation should be the subject of further discussions.
Suggested Replacement text:(a) Upon receiving a complaint about WHOIS accuracy,
a registrar may seek evidence or justification from the complainant.
(b) If the complaint appears justified, then a registrar must at a minimum send
an e-mail to all contact points available in the WHOIS (including registrant,
admin, technical and billing) for that domain name with: a copy of the current
disputed WHOIS information and requesting the WHOIS contact information be updated
if the information is incorrect, and. a reminder that if the registrant provides
false WHOIS information that this can be grounds for cancellation of their domain
name registration.
(c) When the registrant responds, a registrar must take commercially reasonable
steps (e. g apply some heuristic automated data validation techniques (possibly
via an automated tool centrally provided by ICANN)) to check that the new WHOIS
information is plausible. If the data is found to be not plausible, the registrant
must provide further justification (which may be documentary evidence) before
the data will be accepted.-
(d) If no response is received or no acceptable data has been provided after
a time limit (to be agreed) a Registrar must place a name in REGISTRAR-HOLD
(or equivalent) status, until the registrant has updated the WHOIS information.
(e) For a name to be removed from REGISTRAR-HOLD status to active status, the
registrant must contact the registrar with updated WHOIS information (as per
(c) above), and the registrar must confirm that the registrant is contactable
via this new information (for example by requiring that the registrant respond
to an e-mail sent to a new e-mail contact address).
Marilyn Cade and Steve Metalitz proposed accepting the implementation
committee language.
Abel Wisman asked for,clarification on 2 words:
plausible, to which Steve metalitz replied that commercially reasonable steps
should be undertaken and that in the United states of America it was easier
to check an address than elsewhere, and at this point a human being should look
at the registration,
"may" seek evidence, Abel maintained that the registrar could put
a valid complaint aside with the wording as it stood.
Steve Metalitz explained it in the context, that if a complaint came
in, the registrar does not have to send it to the registrant.
Steve Metalitz undertook to redraft on the section.
Marilyn Cade proposed the following additions for the report:
- attaching the e-mail received from Louis Touton dealing with the 15 day period
to the report.
- Include the sentence in principle:
ICANN staff should use the important mechanisms presently in place as well as
other means to gather information on the effectivity
and safety of that mechanism.
add the new recommendation about the review process
- additional submissions from the Security Advisory Committee
- additional submission from the European Commission
Thomas Roessler will provide another draft in a short time.
Marilyn Cade closed the call at 1:10 PM EST.
The teleconference ended at 18:10 UCT
Secretariat.