[council] WHOIS area 1 terms of reference

Bruce Tonkin Bruce.Tonkin at melbourneit.com.au
Wed Oct 22 09:49:19 UTC 2003


For consideration at the Council meeting on 29 Oct 2003.  Note the text
assumes that the area will be treated within a separate task force.
The Council may decide to combine the three areas into a single task
force.

Regards,
Bruce
 

Title: Restricting access to WHOIS data for marketing purposes

Participants:
- 1 representative from each constituency
- ALAC liaison
- GAC liaison
- ccNSO liaison
- SECSAC liaison
- liaisons from other GNSO WHOIS task forces

Description of Task Force:
==========================

In the recent policy recommendations relating to WHOIS:
(see http://www.icann.org/gnso/whois-tf/report-19feb03.htm)
it was decided that the use of bulk access WHOIS data for marketing
should not be permitted.  However, these recommendations did not
directly address the issue of marketing uses of Whois data obtained
through either of the other contractually required means of access: Port
43 and web-based. Bulk access under license may be only a minor
contributor to the perceived problem of use of Whois data for marketing
purposes. A subset of a registrar's Whois database that is sufficiently
large for data mining purposes may be obtained through other means, such
as a combination of using free zonefile access (via signing a registry
zonefile access agreement - the number of these in existence approaches
1000 per major registry) to obtain a list of domains, and then using
anonymous (public) access to either port-43 or interactive web pages to
retrieve large volumes of contact information. Once the information is
initially obtained it can be kept up-to-date by detecting changes in the
zonefile, and only retrieving information
related to the changed records.   This process is often described as
"data mining".  The net effect is that large numbers of Whois records
are easily available for marketing purposes, and generally on an
anonymous basis (the holders of this information are unknown).

The purpose of this task force is to determine what contractual changes
(if any) are required to allow registrars to protect domain name holder
data from data mining for the purposes of marketing  The focus is on the
technological means that may be applied to achieve these objectives and
whether any contractual changes are needed to accommodate them.  

In-scope
========
The purpose of this section to clarify the issues should be considered
in proposing any policy changes.

The task force should consider the effects of any proposed policy
changes on the ability of groups such as law enforcement, intellectual
property, internet service providers, and consumers to continue to
retrieve information necessary to perform their functions.

The task force should consider the effects of any proposed policy
changes on the competitive provision of domain name services including
WHOIS access and transfers, and on the competitive provision of
value-added services using WHOIS information.


Out-of-scope
============
To ensure that the task force remains narrowly focussed to ensure that
its goal is reasonably achievable and within a reasonable time frame, it
is necessary to be clear on what is not in scope for the task force.

The task force should not aim to specify a technical solution.  This is
the role of registries and registrars in a competitive market, and the
role of technical standardisation bodies such as the IETF.  Note the
IETF presently has a working group called CRISP to develop an improved
protocol that should be capable of implementing the policy outcomes of
this task force. However, the task force should seek to achieve an
understanding of the various technological means that could be applied
to prevent or inhibit data mining with an eye toward evaluating their
impact on other uses and their compatibility with the currently
applicable contracts.


The task force should not review the current bulk access agreement
Provisions, except to the extent that these can be improved to enhance
protection against marketing uses and to facilitate other uses.   These
were
the subject of a recent update in policy in March 2003.

The task force should not study the amount of data available for public
(anonymous) access for single queries.  Any changes to the data
collected or made available will be the subject of a separate policy
development process.

Tasks/Milestones
================

- collect requirements (e.g., volume, frequency, format of query
results) from non-marketing users of contact information (this could be
extracted from the Montreal workshop and also by GNSO constituencies,
and should also include accessibility requirements (e.g based on W3C
standards) [milestone  1 date]
- review general approaches to prevent automated electronic data mining
and ensure that the requirements for access are met (including
accessibility requirements for those that may for example be visually
impaired)
[milestone 2 date]
- determine whether any changes are required in the contracts to allow
the approaches to be used above   (for example the contracts require the
use of the port-43 WHOIS protocol and this may not support approaches to
prevent data mining) [milestone 3 date]

Each milestone should be subject to development internally by the task
force, along with appropriate public comment processes (e.g seeking
specific advice from the technical community, or from WHOIS service
operators)  to ensure that as much input as possible is taken into
account.



More information about the council mailing list