[gnso-dow123] RE: [council] Third draft of WHOIS task force terms of reference
FYI, none of the substantive changes proposed by Marilyn are acceptable
to NCUC.
I hope by this juncture all constituencies recognize the need to
reconcile Whois with privacy protection. It is a waste of time to
continue to attempt to avoid this obvious fact. Expedients such as
replacing "protection" with "issues" and other eupemisms are not
constructive.
Other attempts to dilute references to privacy could seriously harm the
work of the TF. For example, the expansion of the reference to
international and national laws to include any and every law in the
world, is a serious diversion. Unless Marilyn provides us with specific
examples of national or international laws that have been recognized to
conflict with Whois requirements, there is no point in sending the TF on
a wild goose chase.
The attempt to eliminate any effort to define the purpose of Whois is
particularly offensive to NCUC.
>>> "Marilyn Cade" <marilynscade@xxxxxxxxxxx> 5/16/2005 6:39:12 PM >>>
Attached is a redline version of my BC proposal for changes to the
Third
version of the ToR. I made what I consider some factual additions to
include
the registered name holder. I also tried to make what I hope will make
the
ToR more broadly adoptable by using neutral terms in describing
applicable
and relevant law, etc., while still acknowledging privacy specifically.
To the BC, there are many applicable and relevant laws, including those
that
deal with consumer protection, crimes, etc. that also have to be
acknowledged, but I didn't spell those out... My interest is trying to
get a
neutral tone to that segment that can allow the TF work to move
forward.
I also put in a placeholder for the addition of the work items from
the
existing activities, that I believe that Jordyn and Maria were
drafting.
PLEASE NOTE, JUST IN CASE ANYONE HAS TROUBLE OPENING THE WORD DOCUMENT
THAT
THIS IS NOT A REDLINED VERSION BELOW. IT IS THE THIRD VERSION WITH MY
PROPOSED ADDITIONS INCORPORATED -- ALL THE SYSTEM WOULD ALLOW ME TO DO,
BUT
I KNOW THAT SOME ARE TRAVELING AND MAY HAVE LIMITED ACCESS.
-------------------------------------
Changes provided by Marilyn Cade, BC Councilor, as modifications to
Bruce
Tonkin's
Third Draft of Terms of Reference for WHOIS task force
The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global
Internet's
systems of unique identifiers, and in particular to ensure the stable
and secure operation of the Internet's unique identifier systems.
ICANN has agreements with gTLDS registrars and gTLDS registries that
require the provision of a WHOIS service via three mechanisms:
port-43,
web based access, and bulk access. The agreements also require a
Registered Name Holder to provide accurate contact information for
themselves, as well as technical and administrative contact
information
adequate to facilitate timely resolution of any problems that arise in
connection with the Registered Name. A registrar is required in the
Registrar Accreditation Agreement (RAA) to take reasonable precautions
to
protect Personal Data from loss, misuse, unauthorized access or
disclosure,
alteration, or destruction.
The goal of the WHOIS task force is to improve the effectiveness of
the
WHOIS service in maintaining the stability and security of the
Internet's unique identifier systems, whilst taking into account where
appropriate the issues of privacy for the personal data
of individuals that may be Registered Name Holders, or the
administrative or technical contact for a domain name.
Tasks:
(1) Define the purpose of the WHOIS service in the context of ICANN's
mission, relevant applicable international and national laws,
including, but
not limited to those regarding privacy, and the
changing nature of Registered Name Holders.
(2) Define the purpose of the registered name holder, technical and
administrative contacts, in the context of the purpose of WHOIS, and
the
purpose for which the data was collected.
Relevant definitions are taken from Exhibit C of
the Transfers Task force report as a starting point (from
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):
"Contact: Contacts are individuals or entities associated with domain
name records. Typically, third parties with specific inquiries or
concerns will use contact records to determine who should act upon
specific issues related to a domain name record. There are typically
three of these contact types associated with a domain name record, the
Administrative contact, the Billing contact and the Technical contact.
Contact, Administrative: The administrative contact is an individual,
role or organization authorized to interact with the Registry or
Registrar on behalf of the Domain Holder. The administrative contact
should be able to answer non-technical questions about the domain
name's
registration and the Domain Holder. In all cases, the Administrative
Contact is viewed as the authoritative point of contact for the domain
name, second only to the Domain Holder.
Contact, Billing: The billing contact is the individual, role or
organization designated to receive the invoice for domain name
registration and re-registration fees.
Contact, Technical: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name
server(s)
for the domain. The technical contact should be able to answer
technical
questions about the domain name, the delegated zone and work with
technically oriented people in other zones to solve technical problems
that affect the domain name and/or zone."
Contact: Domain Holder: The individual or organization that registers
a
specific domain name. This individual or organization holds the right o
use
that specific domain name for a specified period of time, provided
certain
conditions are met and the registration fees are paid. This person or
organization is the "legal entity" bound by the terms of the relevant
service agreements with the Registry operation of the TLD in
question."
(3) Determine what data collected should be available for public
access
in the context of the purpose of WHOIS. Determine how to access data
that is not available for public
access.
The current elements that must be displayed by a registrar
are:
- The name of the Registered Name;
- The names of the primary name server and secondary name server(s)
for
the Registered Name;
- The identity of Registrar (which may be provided through Registrar's
website);
- The original creation date of the registration;
- The expiration date of the registration;
- The name and postal address of the Registered Name Holder;
- The name, postal address, e-mail address, voice telephone number,
and
(where available) fax number of the technical contact for the
Registered
Name; and
- The name, postal address, e-mail address, voice telephone number,
and
(where available) fax number of the administrative contact for the
Registered Name.
(4) Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and
correcting
inaccurate data. Currently a registrar must require a "Registered
Name
Holder [to] provide to Registrar accurate and reliable contact details
and
promptly correct and update them during the term of the Registered
Name
registration;" "shall abide by any specifications or policies
established
according to Section 4 requiring reasonable and commercially
practicable (a)
verification, at the time of registration, of contact information
associated
with a Registered Name sponsored by Registrar or (b) periodic
re-verification of such information; " and "shall, upon notification by
any
person of an inaccuracy in the contact information associated with a
Registered Name sponsored by Registrar, take reasonable steps to
investigate
that claimed inaccuracy. In the event Registrar learns of inaccurate
contact
information associated with a Registered Name it
sponsors, it shall take reasonable steps to correct that inaccuracy."
Insert here the relevant sections being drafted by Jordyn and Maria
that
captures the existing work.
Submitted by Marilyn Cade, BC Councilor
-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx
[mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Bruce Tonkin
Sent: Saturday, May 14, 2005 9:32 PM
To: council@xxxxxxxxxxxxxx
Cc: gnso-dow123@xxxxxxxxxxxxxx
Subject: [council] Third draft of WHOIS task force terms of reference
Hello All,
Here is a third draft of the WHOIS terms of reference.
The main changes are:
- ICANN mission statement taken directly from ICANN bylaws
- noting that there is a difference between the data collected and the
display of that data
(presently the agreements assume that everything collected will be
publicly displayed - the new draft takes in account that in future
some
data that is collected may not be placed on public display), I have
made
it clearer that the present agreements require Registered Name Holders
to provide certain data to the Registrar and keep it accurate, the
Registrar is required to display this data as part of its WHOIS
obligations. The purpose of the WHOIS service (ie the public display
of data) is not clearly defined, but the purpose for which data is
collected is indirectly defined in clause 3.7.7.3.
- at the suggestion of the NCUC I have added the need to take into
account international and national privacy laws when defining the
purpose of WHOIS.
Regards,
Bruce Tonkin
Third Draft of Terms of Reference for WHOIS task force
The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global
Internet's
systems of unique identifiers, and in particular to ensure the stable
and secure operation of the Internet's unique identifier systems.
ICANN has agreements with gtld registrars and gtld registries that
require the provision of a WHOIS service via three mechanisms:
port-43,
web based access, and bulk
access. The agreements also require a Registered Name Holder to
provide accurate technical and administrative contact information
adequate to facilitate timely resolution of any problems that arise in
connection with the Registered Name. A registrar is required in the
Registrar Accreditation Agreement (RAA) to take reasonable precautions
to protect Personal Data from loss, misuse, unauthorized access or
disclosure, alteration, or destruction.
The goal of the WHOIS task force is to improve the effectiveness of
the
WHOIS service in maintaining the stability and security of the
Internet's unique identifier systems, whilst taking into account where
appropriate the need to ensure privacy protection for the Personal
Data
of individuals that may be Registered Name Holders, or the
administrative or technical contact for a domain name.
Tasks:
(1) Define the purpose of the WHOIS service in the context of ICANN's
mission, international and national laws protecting privacy, and the
changing nature of Registered Name Holders.
(2) Define the purpose of the technical and administrative contacts,
in
the context of the purpose of WHOIS, and the purpose for which the
data
was collected.
Use the definitions from Exhibit C of
the Transfers Task force report as a starting point (from
http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm):
"Contact: Contacts are individuals or entities associated with domain
name records. Typically, third parties with specific inquiries or
concerns will use contact records to determine who should act upon
specific issues related to a domain name record. There are typically
three of these contact types associated with a domain name record, the
Administrative contact, the Billing contact and the Technical contact.
Contact, Administrative: The administrative contact is an individual,
role or organization authorized to interact with the Registry or
Registrar on behalf of the Domain Holder. The administrative contact
should be able to answer non-technical questions about the domain
name's
registration and the Domain Holder. In all cases, the Administrative
Contact is viewed as the authoritative point of contact for the domain
name, second only to the Domain Holder.
Contact, Billing: The billing contact is the individual, role or
organization designated to receive the invoice for domain name
registration and re-registration fees.
Contact, Technical: The technical contact is the individual, role or
organization that is responsible for the technical operations of the
delegated zone. This contact likely maintains the domain name
server(s)
for the domain. The technical contact should be able to answer
technical
questions about the domain name, the delegated zone and work with
technically oriented people in other zones to solve technical problems
that affect the domain name and/or zone."
(3) Determine what data collected should be available for public
access
in the context of the purpose of WHOIS. Determine how to access data
that is not available for public
access. The current elements that must be displayed by a registrar
are:
- The name of the Registered Name;
- The names of the primary nameserver and secondary nameserver(s) for
the Registered Name;
- The identity of Registrar (which may be provided through Registrar's
website);
- The original creation date of the registration;
- The expiration date of the registration;
- The name and postal address of the Registered Name Holder;
- The name, postal address, e-mail address, voice telephone number,
and
(where available) fax number of the technical contact for the
Registered
Name; and
- The name, postal address, e-mail address, voice telephone number,
and
(where available) fax number of the administrative contact for the
Registered Name.
(4) Determine how to improve the process for notifying a registrar of
inaccurate WHOIS data, and the process for investigating and
correcting
inaccurate data. Currently a registrar "shall, upon notification by
any
person of an inaccuracy in the contact information associated with a
Registered Name sponsored by Registrar, take reasonable steps to
investigate that claimed inaccuracy. In the event Registrar learns of
inaccurate contact information associated with a Registered Name it
sponsors, it shall take reasonable steps to correct that inaccuracy."