[registrars] Draft for TF2

[Paul Stahura]

Rob's point is well taken.  The EU privacy restrictions do prohibit
transmitting personal identification information to any country which does
not have privacy laws at least as protective as those of the EU.  The US is
on the list of countries which do not have adequate privacy laws. European
registrars, right now, could shut down WHOIS and transfers on this basis.
I'm a little surprised that no one has made this claim yet, or is
transmitting the information for purposes of transfer somehow not a
violation?

Since we are probably all forming European establishments to take advantage
of the lowest VAT tax rate (in Madera), then in thinking about it, I guess
thin-registry transfers from EU registrars will just have to be to these EU
establishments.

This doesn't speak to Barbados.  Will all domain name registrars migrate to
or become mired in the country with the strictest privacy rules?

If the statement stays in, would EU registrars, for example, be allowed to
not transmit the whois data to thick registries located in the US, while the
rest of us have to?

One solution Rob suggests (if there is a conflict between local law and
ICANN contract) is for the registrar to move its location to one where it
can comply with its ICANN contract (if the local law is in contradiction),
but another solution may be something like "all for one and one for all". 

For example
"If one Registrar is in breach with its ICANN contract due to local
jurisdiction regarding the collection, display and distribution of personal
data, then all registrars are able to cure the breach the same way that one
registrar does"  or some kind of lowest-common-denominator language which
allows us all to have the same contract with ICANN.

I agree with Rob, we all need to be bound by the same ICANN contract
provisions no matter what country you are located in.




-----Original Message-----
From: owner-registrars at gnso.icann.org
[mailto:owner-registrars at gnso.icann.org] On Behalf Of Rob Hall
Sent: Thursday, April 08, 2004 3:53 PM
To: Registrars Mail List
Subject: RE: [registrars] Draft for TF2

Thomas et al.

I note that the TF2 report has the following statement:

"No Registrar should be forced to be in breach with its  local jurisdiction
regarding the collection, display and distribution of personal data to be
able to provide ICANN approved domain registrations regardless whether the
WHOIS service is provided by themselves or another party. "


I am very concerned with this statement.  While I know my position may be
unpopular, I believe it critical to the Registrar Industry.

All ICANN Registrars were created equally and must be treated equally.  Our
contract with ICANN actually speaks to this equality, and I believe it must
be maintained.

The above statement would seem to imply that all Registrars must not behave
in the same fashion, and that therefore ICANN should not treat them equally.

While I sympathize with Registrars who's governments may pass legislation
making it difficult for them to adhere to their contractual requirements, I
don't believe that the answer is for ICANN to simply ignore, nor just not
enforce, those provisions.   Rather, I believe that if our government is
about to put into place legislation that makes it impossible for us to be a
Registrar, it is incumbent on us to educate them as to the ramifications of
their actions.  If a government were to put into place legislation that
prevented a Registrar from complying with their ICANN contract, then I
believe the Registrar has at least 2 choices:  Move to a different
jurisdiction, or stop being a Registrar.

But to say that a Registrar should not have to comply with provisions of a
contract they voluntarily entered into simply because their local
jurisdiction prohibits it, is wrong.

I won't even begin to speak to how many people (Registrars included) have
interpreted current privacy laws in ways that benefit their business case,
but are not quite factual.  Most privacy legislation I have seen attempts to
ensure that data providers are informed of how their data will be used.  It
is then their choice as to whether they purchase the domain or not, given
that they now are aware of how the information will be used.

Take for example, NameScout, which is incorporated in the Barbados.  Is it
really fair for NameScout to claim that because we are in the Barbados that
there is a local law that says I can not publish ANY whois information, nor
can I allow any domain transfers to another Registrar.  As the only domain
Registrar in the Barbados, should we lobby for a local law that totally
contradicts our contractual ICANN obligations, and then be able to stand up
and say "sorry, but we can't comply with those obligations, and you can't
make us)".

In fact, I suspect we would immediately see some forum (read Country)
shopping to base Registrars in.

While I am all for attempting to find rules for whois that currently meet
all countries privacy rules, these rules tend to be very dynamic, and I fear
that much effort will be spent and will be quickly outdated (if a common
position can even be found).  Our efforts need to focus on fixing what is
broken within the Whois service.  If that can be done with privacy rules in
mind, so much the better.  If the new solution violates some jurisdictions
new privacy laws, then perhaps we are better with the status quo (although I
doubt it). Either that, or we move ahead with the new solution, without any
exemption for local laws.

I understand the frustration with local laws that may hamstring our
businesses. But we must take care not to simply open loopholes that create
contractual inequities between Registrars simply because of their location.
Like it or not, ICANN is a California corporation that we voluntarily choose
to contract with. We are a Registrar solely by virtue of this contract.
Without it, we are not an ICANN Registrar.

Rob.