[council] Second reply to the American Intellectual Property Law Association

[Bruce Tonkin]

-----Original Message-----
From: Bruce Tonkin 
Sent: Thursday, 22 June 2006 8:00 AM

Subject: RE: Regarding response from American Intellectual Property Law
Association

Hello Mike,

Thanks for your quick reply.


YOU STATE:

In the Final task force report on the purpose of WHOIS and of the WHOIS
contacts dated March 15, 2006, it is stated that "Task 1 of the task
force terms of reference requires the WHOIS Task Force to define the
purpose of WHOIS. Defining the purpose is important as it will guide
work on the other work items in the terms of reference. 


RESPONSE:

Agreed.  Defining a purpose is always a good start when studying a
system.  However given that the formulations are very similar, and that
not all members of the task force or the Council could agree on a single
definition, it seems sensible to proceed to see where formulation 1 will
take us with respect to the further work.   The impact of formulation 1
can then be seen in the context of any recommendations with respect to
changing access to data.   If the recommendations do not get broad
support, then that would seem the best time to revisit whether the
definition of purpose is wrong.   I recommend that the work product be
viewed as a whole, rather than focussing further energy on the topic of
purpose (many months have already been spent on this debate).


With respect to the formulations, lets consider the actual differences.
They only differ in the last few words, ie

Formulation 1:
"issues related to the configuration of the records associated with the
domain name within a DNS nameserver.

Formulation 2:
"can resolve, technical, legal or other issues related to the
registration or use of a domain name."

With respect to "issues" the two formulations are equivalent.
Formulation 2 explicitly lists technical and legal as categories of
issues, but by comparison formulation 1 has no limitations on the types
of issues.   In some ways formulation 1 could be seen as a wider
definition, as it makes not attempt to name any particular issues.


Taking the next point of difference:

Formulation 1:
"related to the configuration of the records associated with the domain
name within a DNS nameserver"

Formulation 2:
"related to the registration or use of a domain name"

The difference here is far more subtle.     For a domain name to be
actively used for intellectual property infringement - by that I mean
that using the domain name as an identifier to reach an Internet
location that may have offending content, or using a domain name in an
email address for the purposes of receiving responses to some sort of
fraud etc - requires a particular configuration of the records in a DNS
nameserver.  Formulation 2 is in some ways narrower, as it refers to
registration, but does not refer to subsequent configuration of DNS
records.  Note these DNS records are typically configured via an NS
(nameserver) record in the gTLD zonefile, as well as DNS records in the
nameserver computer (which can be operated by individuals ,
organisations, ISPs, etc).   Thus formulation 1 would seem to cover all
the possible scenarios where a domain name is actively involved in any
intellectual property issues, and is perhaps the more general of the two
definitions.    

Formulation 2 uses the term "use of a domain name".   This is a less
precise term than used in formulation 1.   In this context who is the
"user"? - the registrant or other Internet users.   I have seen domain
names used by Internet users in the same way as any other word, symbol,
or trademark  to deliberately confuse an Internet user.  This is
commonly done in two ways: 

(1) the domain name is part of a faked "From" address in an email (the
domain name is not intended to be used for return email, it is purely a
word intended to mislead) usually without any involvement of the domain
name registrant or the operators of the nameservers for that domain
name. 

(2) as part of the content of an email or the contents of a website,
where the domain name appears again as a word or image as part of a
hyperlink.   An Internet user clicks on the hyperlink (effectively just
a symbol) and gets directed to an Internet location completed unrelated
to the domain name.

In the cases above the domain name itself is misused in the same way as
any trademark may be misused.  In this case the domain name registrant
along with the operators of the related DNS nameservers is the victim.

So the term "use of a domain name" can have meanings outside of the
mission of ICANN.

I think the reason for such debate over the two formulation is more
related to different language used in the technical versus the
intellectual property community.

If we focus on the more complex problem of improving WHOIS, it may well
be that the differences in the two formulations are not material.
Ultimately the wording of the purpose could certainly be improved to use
language that everyone clearly understands.


YOU STATE:

While it is technically correct to state as you do that "that there are
no changes in collected data, nor in the requirement for that data to be
accurate," basing the further work of the task force on the narrow
definition of the purpose of WHOIS in Formulation 1 will almost
inevitably lead to recommendations that the data collected and the
access provided to that data be more limited than is currently the case.



RESPONSE:

Any changes to data collected is out of scope for this particular policy
development.   There seems to be a mis-conception that the data is only
collected so it can be displayed publicly by the WHOIS service.  This is
not the case, there are a range of operational reasons why the data will
continue to be collected along with other data (such as credit cards,
incoming IP addresses etc).   Stating a  purpose of the WHOIS service
does not directly impact what data is collected.

I do agree that access may be more limited than is currently the case,
however this could result from either of the two formulations.   It is
important to distinguish access to data by the general public, from
access to data by entities that have a specific need.    For example
registrars collect credit card information from registrants which is not
made public, and provide this to law enforcement agencies for legitimate
purposes through well established processes.   The terms of reference of
the task force note that if any data is removed from general public
access, that the task force must also specify how that data will be
accessed by those with a legitimate need.

I hope that your association will continue to be involved in the more
challenging work ahead.



Regards
Bruce Tonkin