As Marilyn’s addition says, the RAA agreements
specify that such policies be “reasonable and commercially
practicable” and they also use the language “take reasonable steps”
(section 3.7.8) We are going to keep that constraint,
right? So, I’ve added a modification as
follows (my additions in green): “(4) Determine how to improve a) the process for
notifying a registrar of inaccurate WHOIS data, and b) the processes for
investigating and correcting inaccurate data and c) the process for preventing the initial collection of inaccurate data. Any resulting specification
or policy must be reasonable and commercially practicable” The biggest hurdle to accomplishing this three-part
goal will be to define what “inaccurate WHOIS data” is. I
doubt even the GAO has a definition (they didn’t when last we spoke). Much like defining the purpose of whois
data, shouldn’t this be a separate task? Once we know what “inaccurate WHOIS
data” is, the rest is a cake-walk. So I’d further modify this task to: “(4) Define “inaccurate WHOIS data”, then, determine how to improve
a) the process for notifying a registrar of inaccurate WHOIS data,
and b) the processes for investigating and correcting inaccurate WHOIS data and c) the process for preventing the initial collection of inaccurate WHOIS data. Any resulting specification or policy must be
reasonable and commercially practicable” On the other of Marilyn’s original changes,
I don’t see how removing the concept of “protecting privacy”
and replacing it with the “issue of privacy” improves the document. It is better, to me, without those. Also on task #3: It currently says “Determine
how to access data that is not available for public access.”
This presupposes “tiers”, and
would constrain the thinking of the future TF. I think the following replacement improves
it: “Determine if any non-public data should be made
available, under what circumstances, and to whom.” Paul From:
owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx] On Behalf Of Niklas_Lagergren@xxxxxxxx Dear All – I think the amendments put forward by
Marilyn to Bruce’s third draft make a lot of sense. By adding a few
elements that I think can fairly be described as factual, it results in a draft
ToR that could constitute a good basis for future work on the
“WHOIS” topic. However – in order not to give the
impression that the GNSO is ducking a crucial issue – I would suggest one
additional amendment to Task (4) of the draft ToR, specifically to the first
sentence of Task (4). See red-coloured addition below: “(4) Determine how to improve the
process for notifying a registrar of inaccurate WHOIS data, and the processes for
investigating and correcting inaccurate data and for preventing the initial collection of
inaccurate data.” I have also included this suggestion in
the Word document circulated by Marilyn (see updated Word document in
attachment). Many thanks to both Bruce and Marilyn for
their work on this! Kind regards – Niklas From: Marilyn Cade
[mailto:marilynscade@xxxxxxxxxxx] Attached is a redline version of my BC proposal for changes to the Third
version of the ToR. I made what I consider some factual additions to include
the registered name holder. I also tried to make what I hope will make the ToR
more broadly adoptable by using neutral terms in describing applicable and
relevant law, etc., while still acknowledging privacy specifically. To the BC, there are many applicable and relevant laws, including those
that deal with consumer protection, crimes, etc. that also have to be
acknowledged, but I didn't spell those out... My interest is trying to get a
neutral tone to that segment that can allow the TF work to move forward. I also put in a placeholder for the addition of the work items from the
existing activities, that I believe that Jordyn and Maria were drafting. PLEASE NOTE, JUST IN CASE ANYONE HAS
TROUBLE OPENING THE WORD DOCUMENT THAT THIS IS NOT A REDLINED VERSION BELOW. IT
IS THE THIRD VERSION WITH MY PROPOSED ADDITIONS INCORPORATED -- ALL THE SYSTEM
WOULD ALLOW ME TO DO, BUT I KNOW THAT SOME ARE TRAVELING AND MAY HAVE LIMITED
ACCESS. ------------------------------------- Changes provided by
Marilyn Cade, BC Councilor, as modifications to Bruce Tonkin’s Third Draft of Terms of Reference for WHOIS task force The mission of The Internet Corporation for Assigned Names and Numbers ("ICANN") is to coordinate, at the overall level, the global
Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. ICANN has agreements with gTLDS registrars and gTLDS registries that require the provision of a WHOIS service via three mechanisms: port-43, web based access, and bulk access. The agreements also
require a Registered Name Holder to provide accurate contact information for
themselves, as well as technical and administrative contact information
adequate to facilitate timely resolution of any problems that arise in
connection with the Registered Name. A registrar is required in the
Registrar Accreditation Agreement (RAA) to take reasonable precautions to protect
Personal Data from loss, misuse, unauthorized access or disclosure, alteration,
or destruction. The goal of the WHOIS task force is to improve the effectiveness of the WHOIS service in maintaining the stability and security of the Internet's unique identifier systems, whilst taking into account where appropriate the issues of privacy for the personal data of individuals that may be Registered Name Holders, or the administrative or technical contact for a domain name. Tasks: (1) Define the purpose of the WHOIS service in the context of ICANN's mission, relevant applicable international and national laws,
including, but not limited to those regarding privacy, and the changing nature of Registered Name Holders. (2) Define the purpose of the registered name holder, technical and
administrative contacts, in the context of the purpose of WHOIS, and the
purpose for which the data was collected. Relevant definitions are taken from Exhibit C of the Transfers Task force report as a starting point (from http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm): "Contact: Contacts are individuals or entities associated with
domain name records. Typically, third parties with specific inquiries or concerns will use contact records to determine who should act upon specific issues related to a domain name record. There are typically three of these contact types associated with a domain name record, the Administrative contact, the Billing contact and the Technical contact. Contact, Administrative: The administrative contact is an individual, role or organization authorized to interact with the Registry or Registrar on behalf of the Domain Holder. The administrative contact should be able to answer non-technical questions about the domain name's registration and the Domain Holder. In all cases, the Administrative Contact is viewed as the authoritative point of contact for the domain name, second only to the Domain Holder. Contact, Billing: The billing contact is the individual, role or organization designated to receive the invoice for domain name registration and re-registration fees. Contact, Technical: The technical contact is the individual, role or organization that is responsible for the technical operations of the delegated zone. This contact likely maintains the domain name server(s) for the domain. The technical contact should be able to answer
technical questions about the domain name, the delegated zone and work with technically oriented people in other zones to solve technical problems that affect the domain name and/or zone." Contact: Domain Holder: The individual or organization that registers a
specific domain name. This individual or organization holds the right o use
that specific domain name for a specified period of time, provided certain
conditions are met and the registration fees are paid. This person or
organization is the “legal entity” bound by the terms of the
relevant service agreements with the Registry operation of the TLD in
question.” (3) Determine what data collected should be available for public access in the context of the purpose of WHOIS. Determine how to access
data that is not available for public access. The current elements that must be displayed by a registrar are: - The name of the Registered Name; - The names of the primary name server and secondary name server(s) for the Registered Name; - The identity of Registrar (which may be provided through Registrar's website); - The original creation date of the registration; - The expiration date of the registration; - The name and postal address of the Registered Name Holder; - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the
Registered Name; and - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. (4) Determine how to improve the process for notifying a registrar of inaccurate WHOIS data, and the process for investigating and correcting inaccurate data. Currently a registrar must require a
“Registered Name Holder [to] provide to Registrar accurate and reliable
contact details and promptly correct and update them during the term of the Registered
Name registration;” “shall abide by any specifications or policies
established according to Section 4 requiring reasonable and commercially
practicable (a) verification, at the time of registration, of contact
information associated with a Registered Name sponsored by Registrar or (b)
periodic re-verification of such information; “ and "shall, upon
notification by any person of an inaccuracy in the contact information
associated with a Registered Name sponsored by Registrar, take reasonable steps
to investigate that claimed inaccuracy. In the event Registrar learns of
inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that
inaccuracy." Insert here the relevant sections being drafted by Jordyn and Maria
that captures the existing work. Submitted by Marilyn Cade, BC Councilor -----Original Message----- Hello All, Here is a third draft of the WHOIS terms of reference. The main changes are: - ICANN mission statement taken directly from ICANN bylaws - noting that there is a difference between the data collected and the display of that data (presently the agreements assume that everything collected will be publicly displayed - the new draft takes in account that in future some data that is collected may not be placed on public display), I have
made it clearer that the present agreements require Registered Name Holders to provide certain data to the Registrar and keep it accurate, the Registrar is required to display this data as part of its WHOIS obligations. The purpose of the WHOIS service (ie the
public display of data) is not clearly defined, but the purpose for which data is collected is indirectly defined in clause 3.7.7.3. - at the suggestion of the NCUC I have added the need to take into account international and national privacy laws when defining the purpose of WHOIS. Regards, Bruce Tonkin Third Draft of Terms of Reference for WHOIS task force The mission of The Internet Corporation for Assigned Names and Numbers ("ICANN") is to coordinate, at the overall level, the global
Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. ICANN has agreements with gtld registrars and gtld registries that require the provision of a WHOIS service via three mechanisms: port-43, web based access, and bulk access. The agreements also require a Registered Name
Holder to provide accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A registrar is required in
the Registrar Accreditation Agreement (RAA) to take reasonable precautions to protect Personal Data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. The goal of the WHOIS task force is to improve the effectiveness of the WHOIS service in maintaining the stability and security of the Internet's unique identifier systems, whilst taking into account where appropriate the need to ensure privacy protection for the Personal Data of individuals that may be Registered Name Holders, or the administrative or technical contact for a domain name. Tasks: (1) Define the purpose of the WHOIS service in the context of ICANN's mission, international and national laws protecting privacy, and the changing nature of Registered Name Holders. (2) Define the purpose of the technical and administrative contacts, in the context of the purpose of WHOIS, and the purpose for which the data was collected. Use the definitions from Exhibit C of the Transfers Task force report as a starting point (from http://www.icann.org/gnso/transfers-tf/report-exhc-12feb03.htm): "Contact: Contacts are individuals or entities associated with
domain name records. Typically, third parties with specific inquiries or concerns will use contact records to determine who should act upon specific issues related to a domain name record. There are typically three of these contact types associated with a domain name record, the Administrative contact, the Billing contact and the Technical contact. Contact, Administrative: The administrative contact is an individual, role or organization authorized to interact with the Registry or Registrar on behalf of the Domain Holder. The administrative contact should be able to answer non-technical questions about the domain
name's registration and the Domain Holder. In all cases, the Administrative Contact is viewed as the authoritative point of contact for the domain name, second only to the Domain Holder. Contact, Billing: The billing contact is the individual, role or organization designated to receive the invoice for domain name registration and re-registration fees. Contact, Technical: The technical contact is the individual, role or organization that is responsible for the technical operations of the delegated zone. This contact likely maintains the domain name server(s) for the domain. The technical contact should be able to answer
technical questions about the domain name, the delegated zone and work with technically oriented people in other zones to solve technical problems that affect the domain name and/or zone." (3) Determine what data collected should be available for public access in the context of the purpose of WHOIS. Determine how to access
data that is not available for public access. The current elements that must be displayed by a
registrar are: - The name of the Registered Name; - The names of the primary nameserver and secondary nameserver(s) for the Registered Name; - The identity of Registrar (which may be provided through Registrar's website); - The original creation date of the registration; - The expiration date of the registration; - The name and postal address of the Registered Name Holder; - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the
Registered Name; and - The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name. (4) Determine how to improve the process for notifying a registrar of inaccurate WHOIS data, and the process for investigating and correcting inaccurate data. Currently a registrar "shall, upon
notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that
inaccuracy." |