[gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean

Greg Aaron gca at icginc.com
Thu Dec 8 04:14:58 UTC 2016 

Regarding Rob's reasons against publishing thin data:
* "it's unnecessary to the functioning of the domain/internet."  This is not the razor to be used here.  A domain name can function if there's no RDS at all.  This WG would look foolish in the eyes of the world if it decided to abolish WHOIS and any successor RDSes.  Of course there are good reasons to have an RDS.  The question is what data should be published through it. 
* "the EWG said not to make it all freely available".   No, not correct.  The EWG said the thin data should be freely available, PLUS Registrant email address too.   See pages 46 and 133-134 of the EWG Final Report.  
* "it costs time/effort/money to collect, store, display etc."   Storing, transmitting, and publishing data is the core job of a registry; it is literally their reason for being.  (And registrars too, until .COM and .NET go thick.)    They build the cost of doing it into the prices they charge.  If one does not want to bear the costs of storing, transmitting, and publishing data, then one should avoid the registry business.  
* "it's a security risk."  Some argue that it is a security risk to publish certain kinds of personal data.  Is an RDS itself a security risk?   A bank is a security risk, but that does not mean we should not have banks.  We have good reasons to have banks, and they outweigh the risks.


****************

-----Original Message-----
From: Rob Golding [mailto:rob.golding at astutium.com] 
Sent: Wednesday, December 7, 2016 7:20 PM
To: Greg Aaron <gca at icginc.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean

On 2016-12-07 14:55, Greg Aaron wrote:
> Speaking of key concepts…  people often say "registration data" when 
> they really mean "contact data."

I find that what they really mean is generally "stuff I see on a whois lookup" which is all sorts of data
* data about registrar
* data about registration
* data about registrant
* data about registry
* data about regulator
* T&Cs
etc

> the THIN DATA.
> This data is factual

Sometimes

> accurate,

At a certain point-in-time, dependant on the source you are obtaining it from

> is not personally identifiable,

It could be possible to identify a person from the data, but it's not as straightforward as printing their name & address

> and I think is completely noncontroversial.

Several items in what you're grouping as "thin data" are definately controversial, and a regular cause of problems

> The second kind of registration data is CONTACT DATA

Yes

> In the coming discussions, one approach could be: There are good 
> reasons to publish the thin data … is there any compelling reason 
> _not_ to publish it?

Reasons not to ?
* it's unnecessary to the functioning of the domain/internet
* the EWG said not to make it all freely available
* select items shouldn't necessarily be mandated / public
* it costs time/effort/money to collect, store, display etc
* it's a security risk
and so on

There are good reasons for _some_ of what you refer to as thin data being available (registrar name for example) and other elements to authorised viewers on a need-to-know

Perhaps anon/open data access should be to the minimum elements necessary, with anything else being subject to knowing
* who they are
* what data they're authorised to see
* what exactly that data is going to be used for
* agreement to be slapped if they misuse or redistribute the data


> _"The EWG unanimously recommends abandoning today's WHOIS model of
> giving every user the same entirely anonymous public access to
> (often inaccurate) gTLD registration data.

100% behind that :)

> _While basic data would remain publicly available,

So ideally we just need to identify "basic data" which I'd suggest is
* domain name
* domain registrar

> the rest would be
> accessible only to accredited requestors who identify themselves,
> state their purpose, and agree to be held accountable for appropriate
> use."_

Yes, everything else comes under "why do you need to know"

Rob

More information about the gnso-rds-pdp-wg mailing list