[registrars] Revised draft for TF2

Paul Stahura stahura at enom.com
Tue Apr 13 18:27:43 UTC 2004 

1) Our GC informs me that publishing whois, even in bulk form, is not
flat-out illegal in the EU.  Providing bulk access does not require a court
order.  A court order is one means, but not the only means.  The data
subject can also consent (see next point).  No nations laws (at least that I
am aware of) prevent anyone from becoming a registrar in their jurisdiction.
The most stringent laws require informed consent.  Informed consent can be
given to individualized whois searches and to bulk access.  The basic
question is whether the data subject is informed of how the personal
information is going to be published, who will have access to it, how it
will be used, and what the known risks of disclosure are. 

2)  Consent.

	a)	Consent is the basic criteria, both in the EU and in many
other jurisdictions (even, to a lesser extent, in the US).  Registrants can
consent to having their personal information published in the whois. They do
have to be informed about what third parties are going to have access to the
data and what uses these third parties will put to the data (such as if the
third parties will be searching for TM violators or if the third parties are
known to sell the data further downstream).  Consent can be given to
individualized one-of WHOIS publications in response to specific searches.
Consent can also be given to the bulk publication of whois, provided the
bulk purchasers and their uses of the information are disclosed.  The
disclosure requirement is pretty steep, inasmuch as even known *risks* of
down-stream disclosure must be identified to achieve truly informed consent.


	b)	Consent can be obtained a priori, which, in the context of
domain name registration, mean that the ICANN required registration
agreement would include language requiring the registrant to consent to
disclosure of the personal information according to the whois and transfers
policies developed by ICANN.  This consent would link to the whois and
transfers policies, where a complete statement of the purposes, third party
access, and risks would be found.  This consent can even contractually
stipulate that the ICANN whois and transfers policies may change over time,
following ICANN's consensus procedures. 

	c) 	Consent can also be obtained after the fact, "ex post
facto."  Ex post facto consent is *almost* workable in the transfers
context.  The non-EU gaining registrar would have to include the consent
language in the transfer authorization process and in the transfer consent
email. Not an inconsiderable burden, but also not totally out of the
question.  However, after-the-fact consent would certainly not satisfy the
IP community's desire for whois information.  The IP community has no
convenient means through which it can obtain individualized ex post facto
consent. 

An ex post facto approach to obtaining consent may be an acceptable burden
to registrars in the context of transfers.  In this case, simply leave the
IP community to figure out and lobby for an a priori
ICANN-registration-agreement approach. And even then some registrars will be
playing by different rules outside the context of transfers. However, it is
unlikely that the IP community is asleep at the switch, in which case
registrars just might as well accept and work with an a priori
ICANN-registration-agreement approach to this issue.

Bottom line, eNom advocates before-hand consent because it is fairer across
registrars. ICANN should require registrars to get consent from registrants
to disclose the whois information according to the whois and transfer
policies established by ICANN from time to time.  Make that a "must have" in
the registration agreement. I really doubt if a requirement to get consent
would be illegal in any jurisdiction on the planet, therefore no registrar
would be in violation of their agreement with ICANN.  


-----Original Message-----
From: owner-registrars at gnso.icann.org
[mailto:owner-registrars at gnso.icann.org] On Behalf Of Ross Wm. Rader
Sent: Tuesday, April 13, 2004 9:31 AM
To: Rob Hall
Cc: registrars at dnso.org
Subject: Re: [registrars] Revised draft for TF2

On 4/13/2004 10:02 AM Rob Hall noted that:

Rob, inline...

> Can you tell me on what basis you say buk whois is 100% illegal in Europe
?
> 
> My understanding of your privacy laws is that you must inform the user of
> how their information will be disseminated.  Is it not true that if you
tell
> the user that you will publish their information, and give it to whoever
> applies under your bulk whois contract, that you are covered legally ?
> 
> You have informed the user of how their information is to be used, and
> distributed. It is then the users choice to continue given that they now
> know the playing field.
> 

Is your issue with the registrar constituency advocating that the bulk 
whois provisions in the contract be eliminated or the logic that 
Thomas has used to justify that position?


> You also make a statement that seems to unlink whois and transfers.  But
> they are in fact directly linked.
>

I didn't draw this same conclusion - which passage are you referring to?


> I also believe that one of the primary reasons we have a distributed whois
> for com/net is to promote competition, not lessen it.  I am at a loss as
to
> how making whois information available to the public hurts competition.  I
> believe just the opposite occurs.

I think Thomas is saying that having two standards in place (i.e. one 
based in ICANN policy and the other based in local legislation) will 
create "forum shopping". Not sure if competition is especially germane 
to this particular point.

> 
> I believe that if you unilaterally break your ICANN contract for any
reason,
> you should face enforement and penalties.  If a big european telco broke
> their ICANN contract by not providing whois anymore, I suspect they would
be
> found in breach, and no longer have a contract.  Exactly as would any
> non-european registrar who broke their contract.
> 

The key here is for the GNSO to develop policy that can be applied 
equally across all relevant jurisdictions. The current policy 
regarding Whois plays extremely close to this line - many of the 
proposals completely cross it. Any proposal that can't be implemented 
by registrars because of legal considerations needs to be discarded to 
avoid the conditions you are concerned about.

-- 


                        -rwr








                 "Don't be too timid and squeamish about your actions.
                                            All life is an experiment.
                             The more experiments you make the better."
						- Ralph Waldo Emerson

Got Blog? http://www.blogware.com
My Blogware: http://www.byte.org

More information about the registrars mailing list