[registrars] IPC Constituency Statement - whois TF2 - Text format

[Jean-Michel Becar]

For all of our friends who don't like word :-)



IPC Constituency Statement

Whois Task Force 2

April 13, 2004


    This statement responds to the issue identified in the purpose
    statement of the terms of reference for Task Force 2, see
    http://gnso.icann.org/issues/whois-privacy/tor2.shtml

The purpose of this task force is to determine:
a) What is the best way to inform registrants of what information about
themselves is made publicly available when they register a domain name
and what options they have to restrict access to that data and receive
notification of its use?

Based on the limited data which has been collected so far, IPC believes
that the effectiveness of notification to domain name registrants, and
the obtaining of their consent as required by the RAA Secs. 3.7.7.4,
3.7.7.5, generally need improvement.

For example, obtaining specific consent on this issue from the
registrant during the registration process, separate from obtaining
agreement to extensive terms and conditions for the registration in
general, should be encouraged. Similarly, some registrars should be more
specific and forthright in communicating to registrants about the
circumstances under which Whois data is available to third parties.

ICANN should:

? incorporate compliance with the notification and consent requirement
as part of its overall plan to improve registrar compliance with the
RAA. (See MOU Amendment II.C.14.d).

? issue an advisory reminding registrars of the importance of compliance
with this contractual requirement, even registrars operating primarily
in countries in which local law apparently does not require registrant
consent to be obtained.

IPC believes that registrars should take the lead in developing best
practices, with input from other interested constituencies, that will
improve the effectiveness of giving notice to, and obtaining consent
from, domain name registrants with regard to uses of registrant contact
data. IPC would be glad to participate in such an effort.

b) What changes, if any, should be made in the data elements about
registrants that must be collected at the time of registration to
achieve an acceptable balance between the interests of those seeking
contact-ability, and those seeking privacy protection?

Based on the data collected so far, IPC does not think that any data
element currently collected by registrars about registrants should be
eliminated. IPC has identified certain data elements that may not be
currently collected (or at least are not currently displayed in response
to Whois queries) but whose inclusion would improve the usefulness of
Whois data. These include:

? chain of title information

? date of initial registration

? notice of encumbrances

? date and method of last verification of registrant contact information*

*Although these additional desired data elements were identified in
response to the questionnaire sent by TF 2, IPC recognizes that action
on them may fall within the purview of TF 3.


c) Should domain name holders be allowed to remove certain parts of the
required contact information from anonymous (public) access, and if so,
what data elements can be withdrawn from public access, by which
registrants, and what contractual changes (if any) are required to
enable this? Should registrars be required to notify domain name holders
when the withheld data is released to third parties?

As a general matter, IPC does not support the suppression of public
access to any element of Whois data that is currently made public. All
such data elements make a contribution to the promotion of transparency
and accountability in the domain name system. To the contrary, ICANN
should consider requiring additional data elements already collected by
registrars (such as contact data for billing contacts) to be made
available through Whois. It should also consider requiring the
collection, and the public availability, of certain data elements that
may not be currently collected, as outlined in response to the previous
question. Finally, it should make the set of data elements that are made
publicly available more uniform across gTLDs.

Based on the limited data compiled so far, IPC supports further
consideration of two exceptions to the general principle stated above.

First, further research should be conducted on the use of “proxy
registration services” within the framework of Sec. 3.7.7.3 of the RAA,
including but not limited to the following issues:

    * the rate of uptake of such services, and consumer response to them;

    * what steps are taken to ensure that the registrar collects (or has
      immediate access to) accurate, complete and current contact
      information on all registrants taking advantage of such services;
    * the circumstances under which contact information of the actual
      registrant is disclosed pursuant to the RAA provision (i.e., the
      “evidence of actionable harm” scenario);
    * how registrants are notified when the withheld data is released to
      third parties;
    * scalability of such services.

Second, further research should be conducted into the operation by
certain ccTLDs (e.g., .nl) of case-by-case mechanisms for the
withholding of Whois data on individual registrants who demonstrate
special circumstances, and on the feasibility of adapting such
mechanisms to the gTLD environment.