[gnso-rds-pdp-purpose] Purpose of registration data: Whois Review Team never assessed

Mon Apr 4 21:35:23 UTC 2016

I question the need for and appropriateness of dividing purposes into
"primary" and "secondary" purposes.  I think it is premature, at best, to
create a hierarchy or taxonomy of purposes.

Going back through the emails where this has been proposed, this appears to
be tied to a clear tendency towards, if not an explicit goal of,
de-emphasizing and ultimately de-legitimizing certain purposes categorized
as secondary.  Furthermore, this categorization seems intertwined with the
type of user, and a tendency to de-emphasize and de-legitimize certain
users.  I think these are both dangerous tendencies, particularly at this
point in our work.

We may well have discussions about those concepts (indeed, we almost
certainly will), but baking them into our methodology will only prejudice,
and ultimately de-legitimize, the work of this Working Group.  At this
point in the process, where we are collecting data, we really need to avoid
characterizing purposes or uses.

Greg

[image: http://hilweb1/images/signature.jpg]

*Gregory S. Shatan | Partner*McCARTER & ENGLISH, LLP

245 Park Avenue, 27th Floor | New York, New York 10167
T: 212-609-6873
F: 212-416-7613
gshatan @mccarter.com | www.mccarter.com

BOSTON | HARTFORD | STAMFORD | NEW YORK | NEWARK
EAST BRUNSWICK | PHILADELPHIA  | WILMINGTON | WASHINGTON, DC

On Sun, Apr 3, 2016 at 11:50 PM, Kathy Kleiman via gnso-rds-pdp-purpose <
gnso-rds-pdp-purpose at icann.org> wrote:

> Hi Maryan and All,
> Tx you for your analysis, and I would like to provide some additional
> background on the Whois Review Team Final Report.  The Whois Review Team was *expressly
> barred **from looking at the purpose of the Whois system*. It was allowed
> to look only at ICANN's "existing policy relating to WHOIS" per the
> Affirmation of Commitments signed between US Department of Commerce and
> ICANN in 2009.
>
> Even within that scope, the Whois Review Team recommended protection of
> privacy for commercial companies, noncommercial organizations and
> individials (finding that each shared with us legal and legitimate reasons
> for privacy including as-yet-unannounced mergers, new movie names,
> unpopular religious, ethnic and policy views, etc). The Whois Review Team
> further advised ICANN to work towards a standard of contactability -
> reaching the registrant by some means rather than all means - which we
> wrote as: "ICANN should take appropriate measures to reduce the number of
> WHOIS registrations that fall into the accuracy groups Substantial Failure
> and Full Failure (as defined by the NORC Data Accuracy Study, 2009/10..."
> p. 87.
>
> This history means that our RDS Working Group remains the only group I
> know -- since the 1980s -- to look at domain name registration data anew
> and ask the key questions:
> 1. What is the primary purpose for which domain name registration data is
> collected, and
> 2. To what secondary purposes (such as directories) may this data be used
> and pursuant to what requirements of law?
>
> We are creating a new process/system and it falls to us to determine
> Purpose.
>
> Best,
> Kathy (Kleiman)
> Formerly, Vice-Chair of the Whois Review Team.
>
>
> On 4/2/2016 4:31 AM, Maryan Rizinski via gnso-rds-pdp-purpose wrote:
>
> Hi All,
>
> I hope that you are all having a great week so far!
>
> I spent some time reviewing the WHOIS Policy Review Team's Final Report
> from May 2012 with the goal of extracting relevant information regarding
> the purpose of registration data. This has been a challenging task because
> of two reasons:
>
>
>    1. There is a lack of clearly defined purpose for collecting
>    registration data within the existing WHOIS system (it is not surprising
>    that the SSAC's report SAC055 is entitled "Blind Men and An Elephant")
>    2. Significant emphasis is given on topics such as compliance, data
>    accuracy and data access which all seem to share an intangible common
>    underlying (or over-arching) purpose/principle
>
>
> I have the impression that the purpose implicitly evolves around the
> concept of achieving and ensuring "trust" - a term that is used a number of
> times throughout the document.
>
> Many, if not all, stakeholders involved with or affected by WHOIS, may be
> interested in achieving and ensuring trust in the online environment (which
> may in turn represent a reasonable basis for achieving consensus regarding
> purpose), but as Chuck said, at this point we should restrain from
> deliberating on that topic even though it may look like a tempting starting
> point for discussing the fundamental question:
>
> *What should the over-arching purpose be of collecting, maintaining, and
> providing access to gTLD registration data?*
>
>
> In this context, I compiled some relevant excerpts from the final report
> regarding trust that we may want to consider when preparing our concise
> summary. The excerpts are given as follows (some parts are highlighted for
> improved readability and navigation throughout the excerpts):
>
> *"The WHOIS Review Team’s scope, guided by the Affirmation of Commitments
> was to review the extent to which ICANN’s WHOIS policy and its
> implementation are effective, meet the legitimate needs of law enforcement
> and promote consumer trust." (page 6)*
>
> *"Part of the WHOIS Review Team’s scope was to evaluate the extent to
> which ICANN’s current WHOIS policy and implementation “promotes consumer
> trust”... This found that drivers of consumer trust include knowing the
> entity with whom they are dealing, and being able to find reliable contact
> information." (page 9)*
>
>
> *"...the current implementation of WHOIS services does not help to build
> consumer trust, and more could be done to raise awareness of the service,
> and to improve its user-friendliness." (page 10)*
>
> *"The low level of accurate WHOIS data is unacceptable, and decreases
> consumer trust in WHOIS..." (page 12)*
>
> *"ICANN will organize a review of WHOIS policy and its implementation to
> assess the extent to which WHOIS policy is effective and its implementation
> meets the legitimate needs of law enforcement and promotes consumer trust."
> (page 20)*
>
> *"The Review Team found the definition of Consumer Trust, something the
> ICANN Community is also exploring in the context of its policy-making
> processes, to be particularly challenging. Consumer Trust can be narrowly
> construed to mean the level of trust Internet users have in available WHOIS
> data; or more broadly as the level of trust consumers have in Internet
> information and transactions in general." (page 23)*
>
> *"Thus, lack of support of non-ASCII characters introduces an additional
> barrier for non-ASCII users to provide accurate and consistent domain name
> registration data. This has implications for their tractability for law
> enforcement and associated organizations. Further, many people attach some
> pride and fondness to the correct representation of their name and other
> data. While this is not a purely technical or administrative requirement,
> it is relevant in the context of Consumer Trust." (page 46-47)*
>
> *"The Review Team was clearly told in written and oral comments that
> inaccurate WHOIS data can also significantly impact consumer trust and
> confidence in the Internet." (page 51)*
>
> *"Consumers engaged in online purchases, in our Consumer Research Study
> agreed: findings showed that factors which positively supported consumer
> trust included knowing the company with whom they were dealing with, and
> being able to verify their contact details online." (page 51)*
>
> *"A significant number of public responses to the WHOIS discussion paper,
> and input from law enforcement agencies via the review team’s targeted
> questionnaire, argued that privacy and proxy services undermine the
> effectiveness of the WHOIS service, both in terms of its ability to meet
> the legitimate needs of law enforcement and to promote consumer trust."
> (page 61)*
>
> *"The GAC WHOIS Principles similarly note that WHOIS data can contribute:
> to user confidence in the Internet ... by helping users identify persons or
> entities responsible for content and services online" (page 67)*
>
> *"Part of the WHOIS Review Team’s scope was to evaluate the extent to
> which ICANN’s current WHOIS policy and implementation “promotes consumer
> trust”. Having struggled with what “consumer” means in the context of
> WHOIS, and aware of the Affirmation of Commitments’ observation that there
> are key stakeholders who do not engage in the ICANN environment, the WHOIS
> Review Team commissioned consumer research. This found that drivers of
> consumer trust include knowing the entity with whom they are dealing, and
> being able to find reliable contact information. The vast majority of
> consumers were unaware of the existence of the WHOIS service, and many
> struggled to understand the format of WHOIS outputs. This led us to
> conclude that the current implementation of WHOIS services does not help to
> build consumer trust, and more could be done to raise awareness of the
> service, and to improve its user-friendliness." (page 84)*
>
>
> I hope that this input would be helpful for our small team and I am
> looking forward to working with all of you.
>
> Best regards,
>
> Maryan
>
>
>
>
>
> _______________________________________________
> gnso-rds-pdp-purpose mailing listgnso-rds-pdp-purpose at icann.orghttps://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>
>
>
> _______________________________________________
> gnso-rds-pdp-purpose mailing list
> gnso-rds-pdp-purpose at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160404/09bdac40/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6549 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-purpose/attachments/20160404/09bdac40/image001-0001.jpg>