[gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean

Gomes, Chuck cgomes at verisign.com
Wed Dec 7 21:33:59 UTC 2016 

Thanks Mike.  I am glad to see this discussion going on in advance of considering the first users/purposes question: "Should gTLD registration data be accessible for any purpose or only for specific purposes?"



Chuck



From: Michael D. Palage [mailto:michael at palage.com]
Sent: Wednesday, December 07, 2016 4:13 PM
To: Gomes, Chuck <cgomes at verisign.com>; gca at icginc.com; gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] RE: [gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean



Chuck,



I appreciate Greg's historical context of Whois data primarily being for purposes of "contacting" the registrant of a domain name using those data fields with personally identifying information. However, I think introducing/relying upon the concept of "CONTACT DATA" as proposed by Greg while well intentioned will only lead to greater confusion.



First Greg acknowledges that not ALL data other than the thin technical data falls within his CONTACT DATA definition (trademark, nexus, reseller, etc). So we begin today with a model that is less than 100% inclusive and will likely become less inclusive as more innovative uses of the RDS and Whois data are created.



Second, the use of this terminology ignores the reality in the marketplace that Registrant data is widely relied upon to make legal determinations (i.e. ownership, authority to transfer a domain name, infringement, etc.).  When law enforcement is trying to shut down a counterfeit operation, they are not looking to use this data to 'contact" the registrant, but instead 'arrest" him/her.



I understand how the term "contact data" provides a certain comfort level to Stephanie and the valid concerns she has.  However, as someone that is involved in making legal determinations regarding the ownership rights (property/service contract) concerning domain name registrations on a regular basis, this  concept of "Contact Data" will just lead to a lot of confusion.



The whole legal construct (private contractual rights) upon which the domain name system is based recognizes the Registrant and the Registrant Data that it provides. In fact ICANN's Whois web page makes the following statement: "ICANN's WHOIS Lookup gives you the ability to lookup any generic domains, such as "icann.org" to find out the registered domain owner." (emphasis added)  Again this data by ICANN's own admission is relied upon to make "ownership" decisions NOT mere "contact" information.



So I think we stick to one of the first things I learned as a young engineer. Keep It Simple Stupid (KISS)



Thin Data - the minimum technical data necessary for a registry to perform its function as a registry operator in a shared registry system.



Thick Data - All data associated with a domain name registration made available via Whois/RDS, which may include Personal Identifying Information (PII)



Again I appreciate the constructive efforts of Greg, Stephanie and others, but I just do not see this concept scaling meaningfully.



Best regards,



Michael











From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Gomes, Chuck
Sent: Wednesday, December 7, 2016 10:20 AM
To: gca at icginc.com<mailto:gca at icginc.com>; gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean



Thanks Greg for the helpful suggestion.  I have one question for you and others: If we exclude THIN DATA, is there any data we will need to consider that could not be accurately classified as CONTACT DATA.  If not, then dividing data into these two categories should suffice.



Chuck



From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Greg Aaron
Sent: Wednesday, December 07, 2016 9:55 AM
To: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] [gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean



Speaking of key concepts...  people often say "registration data" when they really mean "contact data."   Being plain and specific here can help discussion in our group.  The concept will come up in next week's discussion.



There are basically two kinds of "registration data".  The first is called the THIN DATA.  This is the basic data about a domain name registration: the domain name, the sponsoring registrar name and ID, the domain's status(es) , created-updated-expiration dates, and nameservers.  (https://whois.icann.org/en/what-are-thick-and-thin-entries )  This data is factual, accurate, is not personally identifiable, and I think is completely noncontroversial.



The second kind of registration data is CONTACT DATA - contact names, postal and email addresses, phone numbers.   Contact data raises issues of privacy and data protection.  Contact data can be (and regularly is)  inaccurate because it's ultimately supplied by the registrants.  When people talk about "registration data accuracy" and "registration data validation" they are really talking about the accuracy of CONTACT DATA, not all "registration data."



In the coming discussions, one approach could be: There are good reasons to publish the thin data ... is there any compelling reason not to publish it?   If we can take care of this low-hanging fruit, we will solve part of the puzzle and we can concentrate on the issues around contact data.  This is not a proposal to publish thin data only.  It's an attempt to disentangle concepts and find a way forward.  Not all data is the same, so let's stop treating all data the same.  We may not have to iterate repeatedly about thin data.



Even the EWG's language wasn't always clear and specific in this area. Here's the question we will begin with next week:



Should gTLD registration data be accessible for any purpose or only for specific purposes?

"The EWG unanimously recommends abandoning today's WHOIS model of giving every user the same entirely anonymous public access to (often inaccurate) gTLD registration data. Instead, the EWG recommends a paradigm shift to a next-generation RDS that collects, validates and discloses gTLD registration data for permissible purposes only.

While basic data would remain publicly available, the rest would be accessible only to accredited requestors who identify themselves, state their purpose, and agree to be held accountable for appropriate use."



What the EWG really meant was:

******** Give public, anonymous access to the THIN data.  ("Basic data" as the EWG called it.)

******** Don't give every user the same anonymous public access to ("often inaccurate") gTLD CONTACT DATA.

******** Shift to an RDS that collects, validates and discloses gTLD CONTACT DATA for permissible purposes only.



All best,

--Greg







**********************************

Greg Aaron

Vice-President, Product Management

iThreat Cyber Group / Cybertoolbelt.com

mobile: +1.215.858.2257

**********************************

The information contained in this message is privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20161207/ae2ac01e/attachment.html>

More information about the gnso-rds-pdp-wg mailing list