[bc-gnso] Additional info for Whois Studies discussion at 1-AprGNSO Council Meeting

Marilyn Cade marilynscade at hotmail.com
Thu Apr 1 15:08:59 UTC 2010


excellent additional background to why WHOIS is so important to business users.





> Subject: Re: [bc-gnso] Additional info for Whois Studies discussion at 1-AprGNSO Council Meeting
> Date: Thu, 1 Apr 2010 08:56:29 -0600
> From: randerson at waltonglobal.com
> To: marilynscade at hotmail.com; sdelbianco at netchoice.org; zahid at jamilandjamil.com; icann at rodenbaugh.com
> CC: bc-gnso at icann.org
> 
> 
> An accurate and readily accessible WHOIS is certainly important to more than only businesses regarding trademark infringement.
> 
> An accurate and accessible WHOIS is important to consumers with respect to protection. And recourse from online fraud and theft.
> 
> An accurate and accessible WHOIS is important to individuals and business with respect to protection from defamation.
> 
> An accurate and accessible WHOIS is important to parents and children with respect to transparency and the ability to see who's what with regard to the websites children use.
> 
> An accurate and accessible WHOIS is important to civil society with respect to the transparency of published news and views.
> 
> I always find it puzzling that a small number of people preoccupied with privacy over all else are able to convince the wider community that to forego the virtues of transparency and accountability. There are better ways to fight spam than by hiding or misrepresenting the identity of web publishers. And if you desire anonymity, don't publish a website.
> 
> Two of my children have been ripped off by online vendors hiding being fake data. Our firm has been defamed by a website whose publisher hides being privacy and fake WHOIS data. ICANN should not be tolerating this dysfunction.
> 
> 
> 
> 
> cheers/Rick
> 
> Rick Anderson
> EVP, InterBorder Holdings Ltd
> randerson at interborder.ca
> cell (403) 830-1798
>  
> 
> ----- Original Message -----
> From: owner-bc-gnso at icann.org <owner-bc-gnso at icann.org>
> To: Steve Delbianco  <sdelbianco at netchoice.org>; Zahid Jamil  <zahid at jamilandjamil.com>; Mike Rodenbaugh  <icann at rodenbaugh.com>
> Cc: Bc GNSO list  <bc-gnso at icann.org>
> Sent: Thu Apr 01 08:14:05 2010
> Subject: Re: [bc-gnso] Additional info for Whois Studies discussion at 1-AprGNSO Council Meeting
> 
> 
> While I support Steve's "thesis", I wouldn't refer to the GAC, who has worked productively with business and law enforcement as "giants", however. 
> 
> I do support that policy has to be supported by informed data /research and these studies should receive the funding needed. The amount proposed is indeed small compared to the overall budget and will jelp to inform policy making. 
> 
> I would have suggested a higher amount for the initial authorized budget-- but getting two studies authorized for this budget year is a start on the right direction. 
> 
> WHOIS is important to all Business users, and for more than trademark collision issues. 
> 
> The delay in undertaking the studies is already a serious challenge since further understanding of existing issues is important to also inform the new gTLD and IDN programs. 
> 
> 
> Sent via BlackBerry by AT&T
> 
> -----Original Message-----
> From: Steve DelBianco <sdelbianco at netchoice.org>
> Date: Thu, 1 Apr 2010 13:13:10 
> To: <zahid at jamilandjamil.com>; <icann at rodenbaugh.com>
> Cc: <bc-gnso at icann.org>
> Subject: [bc-gnso] Additional info for Whois Studies discussion at 1-Apr
>  GNSO Council Meeting
> 
> Mike and Zahid -- I predict you will encounter resistance today to the Study on Whois Misuse ($150K).  If I were there, I would offer this:
>  
>  Milton Mueller, Robin Gross and the NCUC had for years claimed that people suffered harm and harassment BECAUSE their data was displayed in Whois.   It was just an assertion with no data support, but it was their main argument against Whois.
>  
>  That's why I suggested study #1 and Claudio of INTA suggested studies 14 and 15.   We wanted some data to know if significant harm comes from Whois.  It's probable that a few harassment cases came from Whois but I am confident it won't be material or significant, and we can show that there are other sources where email addresses could be obtained.   (See below for what Liz Gasster and Lorrie Cranor had to say about the misuse studies)
>  
>  I've already mentioned the AoC review of Whois that's coming next year.   And then there's the GAC.  In their Whois letter (http://www.icann.org/correspondence/karlins-to-thrush-16apr08.pdf)  the GAC explicitly calls for misuse data:
>  
>  The goal should be to initially compile data that provides a documented evidence base regarding: ...  the types and extent of misuses of WHOIS data and what harm is caused by each type of misuse, including economic, use of WHOIS data in SPAM generation, abuse of personal data, loss of reputation or identity theft, security costs and loss of data.
>  
>  There's a lesson I learned during the Microsoft case:  "Don't moon the giant."   This study is $150K out of a $70M annual budget and that's a small price to pay to avoid mooning the giants of GAC and USG.
>  
>  Just my two cents.
>  --Steve
>  
>  
>  Below is the early analysis from the esteemed Lorrie Cranor of ATT and W3C.  Lorrie concluded it might be helpful though she thought it would be inexpensive.
>  
>  WHOIS misuse studies
>  Four proposals (suggestions #1, #14, #15 and #21) suggest that ICANN study misuse of WHOIS data to determine the connection, if any, between WHOIS and illegal activities. These studies will help establish the extent and nature of problems caused by unprotected WHOIS data.
>  Study Suggestion Number 1: (DelBianco)  1) Gather data on WHOIS misuse from consumer protection bureaus and other entities who maintain data on misuse incidents reported by registrants and 2) survey a random sample of registrants in each gTLD and selected ccTLDs.
>  Study Suggestion Number 14: (INTA)  Create a set of new email addresses, use half of them to register domain names, and monitor all for spam for 90 days to determine how much WHOIS information contributes to spam.
>  Study Suggestion Number 15: (INTA) Create a set of new email addresses, use them to register new domain names at registrars that allow and disallow port 43 WHOIS queries, and monitor all for spam to determine the extent to which port 43 WHOIS queries contribute to spam.
>  Study Suggestion Number 21: (Kleiman) Survey registrars and human rights organizations to determine how WHOIS is being used in ways that seem to have no bearing on the security and stability of the DNS.
>  
>  1 and 21 propose to survey registrars and other parties who may keep records of misuse incidents. 1 also proposes a survey of registrants. These proposed studies may shed some light on the extent and type of misuse of WHOIS data. However, it will be difficult to gather representative data as not all cases of abuse are reported. In addition, it is not always possible to confirm that misused data was obtained from WHOIS, as this information may be available form other sources. A registrant survey is likely to receive disproportionate responses from registrants who believe their WHOIS information has been abused. Nonetheless, the above studies may result in useful qualitative data about the nature of misuse and provide a rough quantitative estimate of the extent of misuse. Surveying those who already keep track of abuse incidents is likely to be a relatively low- cost approach. The registrant study is likely to be more expensive if done on a large scale, and seems less likely to result in useful data.
>  
>  14 and 15 focus specifically on spam and propose studies in which new email addresses are created and used to register domains to determine how much WHOIS information contributes to spam. 15 compares the amount of spam received as a result of registering a domain at registrars that allow and prohibit port 43 WHOIS queries. These studies should results in fairly accurate quantitative data. However, 14 is quite similar to the October 2007 SSAC study "Is the WHOIS service a source for email addresses for spammers?" and would not likely contribute new information. If port 43 queries are of interest from a policy perspective, study 15 should provide reliable data to inform that discussion.
>  
>  
>  
>  On 3/31/10 5:43 PM, "Steve DelBianco" <sdelbianco at netchoice.org> wrote:
>  
>  Mike & Zahid -- 
>  
>  You asked for some BC membership views on the Whois studies that will be discussed at your Council meeting tomorrow (1-Apr).  See below and attachment.   Hope this helps.
>  
>  Your agenda shows potential actions on Whois studies:
>  3.4.1 Review and assess cost and feasibility estimates for the studies
>  3.4.2 Decide whether to pursue any of the studies and, if so, which ones
>  3.4.3 Provide input into the FY11 budget process
>  3.5 How should we accomplish the above?
>  .    Should we form a drafting team to develop recommendations for consideration in our next meeting?
>  .    Note that a final budget has to be finished by 17 May and there are currently no funds budgeted for Whois Studies
>  
>  My recommendations:
>  
>  Let's proceed with the Misuse and Registrant Identification studies.  
>  
>  The Misuse and Registrant ID studies are likely to generate data that would affect policy decisions and compliance work.  These 2 studies are not going to stop the long-standing disagreements between passionate parties on either side, but that's not the point of doing studies.   Remember the debate over domain tasting?  Fact-based data on the number of deletes with the AGP were astounding, and helped us enact a policy change.  The data did not make everyone agree on whether domain tasting was harmful.  But facts showed a hugely prevalent use of AGP that was outside its original purpose, and that moved us to a new consensus policy.
>  
>  We'll certainly use study data when setting policy and compliance standards, especially with so many new TLD operators coming online next year.  
>  
>  Moreover, the Affirmation of Commitments (9.3.1) requires ICANN to "organize a review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust".  The Misuse and Registrant data studies will be essential for that review.
>  
>  We will also want to have these study results on hand so they can be compared with study results after new TLDs are operating for one year, as required by the Affirmation of Commitments item 9.3 
>  
>  
>  Let's go right to the core issue of Money.  Consider this discussion that happened during Council meeting in Nairobi:
>  Liz Gasster described some study proposals as "expensive" and then Stefane and Wolf commented on the costs and budget constraints.   
>  
>  I intervened to say that the lack of fact-based studies has itself been very expensive over several years of time & travel on the part of dozens of community members.   Those costs will continue unless/until we have facts at hand to make policy decisions.
>  
>  Marilyn made a similar point about need for fact-based analysis.    
>  
>  Bruce Tonkin recommended that Council budget a lump sum for studies, then decide how to spend it.  Don't budget each specific study, he said.
>  
>  I believe Bruce Tonkin is right.  Council should ask for a budget of $XXX,XXX in FY 2011 for a general category of Whois studies.   Since we need a budget number now, I'd say $360,000, to cover the misuse and registrant studies ($150K each) plus a 20% contingency.  
>  
>  Next steps: I would ask staff to begin negotiating with the two 'superior' bidders on detailed workplan for their studies.  Staff should start by asking bidders to review:
>  
>  The 4-Mar-2009 Council resolution on Whois studies, including the original rationale for each hypothesis, etc.   
>  
>  The Affirmation of Commitments, items 9.3 and 9.3.1
>  
>  Staff should also show the bidders any Whois-related items in the Draft Applicant Guidebook.
>  
>  Superior Bidders can then prepare detailed study workplans that policy staff can analyze and present to Council later this year. 
>  
>  
>  Note:  The Staff report (page 7) mentions the Whois Accuracy report, and asks whether "barriers to accuracy" provide useful insights to policy.  
>  
>  I would answer, "Accuracy is something we aspire to; whereas inaccuracy is a contract compliance problem."    
>  
>  Let's set high aspirations to require accurate Whois data for registrants, even if we know that lots of data is inaccurate today. After all, registrars manage to gather credit card information that's sufficiently accurate to ensure they get paid.   Let's find ways to ensure they apply the same diligence in collecting and validating public Whois data.
>  
>  (Note: Susan Kawaguchi of Facebook volunteered to draft BC comments on Whois Accuracy report.  Those aren't due until 15-Apr)   
>  
>  Whois Studies Reports and resources: 
>  https://st.icann.org/gnso-council/index.cgi?whois_discussion#
>  http://gnso.icann.org/issues/whois/whois-studies-report-for-gnso-23mar10-en.pdf
>  Presentation Slides: http://gnso.icann.org/correspondence/whois-studies-presentation-01apr10-en.pdf
>  
>  -- 
>  Steve DelBianco
>  Executive Director
>  NetChoice
>  http://www.NetChoice.org and http://blog.netchoice.org 
>  +1.202.420.7482
> 
> 
>  
>  
> This e-mail message and any attachments may contain confidential and/or privileged information intended only for the addressee. In the event this e-mail is sent to you in error, sender and sender’s company do not waive confidentiality or privilege, and waiver may not be assumed. Any dissemination, distribution or copying of, or action taken in reliance on, the contents of this e-mail by anyone other than the intended recipient is prohibited. If you have been sent this e-mail in error, please destroy all copies and notify sender at the above e-mail address.
>  
> Computer viruses can be transmitted by e-mail. You should check this e-mail message and any attachments for viruses. Sender and sender’s company accept no liability for any damage caused by any virus transmitted by this e-mail. Like other forms of communication, e-mail communications may be vulnerable to interception by unauthorized parties. If you do not wish to communicate by e-mail, please notify sender. In the absence of such notification, your consent is assumed. Sender will not take any additional security measures (such as encryption) unless specifically requested.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/bc-gnso/attachments/20100401/8d98e44a/attachment.html>


More information about the Bc-gnso mailing list