[Rt4-whois] Rob Golding's input - Session with RrSG & RySG

[Alice Jansen]

Dear Review Team Members,

Please see below input received from Rob Golding. As you might recall, Rob
was participating remotely in your session with the RySG and RrSG.

Thank you,

Very best regards

Alice
>
>On 6/22/11 9:30 AM, "Rob Golding" <rob.golding at othellotech.net> wrote:
>
>>I'm "remote", but we have a complete response to all the whois questions
>>...
>>numbered as per their points - its 2.30am in the UK ...
>>
>>> 1) The unfortunate situation we find ourselves in, is that the WHOIS
>>> element has been vastly skewed from its original purpose.  LEAs wish it
>>> to be a single stop shop for identifying criminals (rarely the case),
>>> mass-marketers (read: spammers) simply mine it for more hapless
>>>victims,
>>> goverments and others cannot simply comprehend that a domain
>>> registration is entirely separated from the services offered from FQDNs
>>> at that domain.
>>> 
>>> ICANN and by extension registrar _must_ re-iterate the appropriate
>>> responsibilities of each party regarding WHOIS.  i.e. the actual data
>>>is
>>> the responsibility of the registrant, the registrar must provide
>>> universal access to it, ICANN oversees that the registrar sends
>>> reminders and does actually provide access to the data.
>>> 
>>> This has additional knock-on effects which must be recognised in other
>>> ICANN dealings and policies; e.g. as the registrant is responsible for
>>> the data in the WHOIS service, LEAs/Governments cannot impose
>>> _publisher_ restrictions or crimes upon registrars.
>>> 
>>> ICANN must also impress upon other stakeholders i.e. the GAC and LEAs,
>>> that the WHOIS service and the data contained therein, is at best
>>> informational.  Data held in the WHOIS cannot be construed to imply
>>> relationships, contracts etc. and that registrars are ultimately
>>> responsible to their commercial customers - which is not necessarily
>>>the
>>> party named in WHOIS.
>>> 
>>> 2) Simply put, ICANN should set and stand-by an agreed use for the
>>>WHOIS
>>> service.  Originally its purpose was clear, and greatly aided in the
>>> technical operation of the internet.  That purpose was significantly
>>> muddled to the point where it is almost useless for its original
>>>purpose.
>>> 
>>> 3) We have daily exposure to the WHOIS policies for .uk, which is
>>> tightly coupled both contractually and legally with the UK legal
>>>system.
>>>   This makes controlling the data and purpose significantly easier as
>>> there are enforcible contract terms (with the named registrant) to
>>> delete/suspend the registration in the event of poor data quality.  Due
>>> to the disseparate nature of the gTLD system this is either poorly
>>> defined or non-existant.  At this late stage it would be considered
>>> unfair and/or impossible to impose this kind of restrictions and
>>> penalties for the vast populus.
>>> 
>>> 4) This is simple.  ICANN already requires the registrars to escrow
>>> unprotected data.  This public WHOIS data may be protected at the
>>> registrant's request.  Other users (i.e. LEAs) should show appropriate
>>> court orders for access to the protected data when there is a clear
>>>need.
>>> 
>>> 5) It shouldn't.  As long as the registrar is fufilling its escrow
>>> obligations, privacy services are a commercial consideration between
>>> them and their customers.  There are already established legal methods
>>> for revealing this data.
>>> 
>>> 6) They aren't; registrars still regularly block/restrict and/or
>>>disable
>>> RADAR registered connections.  Registrants are still allowed to provide
>>> clearly incorrect data.
>>> 
>>> 7) In two words, Data Quality.  Registrars must rely on the information
>>> provided by their customers.  Largely there is no international method
>>> for validation - and even so would drastically increase costs to do so.
>>>   We do not have any kind of international verification for postal
>>>codes
>>> to city for example.  Whilst there are systems and validations for each
>>> nation-state's system, this is not universal.
>>> 
>>> 8) Swift and effective notification and consequences imposed when
>>> required.  We recognise the need for a fair amount of time to remedy
>>> breaches - less so for registrants to change details but more so for
>>> correcting software defects at the registrars.  However, unless the
>>> consequences are universally understood as certain - there will always
>>> be certain quarters that will flaunt the rules.  Even if a majority of
>>> registrar commit to a unified code of conduct, we would be committing
>>> commercial suicide as registrants would flock to those allowing them to
>>> flaunt the rules or avoid their registration being removed for false
>>> data.
>>> 
>>> 9) ICANN compliance with the registrars must complete their work in a
>>> timely manner.  If this requires more resources then fine.  However it
>>> cannot 'obtain' any new powers to enforce rules on registrants.  It is
>>> not a 3rd party to the commercial contracts.  This element of
>>>compliance
>>> must be handled by registrars, however unless it is employed 100% it
>>> will never be effective.
>>> 
>>> 10) I doubt it can.
>>> 
>>> 11) No ccTLD has cracked this issue.
>>> 
>>> 12) Yes; the more compliant a registrar attempts to become, the more
>>> costs they incur - in development, customer contact or commercial
>>> deficit (losing business to other registrars who simply don't care).
>>> 
>>> 13) Largely nothing.  There are still on-going compliance issues
>>>causing
>>> daily problems for transfers between registrars.  Maybe after six to
>>> nine months will a registrar lose their accreditation - but usually
>>>this
>>> is over fees rather than compliance.
>>> 
>>
>>
>