[registrars] Revised draft for TF2
Thomas Keller
tom at schlund.de
Wed Apr 14 08:44:57 UTC 2004
Am 13.04.2004 schrieb Elana Broitman:
> I believe that for this document we should not get into further requirements for disclosure to registrant. As several have pointed out, it is already in the RAA and is not germane to being able to provide input to the TF, which is the primary goal.
>
> I also support the idea of softening the language regarding bulk whois. There is legal opinion on both sides of the question of its legality. It is best posed as an issue of concern to registrars because of the legal interpretation provided by authorities such as George. After all, this is simply a registrar statement of input to the TF. Our reasoning behind can fairly raise issues, rather than state conclusions that some will debate.
let me be very straight forward on this,I don't see why we should soften the
language regarding this point. If you have read the IPC statement for TF2 you will
see that they even demand more than the they currently get out of whois. This is not only unreasonable but even ignores all the factfinding and data collection that
has been done over the last month. One part that came out of this data collection
efford is the statement of a EU offical in regard to bulk whois. If we disregard
this offical statement as a legal opinion the question I would like to ask is what
do we considere as fact if not an offical statement. I once again want to remind
you of what George has said on his last presentation and has been the offical EU
statement in all responses to whois over the last years.
Slide 11
Bulkwhois
No, this is a disproportionate privacy infringing step; unless a
very convincing, specific case may be made which has to be followed
by due process.
Since this document will be the starting point for a discussion we should start
out with what we want to get and why we think it is necessary this way and not
a soft version. The people opposing the deletion of the Bulkwhois obligation want
like it either way.
By the way the only other opinions I'm aware of is the one of US IP attorneys which
hardly have the offical character as Georgs presentation.
> Tom - I don't understand the intent behind the statement about IETF, "The term standard in this case is not only referring to the data fields that must be displayed if there is no contradicting local legislation but also to the format such data fields must have if they exist. Having said this it must be mentioned that the way the format is defined should not be part of an ICANN process but be left to the technical involved parties or technical standardization bodies like IETF." IETF does not like to involve itself in policy decisions and it seems to me that some of the format decisions involve policy?
I don't view the standardisation of once decided upon fields as policy.
For example if we would decide through the PDP that whois in tier 1 must
have the fields Name and Country it should be left to a standard body or
involved parties like Registrars to determine how the format i.e. XML
to display these fields in a uniform fashion should look like. In other
words once we made the policy the technical implementation should not
be done by a PDP.
I hope that helped
>
> Also please see 3.6 - I think you meant to say email address of "admin contact" not registrant.
Yes, your right. I will correct it.
>
> thanks for the hard work Tom!
>
> Elana Broitman
> Register.com
> 575 Eighth Avenue
> New York, NY 10018
> Phone (212) 798-9215
> > EFax (800) 886-2716
> Fax (212) 629-9309
> ebroitman at register.com
>
>
> -----Original Message-----
> From: owner-registrars at gnso.icann.org
> [mailto:owner-registrars at gnso.icann.org]On Behalf Of Cute, Brian A.
> Sent: Tuesday, April 13, 2004 4:57 PM
> To: Paul Stahura; Tim Ruiz; ross at tucows.com; Rob Hall
> Cc: registrars at dnso.org
> Subject: RE: [registrars] Revised draft for TF2
>
>
> An additional thought, also look at slide # 12 which states unequivocally that multicriteria searching is unacceptable. This is the use often cited by current users of bulk whois, isn't it?
>
> -----Original Message-----
> From: owner-registrars at gnso.icann.org
> [mailto:owner-registrars at gnso.icann.org]On Behalf Of Paul Stahura
> Sent: Tuesday, April 13, 2004 4:31 PM
> To: 'Tim Ruiz'; Ross Rader; 'Rob Hall'
> Cc: registrars at dnso.org
> Subject: RE: [registrars] Revised draft for TF2
>
>
> Yes, the framework is there. We suggest that needs to be fleshed out more.
>
> Registrars may need to spell out, for example 1) who the specific recipients
> are (this can be categories but they need to be very well fleshed out and
> would probably depending on what comes out of this whois process. They do
> not need the exact recipient, according to eNom's interpretation of the EU
> laws), 2) that the recipients and data collection is subject to ICANN's
> whois and transfer policies (including a link to these policies) and subject
> to change, 3) known disclosure risks 4) how the recipients use the data
> etc..
>
> Paul
>
> -----Original Message-----
> From: Tim Ruiz [mailto:tim at godaddy.com]
> Sent: Tuesday, April 13, 2004 1:08 PM
> To: 'Paul Stahura'; ross at tucows.com; 'Rob Hall'
> Cc: registrars at dnso.org
> Subject: RE: [registrars] Revised draft for TF2
>
> Paul,
>
> Don't sections 3.7.7.4 through 3.7.7.8 of the RAA already require what you
> suggest regarding consent?
>
> Tim
>
>
> -----Original Message-----
> From: owner-registrars at gnso.icann.org
> [mailto:owner-registrars at gnso.icann.org] On Behalf Of Paul Stahura
> Sent: Tuesday, April 13, 2004 12:28 PM
> To: 'ross at tucows.com'; Rob Hall
> Cc: registrars at dnso.org
> Subject: RE: [registrars] Revised draft for TF2
>
>
> 1) Our GC informs me that publishing whois, even in bulk form, is not
> flat-out illegal in the EU. Providing bulk access does not require a court
> order. A court order is one means, but not the only means. The data
> subject can also consent (see next point). No nations laws (at least that I
> am aware of) prevent anyone from becoming a registrar in their jurisdiction.
> The most stringent laws require informed consent. Informed consent can be
> given to individualized whois searches and to bulk access. The basic
> question is whether the data subject is informed of how the personal
> information is going to be published, who will have access to it, how it
> will be used, and what the known risks of disclosure are.
>
> 2) Consent.
>
> a) Consent is the basic criteria, both in the EU and in many
> other jurisdictions (even, to a lesser extent, in the US). Registrants can
> consent to having their personal information published in the whois. They do
> have to be informed about what third parties are going to have access to the
> data and what uses these third parties will put to the data (such as if the
> third parties will be searching for TM violators or if the third parties are
> known to sell the data further downstream). Consent can be given to
> individualized one-of WHOIS publications in response to specific searches.
> Consent can also be given to the bulk publication of whois, provided the
> bulk purchasers and their uses of the information are disclosed. The
> disclosure requirement is pretty steep, inasmuch as even known *risks* of
> down-stream disclosure must be identified to achieve truly informed consent.
>
>
> b) Consent can be obtained a priori, which, in the context of
> domain name registration, mean that the ICANN required registration
> agreement would include language requiring the registrant to consent to
> disclosure of the personal information according to the whois and transfers
> policies developed by ICANN. This consent would link to the whois and
> transfers policies, where a complete statement of the purposes, third party
> access, and risks would be found. This consent can even contractually
> stipulate that the ICANN whois and transfers policies may change over time,
> following ICANN's consensus procedures.
>
> c) Consent can also be obtained after the fact, "ex post
> facto." Ex post facto consent is *almost* workable in the transfers
> context. The non-EU gaining registrar would have to include the consent
> language in the transfer authorization process and in the transfer consent
> email. Not an inconsiderable burden, but also not totally out of the
> question. However, after-the-fact consent would certainly not satisfy the
> IP community's desire for whois information. The IP community has no
> convenient means through which it can obtain individualized ex post facto
> consent.
>
> An ex post facto approach to obtaining consent may be an acceptable burden
> to registrars in the context of transfers. In this case, simply leave the
> IP community to figure out and lobby for an a priori
> ICANN-registration-agreement approach. And even then some registrars will be
> playing by different rules outside the context of transfers. However, it is
> unlikely that the IP community is asleep at the switch, in which case
> registrars just might as well accept and work with an a priori
> ICANN-registration-agreement approach to this issue.
>
> Bottom line, eNom advocates before-hand consent because it is fairer across
> registrars. ICANN should require registrars to get consent from registrants
> to disclose the whois information according to the whois and transfer
> policies established by ICANN from time to time. Make that a "must have" in
> the registration agreement. I really doubt if a requirement to get consent
> would be illegal in any jurisdiction on the planet, therefore no registrar
> would be in violation of their agreement with ICANN.
>
>
> -----Original Message-----
> From: owner-registrars at gnso.icann.org
> [mailto:owner-registrars at gnso.icann.org] On Behalf Of Ross Wm. Rader
> Sent: Tuesday, April 13, 2004 9:31 AM
> To: Rob Hall
> Cc: registrars at dnso.org
> Subject: Re: [registrars] Revised draft for TF2
>
> On 4/13/2004 10:02 AM Rob Hall noted that:
>
> Rob, inline...
>
> > Can you tell me on what basis you say buk whois is 100% illegal in Europe
> ?
> >
> > My understanding of your privacy laws is that you must inform the user of
> > how their information will be disseminated. Is it not true that if you
> tell
> > the user that you will publish their information, and give it to whoever
> > applies under your bulk whois contract, that you are covered legally ?
> >
> > You have informed the user of how their information is to be used, and
> > distributed. It is then the users choice to continue given that they now
> > know the playing field.
> >
>
> Is your issue with the registrar constituency advocating that the bulk
> whois provisions in the contract be eliminated or the logic that
> Thomas has used to justify that position?
>
>
> > You also make a statement that seems to unlink whois and transfers. But
> > they are in fact directly linked.
> >
>
> I didn't draw this same conclusion - which passage are you referring to?
>
>
> > I also believe that one of the primary reasons we have a distributed whois
> > for com/net is to promote competition, not lessen it. I am at a loss as
> to
> > how making whois information available to the public hurts competition. I
> > believe just the opposite occurs.
>
> I think Thomas is saying that having two standards in place (i.e. one
> based in ICANN policy and the other based in local legislation) will
> create "forum shopping". Not sure if competition is especially germane
> to this particular point.
>
> >
> > I believe that if you unilaterally break your ICANN contract for any
> reason,
> > you should face enforement and penalties. If a big european telco broke
> > their ICANN contract by not providing whois anymore, I suspect they would
> be
> > found in breach, and no longer have a contract. Exactly as would any
> > non-european registrar who broke their contract.
> >
>
> The key here is for the GNSO to develop policy that can be applied
> equally across all relevant jurisdictions. The current policy
> regarding Whois plays extremely close to this line - many of the
> proposals completely cross it. Any proposal that can't be implemented
> by registrars because of legal considerations needs to be discarded to
> avoid the conditions you are concerned about.
>
> --
>
>
> -rwr
>
>
>
>
>
>
>
>
> "Don't be too timid and squeamish about your actions.
> All life is an experiment.
> The more experiments you make the better."
> - Ralph Waldo Emerson
>
> Got Blog? http://www.blogware.com
> My Blogware: http://www.byte.org
>
>
Gruss,
tom
(__)
(OO)_____
(oo) /|\ A cow is not entirely full of
| |--/ | * milk some of it is hamburger!
w w w w
More information about the registrars
mailing list