From alice.jansen at icann.org Tue Aug 30 17:04:25 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Tue, 30 Aug 2011 10:04:25 -0700 Subject: [Rt4-whois] Prel Report for your approval In-Reply-To: Message-ID: Dear Review Team Members, In anticipation of your call scheduled for 1 September (22:00 UTC), please find attached the preliminary report of your teleconference held on 17 August. Kindly note that this will be discussed with a view to adopting a final version. Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/d4f45d45/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Prel Rep - 17 August.doc Type: application/x-msword Size: 34816 bytes Desc: Prel Rep - 17 August.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/d4f45d45/PrelRep-17August.doc From kathy at kathykleiman.com Tue Aug 30 21:27:35 2011 From: kathy at kathykleiman.com (kathy at kathykleiman.com) Date: Tue, 30 Aug 2011 14:27:35 -0700 (PDT) Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A305FD55CEA@EMB01.dept.gov.au> References: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> <636771A7F4383E408C57A0240B5F8D4A305FD55CEA@EMB01.dept.gov.au> Message-ID: <19565.66.44.74.157.1314739655.squirrel@kathykleiman.com> Hi All, I would like to greatly thank Peter for his draft (I now know how hard these are to do)! Now that I have done my "deep dive" into the comments, I think that there are some additional comments that can be cited to round out the discussion. Also, following on Peter's discussion of ICANN's Whois Misuse study (data misused from Whois), I have added discussion of and references to the 3 studies of Whois Privacy and Proxy Services that the GNSO approved in April and June, and commissioned in response to requests for data from the GAC (and badly needed by the GNSO too!): > Hello again all, > > Attached is a revised draft to fill out some of the more obvious gaps > (including the argument around proxy services, and the references to > ICANN???s consensus procedure), and to address some of the points raised > by James. > > There is clearly still more work to be done to balance the argument in > places, and to incorporate diverse/alternate viewpoints, but I hope this > revised version addresses some of the gaps and questions about the > positions. > > I???ve also inserted responses to James??? comments below, and would be > welcome further comments on how to take this issue forward. > > Cheers, > > Peter > > > > From: James M. Bladel [mailto:jbladel at godaddy.com] > Sent: Saturday, 20 August 2011 10:03 AM > To: Emily Taylor > Cc: rt4-whois at icann.org; Nettlefold, Peter > Subject: RE: [Rt4-whois] Report input - privacy/proxy 'gaps' > [SEC=UNCLASSIFIED] > > Peter, Emily, and Team: > > Thanks for getting this thread started. I have numerous comments on this > chapter, and have organized them in to two categories (below). I look > forward to a longer discussion of this (and other) chapters between now > and our meeting in MdR. > > Thanks-- > > J. > > > > Concerns with the Approach: > * This chapter represents an unbalanced perspective of the Privacy/Proxy > issue. It emphasizes the views of governments, law enforcement, and > others opposed to P&P services, while marginalizing the positions of those > supporting, offering, or using these services. > I agree that more balance is needed. I simply did not have time to build > in more viewpoints in the first draft. > > * It proceeds from the default LE & Gov't position that some registrants, > under certain conditions, have legitimate needs for privacy. While the > civil tradition in most democracies (and on the Internet) is that privacy > is a right enjoyed by everyone unless/until their conduct abuses this. > I don???t believe that there is a default LE and government position as > such. Both of James??? formulations suggest that privacy is important and > should be acknowledged. The draft chapter also acknowledges this. However, > it is also important to acknowledge that choosing to participate in > certain public processes often requires a degree of public disclosure and > visibility. > > * The ICANN Policy that resolves conflicts between WHOIS requirements and > local law is a protection for Registries and Registrars---not for > Registrants. For Registrants, their only option to enhanced privacy > protection (beyond that required by their local laws) is to engage a P&P > service. > The ICANN consensus procedure is to resolve conflicts with national > privacy laws. These laws protect people???s privacy, including > registrants. I agree that privacy services may offer additional comfort, > and the draft chapter recommends extending privacy protections beyond the > consensus procedure, through the use of regulated privacy services. > > * It is not appropriate to cite a 2009 study by ICANN without noting that > more specific studies have been approved by the Board (at Singapore) and > may or may not be completed in time for their findings to be referenced by > this report. > I agree, and expect that the ongoing studies could be acknowledged either > here or elsewhere in the report. However, it seems that no results from > these studies will be available to inform our work. Plans for future > studies do not diminish the relevance of the 2009 study. > > * It is not appropriate to cite a study by Knujon, or any other > commercially-interested third-party that is engaged in the promotion of > their products & services. > I disagree. Many if not all respondents to our discussion paper have > vested interests, and I expect that we will be happy to quote their views > (I certainly have in the draft). If there are problems with the > methodology or other questions about a particular study, or a need to > otherwise caveat our references to a third-party study, then that is a > different matter and I would entirely agree. But I can see no reason to > dismiss a study out of hand because of a bias against a particular > stakeholder. > > * The quotes by Law Enforcement do not include those who have neutral or > uncritical views of P&P services, or those in LE who frequently and > publicly make the distinction between the "good" or "model" P&P operators, > versus the "bad actors." > I agree that more balance could always be included. > > * Proxy registrations do not "hide" or "shield" registrant contact data. > The proxy service IS the registrant. Law Enforcement & Gov'ts and other > interested parties are, in effect, demanding disclosure of the business > relationship between the Proxy provider and its customer(s). > I agree (with the first two sentences). However, several respondents to > the discussion paper suggested that a distinction between the > ???proxy-as-registrant??? and the ???underlying/licensed-registrant??? was > being gamed and exploited. I agree that ICANN can???t ???ban??? proxy > services, and accept that it can???t be expected to even know about every > side agreement with third parties. > > I think the confusion arises by ICANN trying to acknowledge ???proxy > services??? in the first place. Once someone becomes a registrant, then > they should accept all the rights and responsibilities that come with > that. If they have an agreement with another party for some reason, then > this should have no effect on their rights and responsibilities as a > registrant from ICANN???s perspective. This is what I was trying to > suggest ??? i.e. similar to Nominet???s approach, that ICANN simply not > acknowledge them as anything other than the actual registrant, and hence > remove the gaming and legal uncertainty that arises from that > recognition. > > With this in mind, I???ve redrafted some text and recommendations in the > revised chapter, as James??? points have highlighted ways to improve the > wording. > > > Concerns with the Recommendations: > > * Overall: Many of these recommendations exceed "Policy Review" and fall > in to the realm of "Policy Recommendation." > > * Rec #1: Because it is not a regulator, ICANN cannot prohibit services > offered by firms with which it does not have a contract. And it cannot > compel business to enter in to contracts unless there is a clear incentive > for them to do so. > > * Rec #2: ICANN could offer a voluntary accreditation program for P&P > providers. But it would by necessity be a voluntary program, so there > should be clear benefits for P&P providers to gain ICANN accreditation, > and clear benefits for registrars to use accredited P&P services. > > * Rec #3: Accredited Registrars could use Accredited P&P Providers, > presuming they were -aware- when a non-accredited service was being used. > For example, if I contact my lawyer and ask him to register a domain name > on my behalf, I do not expect the registrar to know that the lawyer is > functioning as a Proxy for me in this example. > > * Rec #4: It is not within ICANN's mission to examine how a domain name > is used. Domain names are not synonymous with websites. Registrars are > often, but not necessarily, the web content hosts for the names they > manage. As an organization, ICANN is and must remain "content neutral." > > * Rec #5 - #7: These recommendations seem to ouline the charter of a > desired Policy Development Process (PDP), which is beyond the remit of > this review team. > > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps' > [SEC=UNCLASSIFIED] > From: Emily Taylor > > Date: Wed, August 17, 2011 6:17 am > To: "Nettlefold, Peter" > > > Cc: "rt4-whois at icann.org" > > > > Dear Peter, > > Many thanks for your work on this draft. I really like the way that you > have based your commentary on a bottom-up analysis of what the comments > said. It shows that we have been listening to, and carefully analysing > the inputs that people have taken the trouble to give us. > > I'm sure we'll be discussing it on today's call, and it's a pity that the > scheduling prevents you joining us. I hope we will be able to have you on > our next call after this one, and we'll ensure that we have a good turn > out. > > My question in reading the proxy/privacy section is - apart from NCUC > which you referenced - did we have contrary views. We have a lot of > references from law enforcement and IP constituency, but nothing at all > from registry/registrars or NCUC apart from that one quote. I'm keen to > ensure that we present a balanced view of the inputs received, because it > will give a range of views. > > All - please can we look out our notes of our face-to-face meetings. I > for one took away a strong message from our call with the IPC that they > had *good* experiences of data release from a number of the larger > providers, and (while in a perfect world they may not want proxy/privacy > services) were able to live with them if they could have a predictable > outcome. This is well captured in one of the recommendations, but doesn't > quite come through in the supporting text yet. > > For the more radical recommendations - I'm not sure that I heard them > being asked for, even by the communities that you would expect to support > them, and therefore we need much more argumentation in the text to justify > some of the recommendations (if, indeed, the team can reach consensus on > them). > > Thank you again for a thorough and thoughtful piece of work Peter. It > provides us with an excellent first draft on which to focus our > discussions. > > Kind regards > > Emily > > Kind regards > > Emily > > On 17 August 2011 10:16, Mikhail Yakushev > > wrote: > Dear Peter, colleagues, > I have carefully reviewed Peter???s draft and mostly agree with the > provided analysis. I also would mostly agree with the suggested > recommendations ??? but I think we need to discuss each of them separately > to achieve the highest possible level of consensus within our team. > Kind regards, > Michael > > From: rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] > On Behalf Of Nettlefold, Peter > Sent: Tuesday, August 16, 2011 11:48 AM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' > [SEC=UNCLASSIFIED] > > Hello all, > > Attached is the first section of the draft ???gaps??? chapter, for review > and comment. > > As you???ll see, this section covers accessibility and privacy issues, and > it still has some gaps. > > I???ve also drafted and included some recommendations on this issue, > building on the public and law enforcement input and our own discussions. > I hope these are helpful. > > As you???ll see, I???ve drawn a distinction between proxy and privacy > services in the draft chapter, and this will need some further work (but I > didn???t want to delay getting this out to you any further while I worked > on this). I???ve tried to unpack this distinction in the draft chapter, > but also wanted to also explain my thinking to you. > > The main challenge identified by responses to our consultation processes, > and in our own discussions, is to find a way to balance any legitimate > privacy concerns with the interests of other stakeholders. The position > I???ve put forward in the draft chapter is that this can be achieved > through the regulated use of privacy services (i.e. services that make the > identity of the registrant known, but limit availability to other personal > data ??? at least in the first instance). Proxy services, which replace > the name of the registrant with that of another entity, are quite > different in nature, and I think that these services raise serious > questions about ICANN???s ability to enforce its AoC obligations. > > I have drafted the chapter with this distinction in mind, although some > parts of the argument need a bit more work. > > I???m aiming to circulate the next section of the draft chapter - on > accuracy - in a day or two, and the section on compliance shortly after > that. > > Unfortunately the next call is now scheduled for 1am my time, so I won???t > be attending. > > I look forward to discussing this further as we work towards our Marina > del Ray meeting. > > Cheers, > > Peter > > > > ------------------------------------------------------------------------------- > The information transmitted is for the use of the intended recipient only > and may contain confidential and/or legally privileged material. Any > review, re-transmission, disclosure, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited and may result in > severe penalties. > > If you have received this e-mail in error please notify the Security > Advisor of the Department of Broadband, Communications and the Digital > Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and > delete all copies of this transmission together with any attachments. > > Please consider the environment before printing this email. > > ------------------------------------------------------------------------------- > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > -- > > > [cid:~WRD259.jpg] > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ??? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > ________________________________ > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > > The information transmitted is for the use of the intended recipient only > and may contain confidential and/or legally privileged material. Any > review, re-transmission, disclosure, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipient is prohibited and may result in > severe penalties. > > > If you have received this e-mail in error please notify the Security > Advisor of the Department of Broadband, Communications and the Digital > Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and > delete all copies of this transmission together with any attachments. > > > Please consider the environment before printing this email. > > > ------------------------------------------------------------------------------- > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From kathy at kathykleiman.com Tue Aug 30 21:33:58 2011 From: kathy at kathykleiman.com (kathy at kathykleiman.com) Date: Tue, 30 Aug 2011 14:33:58 -0700 (PDT) Subject: [Rt4-whois] Oops! Re: Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: <19565.66.44.74.157.1314739657.squirrel@kathykleiman.com> References: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> <636771A7F4383E408C57A0240B5F8D4A305FD55CEA@EMB01.dept.gov.au> <19565.66.44.74.157.1314739657.squirrel@kathykleiman.com> Message-ID: <52960.66.44.74.157.1314740038.squirrel@kathykleiman.com> Sorry -- my fingers hit enter before I finished. Here's the full message :-)! Hi All, I would like to greatly thank Peter for his draft (I now know how hard these are to do)! Now that I have done my "deep dive" into the comments, I think that there are some additional comments that can be cited to round out the discussion of this important section. Also, following on Peter's discussion of ICANN's Whois Misuse study (data misused from Whois), I have added discussion of and references to the 3 studies of Whois Privacy and Proxy Services that the GNSO approved in April and June, and commissioned in response to requests for data from the GAC (and badly wanted by the GNSO too!): -- Whois Proxy/Privacy Relay and Reveal Study -- Whois Proxy/Privacy Abuse Study -- Whois Registrant Identification Study (a foundation for the other studies). (Note: ICANN will spend over $400,000 on these important studies) I also incorporated some of James' comments into the text, with which I share great agreement. **Attached please find an edited version of Peter's section.** Thanks Peter! Best, Kathy > > > > >> Hello again all, >> >> Attached is a revised draft to fill out some of the more obvious gaps >> (including the argument around proxy services, and the references to >> ICANN???s consensus procedure), and to address some of the points raised >> by James. >> >> There is clearly still more work to be done to balance the argument in >> places, and to incorporate diverse/alternate viewpoints, but I hope this >> revised version addresses some of the gaps and questions about the >> positions. >> >> I???ve also inserted responses to James??? comments below, and would be >> welcome further comments on how to take this issue forward. >> >> Cheers, >> >> Peter >> >> >> >> From: James M. Bladel [mailto:jbladel at godaddy.com] >> Sent: Saturday, 20 August 2011 10:03 AM >> To: Emily Taylor >> Cc: rt4-whois at icann.org; Nettlefold, Peter >> Subject: RE: [Rt4-whois] Report input - privacy/proxy 'gaps' >> [SEC=UNCLASSIFIED] >> >> Peter, Emily, and Team: >> >> Thanks for getting this thread started. I have numerous comments on >> this >> chapter, and have organized them in to two categories (below). I look >> forward to a longer discussion of this (and other) chapters between now >> and our meeting in MdR. >> >> Thanks-- >> >> J. >> >> >> >> Concerns with the Approach: >> * This chapter represents an unbalanced perspective of the >> Privacy/Proxy >> issue. It emphasizes the views of governments, law enforcement, and >> others opposed to P&P services, while marginalizing the positions of >> those >> supporting, offering, or using these services. >> I agree that more balance is needed. I simply did not have time to build >> in more viewpoints in the first draft. >> >> * It proceeds from the default LE & Gov't position that some >> registrants, >> under certain conditions, have legitimate needs for privacy. While the >> civil tradition in most democracies (and on the Internet) is that >> privacy >> is a right enjoyed by everyone unless/until their conduct abuses this. >> I don???t believe that there is a default LE and government position as >> such. Both of James??? formulations suggest that privacy is important >> and >> should be acknowledged. The draft chapter also acknowledges this. >> However, >> it is also important to acknowledge that choosing to participate in >> certain public processes often requires a degree of public disclosure >> and >> visibility. >> >> * The ICANN Policy that resolves conflicts between WHOIS requirements >> and >> local law is a protection for Registries and Registrars---not for >> Registrants. For Registrants, their only option to enhanced privacy >> protection (beyond that required by their local laws) is to engage a P&P >> service. >> The ICANN consensus procedure is to resolve conflicts with national >> privacy laws. These laws protect people???s privacy, including >> registrants. I agree that privacy services may offer additional comfort, >> and the draft chapter recommends extending privacy protections beyond >> the >> consensus procedure, through the use of regulated privacy services. >> >> * It is not appropriate to cite a 2009 study by ICANN without noting >> that >> more specific studies have been approved by the Board (at Singapore) and >> may or may not be completed in time for their findings to be referenced >> by >> this report. >> I agree, and expect that the ongoing studies could be acknowledged >> either >> here or elsewhere in the report. However, it seems that no results from >> these studies will be available to inform our work. Plans for future >> studies do not diminish the relevance of the 2009 study. >> >> * It is not appropriate to cite a study by Knujon, or any other >> commercially-interested third-party that is engaged in the promotion of >> their products & services. >> I disagree. Many if not all respondents to our discussion paper have >> vested interests, and I expect that we will be happy to quote their >> views >> (I certainly have in the draft). If there are problems with the >> methodology or other questions about a particular study, or a need to >> otherwise caveat our references to a third-party study, then that is a >> different matter and I would entirely agree. But I can see no reason to >> dismiss a study out of hand because of a bias against a particular >> stakeholder. >> >> * The quotes by Law Enforcement do not include those who have neutral >> or >> uncritical views of P&P services, or those in LE who frequently and >> publicly make the distinction between the "good" or "model" P&P >> operators, >> versus the "bad actors." >> I agree that more balance could always be included. >> >> * Proxy registrations do not "hide" or "shield" registrant contact >> data. >> The proxy service IS the registrant. Law Enforcement & Gov'ts and other >> interested parties are, in effect, demanding disclosure of the business >> relationship between the Proxy provider and its customer(s). >> I agree (with the first two sentences). However, several respondents to >> the discussion paper suggested that a distinction between the >> ???proxy-as-registrant??? and the ???underlying/licensed-registrant??? >> was >> being gamed and exploited. I agree that ICANN can???t ???ban??? proxy >> services, and accept that it can???t be expected to even know about >> every >> side agreement with third parties. >> >> I think the confusion arises by ICANN trying to acknowledge ???proxy >> services??? in the first place. Once someone becomes a registrant, then >> they should accept all the rights and responsibilities that come with >> that. If they have an agreement with another party for some reason, then >> this should have no effect on their rights and responsibilities as a >> registrant from ICANN???s perspective. This is what I was trying to >> suggest ??? i.e. similar to Nominet???s approach, that ICANN simply not >> acknowledge them as anything other than the actual registrant, and hence >> remove the gaming and legal uncertainty that arises from that >> recognition. >> >> With this in mind, I???ve redrafted some text and recommendations in the >> revised chapter, as James??? points have highlighted ways to improve the >> wording. >> >> >> Concerns with the Recommendations: >> >> * Overall: Many of these recommendations exceed "Policy Review" and >> fall >> in to the realm of "Policy Recommendation." >> >> * Rec #1: Because it is not a regulator, ICANN cannot prohibit services >> offered by firms with which it does not have a contract. And it cannot >> compel business to enter in to contracts unless there is a clear >> incentive >> for them to do so. >> >> * Rec #2: ICANN could offer a voluntary accreditation program for P&P >> providers. But it would by necessity be a voluntary program, so there >> should be clear benefits for P&P providers to gain ICANN accreditation, >> and clear benefits for registrars to use accredited P&P services. >> >> * Rec #3: Accredited Registrars could use Accredited P&P Providers, >> presuming they were -aware- when a non-accredited service was being >> used. >> For example, if I contact my lawyer and ask him to register a domain >> name >> on my behalf, I do not expect the registrar to know that the lawyer is >> functioning as a Proxy for me in this example. >> >> * Rec #4: It is not within ICANN's mission to examine how a domain name >> is used. Domain names are not synonymous with websites. Registrars are >> often, but not necessarily, the web content hosts for the names they >> manage. As an organization, ICANN is and must remain "content neutral." >> >> * Rec #5 - #7: These recommendations seem to ouline the charter of a >> desired Policy Development Process (PDP), which is beyond the remit of >> this review team. >> >> >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps' >> [SEC=UNCLASSIFIED] >> From: Emily Taylor > >> Date: Wed, August 17, 2011 6:17 am >> To: "Nettlefold, Peter" >> > >> Cc: "rt4-whois at icann.org" >> > >> >> Dear Peter, >> >> Many thanks for your work on this draft. I really like the way that you >> have based your commentary on a bottom-up analysis of what the comments >> said. It shows that we have been listening to, and carefully analysing >> the inputs that people have taken the trouble to give us. >> >> I'm sure we'll be discussing it on today's call, and it's a pity that >> the >> scheduling prevents you joining us. I hope we will be able to have you >> on >> our next call after this one, and we'll ensure that we have a good turn >> out. >> >> My question in reading the proxy/privacy section is - apart from NCUC >> which you referenced - did we have contrary views. We have a lot of >> references from law enforcement and IP constituency, but nothing at all >> from registry/registrars or NCUC apart from that one quote. I'm keen to >> ensure that we present a balanced view of the inputs received, because >> it >> will give a range of views. >> >> All - please can we look out our notes of our face-to-face meetings. I >> for one took away a strong message from our call with the IPC that they >> had *good* experiences of data release from a number of the larger >> providers, and (while in a perfect world they may not want proxy/privacy >> services) were able to live with them if they could have a predictable >> outcome. This is well captured in one of the recommendations, but >> doesn't >> quite come through in the supporting text yet. >> >> For the more radical recommendations - I'm not sure that I heard them >> being asked for, even by the communities that you would expect to >> support >> them, and therefore we need much more argumentation in the text to >> justify >> some of the recommendations (if, indeed, the team can reach consensus on >> them). >> >> Thank you again for a thorough and thoughtful piece of work Peter. It >> provides us with an excellent first draft on which to focus our >> discussions. >> >> Kind regards >> >> Emily >> >> Kind regards >> >> Emily >> >> On 17 August 2011 10:16, Mikhail Yakushev >> > wrote: >> Dear Peter, colleagues, >> I have carefully reviewed Peter???s draft and mostly agree with the >> provided analysis. I also would mostly agree with the suggested >> recommendations ??? but I think we need to discuss each of them >> separately >> to achieve the highest possible level of consensus within our team. >> Kind regards, >> Michael >> >> From: rt4-whois-bounces at icann.org >> [mailto:rt4-whois-bounces at icann.org] >> On Behalf Of Nettlefold, Peter >> Sent: Tuesday, August 16, 2011 11:48 AM >> To: rt4-whois at icann.org >> Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' >> [SEC=UNCLASSIFIED] >> >> Hello all, >> >> Attached is the first section of the draft ???gaps??? chapter, for >> review >> and comment. >> >> As you???ll see, this section covers accessibility and privacy issues, >> and >> it still has some gaps. >> >> I???ve also drafted and included some recommendations on this issue, >> building on the public and law enforcement input and our own >> discussions. >> I hope these are helpful. >> >> As you???ll see, I???ve drawn a distinction between proxy and privacy >> services in the draft chapter, and this will need some further work (but >> I >> didn???t want to delay getting this out to you any further while I >> worked >> on this). I???ve tried to unpack this distinction in the draft chapter, >> but also wanted to also explain my thinking to you. >> >> The main challenge identified by responses to our consultation >> processes, >> and in our own discussions, is to find a way to balance any legitimate >> privacy concerns with the interests of other stakeholders. The position >> I???ve put forward in the draft chapter is that this can be achieved >> through the regulated use of privacy services (i.e. services that make >> the >> identity of the registrant known, but limit availability to other >> personal >> data ??? at least in the first instance). Proxy services, which replace >> the name of the registrant with that of another entity, are quite >> different in nature, and I think that these services raise serious >> questions about ICANN???s ability to enforce its AoC obligations. >> >> I have drafted the chapter with this distinction in mind, although some >> parts of the argument need a bit more work. >> >> I???m aiming to circulate the next section of the draft chapter - on >> accuracy - in a day or two, and the section on compliance shortly after >> that. >> >> Unfortunately the next call is now scheduled for 1am my time, so I >> won???t >> be attending. >> >> I look forward to discussing this further as we work towards our Marina >> del Ray meeting. >> >> Cheers, >> >> Peter >> >> >> >> ------------------------------------------------------------------------------- >> The information transmitted is for the use of the intended recipient >> only >> and may contain confidential and/or legally privileged material. Any >> review, re-transmission, disclosure, dissemination or other use of, or >> taking of any action in reliance upon, this information by persons or >> entities other than the intended recipient is prohibited and may result >> in >> severe penalties. >> >> If you have received this e-mail in error please notify the Security >> Advisor of the Department of Broadband, Communications and the Digital >> Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and >> delete all copies of this transmission together with any attachments. >> >> Please consider the environment before printing this email. >> >> ------------------------------------------------------------------------------- >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> >> -- >> >> >> [cid:~WRD259.jpg] >> >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ??? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> www.etlaw.co.uk >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> ________________________________ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> ------------------------------------------------------------------------------- >> >> >> The information transmitted is for the use of the intended recipient >> only >> and may contain confidential and/or legally privileged material. Any >> review, re-transmission, disclosure, dissemination or other use of, or >> taking of any action in reliance upon, this information by persons or >> entities other than the intended recipient is prohibited and may result >> in >> severe penalties. >> >> >> If you have received this e-mail in error please notify the Security >> Advisor of the Department of Broadband, Communications and the Digital >> Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and >> delete all copies of this transmission together with any attachments. >> >> >> Please consider the environment before printing this email. >> >> >> ------------------------------------------------------------------------------- >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > -------------- next part -------------- A non-text attachment was scrubbed... Name: Final Report - privacy proxy version 2 kk ed.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.documen t Size: 53274 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/2df949d0/FinalReport-privacyproxyversion2kked.docx From kathy at kathykleiman.com Tue Aug 30 21:49:51 2011 From: kathy at kathykleiman.com (kathy at kathykleiman.com) Date: Tue, 30 Aug 2011 14:49:51 -0700 (PDT) Subject: [Rt4-whois] Help required - NOW EVEN EASIER!! In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C6757A681@soca.x.gsi.gov.uk> Message-ID: <35828.66.44.74.157.1314740991.squirrel@kathykleiman.com> Dear Sharon, Please forgive my delay in responding to your materials, and thank you so much for the extensive efforts you made in reviewing the comments, and compiling them for our review. I have the same feeling now as I did when I first read your sections -- I am not certain what to do. What are your conclusions? What are your recommendations? Based on the written comments, the oral comments in San Francisco (when these definitions were open for public comment and there seemed to be views of both support and concern), and especially your expertise, experience and insight, what definitional language do you recommend we adopt? If I missed this, please forgive me! The "Why" is ultimately what I think these chapters are about -- what is our recommendation, and why are we recommending it? The more persuasive we are, the more likely the ICANN Community will be to adopt and follow our recommendations. What I like best in your materials is the Feedback on LE Questionnaire. This is really good material and I think we should find many ways to incorporate it. Thanks so much for all the time and effort you and your staff devoted to this survey. I truly think is much of value here for us to use and share... Best, Kathy > NOT PROTECTIVELY MARKED > > Hello Everyone, > > Last week I sent out my part of the report - definitions for comment and > assistance. Response was > limited ;-), but I still need your help. > > So - to make it even easier I have subdivided the work into three and you > only need to look at the one which relates to the subgroup you were in. I > would like you to look at the definition, the feedback received and let me > know if you think we should change it in light of that feedback. The first > document is the key for those who fedback, the second the defination and > comments and the third the longer version, should you be interested. I > have now incorporated the LE feedback from both Peter and I and summarised > the comments, rather than just listed them. > > This will only take minutes PROMISE - and I would really like to feedback > at our next conference call and I am off next week - so you have until > Monday 15th!. > > So - Producers and Maintainers - James, Susan and Wilfried > Applicable Laws -Kim, Omar, Michael, Lynn > Law Enforcement - Kim, Lutz, Peter. > > Here's hoping, > > Sharon > > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > > > This information is supplied in confidence by SOCA, and is exempt from > disclosure under the Freedom of Information Act 2000. It may also be > subject to exemption under other UK legislation. Onward disclosure may be > unlawful, for example, under the Data Protection Act 1998. Requests for > disclosure to the public must be referred to the SOCA FOI single point of > contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning > 0870 268 8677. > > All E-Mail sent and received by SOCA is scanned and subject to assessment. > Messages sent or received by SOCA staff are not private and may be the > subject of lawful business monitoring. E-Mail may be passed at any time > and without notice to an appropriate branch within SOCA, on authority from > the Director General or his Deputy for analysis. This E-Mail and any files > transmitted with it are intended solely for the individual or entity to > whom they are addressed. If you have received this message in error, > please contact the sender as soon as possible. > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless > Worldwide in partnership with MessageLabs. (CCTM Certificate Number > 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal > purposes._______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From lynn at goodsecurityconsulting.com Tue Aug 30 21:53:18 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 30 Aug 2011 14:53:18 -0700 Subject: [Rt4-whois] Consumer Trust key concepts Message-ID: <20110830145318.00ef555ff13978e3e1b8d2179880f99e.523ccb975e.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/1055d7bd/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Working Draft =?UTF-8?B?4oCTIENvbnN1bWVyIFRydXN0XzMwQXVnMjAx" filename*1="MS5kb2M=?= Type: application/msword application Size: 27648 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/1055d7bd/WorkingDraftUTF-8B4oCTIENvbnN1bWVyIFRydXN0XzMwQXVnMjAxfilename1MS5kb2M.bin From lynn at goodsecurityconsulting.com Wed Aug 31 01:34:26 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 30 Aug 2011 18:34:26 -0700 Subject: [Rt4-whois] Consumer Trust key concepts Message-ID: <20110830183426.00ef555ff13978e3e1b8d2179880f99e.338c977065.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/0d1367f0/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Working Draft =?UTF-8?B?4oCTIENvbnN1bWVyIFRydXN0XzMwQXVnMjAx" filename*1="MS5kb2M=?= Type: application/msword application Size: 27648 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/0d1367f0/WorkingDraftUTF-8B4oCTIENvbnN1bWVyIFRydXN0XzMwQXVnMjAxfilename1MS5kb2M.bin From kathy at kathykleiman.com Tue Aug 30 20:16:53 2011 From: kathy at kathykleiman.com (kathy at kathykleiman.com) Date: Tue, 30 Aug 2011 13:16:53 -0700 (PDT) Subject: [Rt4-whois] Reviewing the Comments from ICANN Community In-Reply-To: References: Message-ID: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> Hi All, I hope all is well. My family and I have survived the earthquake and hurricane on the East Coast this past week -- and are hoping for easier conditions in the future :-)! Like you, I am in the midst of my due diligence preparing for our meeting on Thursday (with the disclaimer that I may not be able to attend due to the change of date and my travel schedule). I am preparing my email comments to share with the group. As promised, I did my "deep dive" on the comments we received in June/July to our Discussion Paper. I complement the many groups that submitted interesting and informative comments -- a lot of work was spent responding to our queries. To Olof, I say Thank You! His comment summary, and especially his sorting of the comments question by question is excellent. I urge you to review the document at http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf However, a few commenters asked us to look at things a little differently. They asked us to include questions we had not asked, and history we had not included. Some have very long histories in the Whois Arena, as part of GAC, ALAC, Registrars and NCUC. ** I created a short summary of these comments -- and some addition, important, points and questions they raise. I have tried to shorten and summarize with quotes (as Olof did -- thanks for the example, Olof!) --- below and attached. Best, Kathy ------------- expanding our inquiry -- comment highlights ---------- AN EXPANDED VIEW OF THE WRT QUESTIONS (Responses to WRT Discussion Paper) Introduction: While Olof did an outstanding job of summarizing the questions by sorting them according to their responses to our 14 questions, certain issues fell between the cracks ? largely because groups and communities asked us to look at questions beyond those we had chosen to ask. This paper takes a short look at what others asked us to see ? including overstretching the purpose of Whois, significant policy work in the limitations of Whois, and the importance of history and historical perspective in our work. Thanks for taking a fast look at these summaries?and feel free to return to the full comments (found at http://forum.icann.org/lists/whoisrt-discussion-paper/). 1. Christopher Wilkinson, former GAC & GAC Secretariat (EU) on purpose of Whois: ?I rather doubt that the initial purposes of the Whois protocol and database extended to their current utilisation. It would appear that rather more is expected of Whois than it is capable of delivering in view of the legacy of past practice and the current and prospective scale of the Internet.? (In Discussion Paper Comments) 2. At Large Advisory Committee on the need to view the issues differently: ?It is our view that this Team must treat with and declare (1) whether the WHOIS construct as originally devised and for the purpose intended is still necessary, (2) whether the WHOIS dataset as originally determined remains fit to its original purpose, and (3) whether the several identifiable uses made of both the WHOIS data and processes that have expanded the original intent are useful and in the public interest.? At Large Advisory Committee on the need to consider types of use in our compliance schemes: ?Neither is it rational for the same risk in class or kind to be ascribed to all domains; domains used primarily for support of business transactions on the Web have a higher risk of consequential fraudulent activities than do those used for more personal or informational pursuits. As such, certain adjustments in approach to compliance and our expectations of the impact from compliance might benefit from a change in the philosophical construct of compliance and the processes used to affect the assurance of compliance.? At Large Advisory Committee on the need to consider cycles of registration in our compliance schemes: ?We believe that the all‐round public interest may be better served by recognizing that the risks from the fraudulent actions of bad actors are not the same throughout the WHOIS data cycle but tend to be cyclical ? higher following the establishment of new domains and decreasing thereafter.? (In Discussion Paper Comments) 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at Odds: ?Privacy and accuracy go hand-in-hand. Rather than putting sensitive information into public records, some registrants use "inaccurate" data as a means of protecting their privacy. If registrants have other channels to keep this information private, they may be more willing to share accurate data with their registrar.? ?The problem for many registrants is indiscriminate public access to the data. The lack of any restriction means that there is an unlimited potential for bad actors to access and use the data, as well as legitimate users and uses of these data.? Noncommercial Users Constituency on Why the Operational Point of Contact Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow purpose to Whois: ?ICANN stakeholders devoted a great deal of time and energy to this question in GNSO Council-chartered WHOIS Task Forces. At the end of the Task Force discussion in 2006, the group proposed that WHOIS be modified to include an Operational Point of Contact (OPOC): ? ?Under the OPOC proposal, "accredited registrars [would] publish three types of data: 1) Registered Name Holder 2) Country and state/province of the registered nameholder 3) Contact information of the OPoC, including name, address, telephone number, email." ?Registrants with privacy concerns could name agents to serve as OPoC,thereby keeping their personal address information out of the public records.? (In Discussion Paper Comments) 4. Why Registrars under Tucows leadership strongly sought a balance to simply Whois data, while improving it. Slides of Ross Rader, of Registrars Constituency and registrar Tucows, discussing goals and advantages of Operational Point of Contact, endorsed and a multi-year GNSO team. These slides and ideas were reference by Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as well as by the NCUC in the recent comment period. Goals (Operational Point of Contact- Powerpoint Slides) ?? to simply Whois data output ? reduce facilitation of domain related scams, illegal data mining, phishing and identity theft ? maintain or increase the value of Whois for all stakeholders ? provide solid foundation for enhanced access to data by key stakeholders ? promote data accuracy? (Link to slides in NCUC Discussion Paper Comments) 5. Dr. Mueller: Why technical History is important ? because it shows us where we stopped thinking about purpose and goals. Dr. Milton Mueller asks us to examine his academic paper on the Whois issues, and considers history to be a very important factor ? before and during ICANN. Here are some highlights. ?This article examines how the Internet?s Whois service has evolved into a surrogate identity system. The Whois service allows any Internet user to type a domain name into a Web interface and be immediately returned the name and contact details of whoever has registered the domain. It is used by police to bring down Web sites committing crimes; its information is harvested by spammers and marketers seeking to send their solicitations; it is used by people curious to know who is behind a Web site or e-mail address; above all, it is used by trademark and copyright attorneys to keep an eye on their brands in cyberspace ?We recount the story of Whois because it forces us to re-examine our understanding of the relationship between technological systems and global governance institutions. To understand the importance of the Whois service, one need only think of the license plate of an automobile on the road, and imagine that anyone who saw the license plate would be able to type it into a computer and be returned the name of the car owner and his or her street address, telephone number, and e-mail address. ?That is what Whois does to domain name registrants. It links the vehicle for navigating the complex arena of cyberspace (domains) to a responsible individual, a location, or a jurisdiction. Of course in the real world, access to drivers? license databases is restricted to law enforcement authorities and motor vehicle departments. It is not difficult to imagine both the benefits?and the trouble?that might be caused by free, anonymous, unrestricted public access to drivers? license databases. No doubt some additional crimes would be solved and perhaps some amazing new information services could be developed by a Google of the future. No doubt, also, incidents of road rage and stalking would be taken to new heights. The same concerns apply to Whois. In addition to facilitating accountability on the Internet, open access to registrant contact data raises privacy issues and concerns about abuse of sensitive personal data by spammers, stalkers, and identity thieves. ? Defaults tilt the playing field toward one option by giving the specified value the benefit of inertia a Whois directory originated as a feature of the Internet when it was a smallscale, closed, scientific network. As the Internet evolved into a large-scale, public, commercial system, the Whois capability remained in place by default. (Historical evolution) ?The first RFCs make it clear that the Whois protocol was intended to make available to users a general directory of other ARPANET/ Internet users. At the time, ARPANET was what we would now call an intranet that linked a few hundred computer scientists and researchers at less than a hundred geographically distributed sites. A critical fact about this directory, then, is that it was intended to serve a closed, relatively homogeneous, and?compared to today?s Internet?very small group of networked computer users.8 The early standards documents do not specify exactly what the purpose of this directory was. One can infer from context that it served a variety of purposes, and was seen as a convenience to the community of defense contractors involved in building the early Internet. Another critical fact is that for most users, participation in the directory was encouraged, but was not operationally, legally, or contractually required.9 It may be that the request to register in the centralized Whois database was made to facilitate technical coordination, but this is not documented in the RFC, and evidence supporting this has not been found anywhere else. The RFC states only that the purpose is to provide ?a directory service? (RFC 954, 1985, p. 1) to the network users ?Phase 2: Internet Opened to the Public and to Commerce While the number of host computers connected to it grew rapidly, the Internet was still a closed community of specialized users throughout the 1980s. From 1991 to 1995, a critical change occurred: The Internet was opened to commercial users and to the general public. This change was accelerated by the creation and deployment of the World Wide Web (WWW) and user-friendly Web browsers, which made the Internet usable and interesting to ordinary members of the public. The number of computers connected to the Internet exceeded 1.3 million before the end of 1992, and was somewhere between 6 and 8 million by the middle of 1995.10 This was no longer a ?community? of computer scientists and researchers, but a mass, heterogeneous public engaged in commerce and in public and personal communication. It was also an increasingly contentious and litigious public During this tornado of change, the Whois service that was implemented between 1982 and 1985 remained in place. The user base of the Internet was no longer closed, no longer homogeneous, no longer situated within a noncommercial community, and no longer relatively small and manageable. But the technical protocol and the practices supporting a directory of Internet users remained the same. The only significant change was that the burden of supplying the Whois service shifted from defense contractor Stanford Research Institute to civilian National Science Foundation contractor Network Solutions, Inc. As the Internet moved from the small, noncommercial, and closed world of the 1980s to the open, public, and commercial world of the mid-1990s, no one made a conscious decision to retain the open-access Whois service of RFC 954; Whois was an unnoticed default value. (In Discussion Paper Comments) Final note from KK: I look forward to our discussion! -------------- next part -------------- A non-text attachment was scrubbed... Name: New Issues Raised in Comments.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.documen t Size: 21176 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110830/2e57ddef/NewIssuesRaisedinComments.docx From alice.jansen at icann.org Wed Aug 31 14:31:45 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 31 Aug 2011 07:31:45 -0700 Subject: [Rt4-whois] Agenda - Next call Message-ID: Dear Review Team Members, Please find enclosed the agenda of your next call scheduled for this upcoming Thursday at 22:00 UTC. 1. Roll-call, apologies & agenda 2. Adopt preliminary report (17 August) 3. Update on consumer research (Lynn) 4. Further discussion on the gap analysis (Peter, James, all) 5. Staff response to compliance questions (Michele) 6. Update on progress from other sections, and setting deadlines (Sharon, Lynn, Kathy/James, Emily) 7. Keeping track of recommendations 8. Expectations for MdR (All) 9. A.O.B Kindly note that this agenda is also available on the wiki at: https://community.icann.org/display/whoisreview/Call+19+-+1+September+2011 Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/bf916ff5/attachment.html From alice.jansen at icann.org Wed Aug 31 14:43:30 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 31 Aug 2011 07:43:30 -0700 Subject: [Rt4-whois] UPDATE: Prel Report for your approval In-Reply-To: Message-ID: Dear Review Team Members, Please find attached an updated version of the preliminary report. Please do review this report in anticipation of your call scheduled for tomorrow. Thanks, Kindest regards Alice From: Alice Jansen > Date: Tue, 30 Aug 2011 10:04:25 -0700 To: "rt4-whois at icann.org" > Subject: Prel Report for your approval Dear Review Team Members, In anticipation of your call scheduled for 1 September (22:00 UTC), please find attached the preliminary report of your teleconference held on 17 August. Kindly note that this will be discussed with a view to adopting a final version. Thanks, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/eade976e/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Prel Rep - 17 August - v2.doc Type: application/x-msword Size: 35328 bytes Desc: Prel Rep - 17 August - v2.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/eade976e/PrelRep-17August-v2.doc From bill.smith at paypal-inc.com Wed Aug 31 15:11:51 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 31 Aug 2011 09:11:51 -0600 Subject: [Rt4-whois] Reviewing the Comments from ICANN Community In-Reply-To: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> References: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> Message-ID: <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> Comments inline: On Aug 30, 2011, at 1:16 PM, > > wrote: Hi All, I hope all is well. My family and I have survived the earthquake and hurricane on the East Coast this past week -- and are hoping for easier conditions in the future :-)! Like you, I am in the midst of my due diligence preparing for our meeting on Thursday (with the disclaimer that I may not be able to attend due to the change of date and my travel schedule). I am preparing my email comments to share with the group. As promised, I did my "deep dive" on the comments we received in June/July to our Discussion Paper. I complement the many groups that submitted interesting and informative comments -- a lot of work was spent responding to our queries. To Olof, I say Thank You! His comment summary, and especially his sorting of the comments question by question is excellent. I urge you to review the document at http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf However, a few commenters asked us to look at things a little differently. They asked us to include questions we had not asked, and history we had not included. Some have very long histories in the Whois Arena, as part of GAC, ALAC, Registrars and NCUC. ** I created a short summary of these comments -- and some addition, important, points and questions they raise. I have tried to shorten and summarize with quotes (as Olof did -- thanks for the example, Olof!) --- below and attached. Best, Kathy ------------- expanding our inquiry -- comment highlights ---------- AN EXPANDED VIEW OF THE WRT QUESTIONS (Responses to WRT Discussion Paper) Introduction: While Olof did an outstanding job of summarizing the questions by sorting them according to their responses to our 14 questions, certain issues fell between the cracks ? largely because groups and communities asked us to look at questions beyond those we had chosen to ask. This paper takes a short look at what others asked us to see ? including overstretching the purpose of Whois, significant policy work in the limitations of Whois, and the importance of history and historical perspective in our work. Thanks for taking a fast look at these summaries?and feel free to return to the full comments (found at http://forum.icann.org/lists/whoisrt-discussion-paper/). 1. Christopher Wilkinson, former GAC & GAC Secretariat (EU) on purpose of Whois: ?I rather doubt that the initial purposes of the Whois protocol and database extended to their current utilisation. It would appear that rather more is expected of Whois than it is capable of delivering in view of the legacy of past practice and the current and prospective scale of the Internet.? (In Discussion Paper Comments) I am not aware of any evidence that WHOIS, protocol or data delivery, is incapable of operating at Internet scale. In fact, we have an existence proof of the opposite. I hope we review these comments in light of our scope and recall that our primary charge is to Policy assess policy, not protocol. Simple as it is, WHOIS the protocol is capable of delivering, at scale, most any information that policy dictates. Whatever the problems of WHOIS, they are not related to databases or protocol as suggested in the excerpted paragraph. 2. At Large Advisory Committee on the need to view the issues differently: ?It is our view that this Team must treat with and declare (1) whether the WHOIS construct as originally devised and for the purpose intended is still necessary, (2) whether the WHOIS dataset as originally determined remains fit to its original purpose, and (3) whether the several identifiable uses made of both the WHOIS data and processes that have expanded the original intent are useful and in the public interest.? At Large Advisory Committee on the need to consider types of use in our compliance schemes: ?Neither is it rational for the same risk in class or kind to be ascribed to all domains; domains used primarily for support of business transactions on the Web have a higher risk of consequential fraudulent activities than do those used for more personal or informational pursuits. As such, certain adjustments in approach to compliance and our expectations of the impact from compliance might benefit from a change in the philosophical construct of compliance and the processes used to affect the assurance of compliance.? At Large Advisory Committee on the need to consider cycles of registration in our compliance schemes: ?We believe that the all‐round public interest may be better served by recognizing that the risks from the fraudulent actions of bad actors are not the same throughout the WHOIS data cycle but tend to be cyclical ? higher following the establishment of new domains and decreasing thereafter.? (In Discussion Paper Comments) 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at Odds: ?Privacy and accuracy go hand-in-hand. Rather than putting sensitive information into public records, some registrants use "inaccurate" data as a means of protecting their privacy. If registrants have other channels to keep this information private, they may be more willing to share accurate data with their registrar.? ?The problem for many registrants is indiscriminate public access to the data. The lack of any restriction means that there is an unlimited potential for bad actors to access and use the data, as well as legitimate users and uses of these data.? Noncommercial Users Constituency on Why the Operational Point of Contact Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow purpose to Whois: ?ICANN stakeholders devoted a great deal of time and energy to this question in GNSO Council-chartered WHOIS Task Forces. At the end of the Task Force discussion in 2006, the group proposed that WHOIS be modified to include an Operational Point of Contact (OPOC): ? ?Under the OPOC proposal, "accredited registrars [would] publish three types of data: 1) Registered Name Holder 2) Country and state/province of the registered nameholder 3) Contact information of the OPoC, including name, address, telephone number, email." ?Registrants with privacy concerns could name agents to serve as OPoC,thereby keeping their personal address information out of the public records.? (In Discussion Paper Comments) 4. Why Registrars under Tucows leadership strongly sought a balance to simply Whois data, while improving it. Slides of Ross Rader, of Registrars Constituency and registrar Tucows, discussing goals and advantages of Operational Point of Contact, endorsed and a multi-year GNSO team. These slides and ideas were reference by Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as well as by the NCUC in the recent comment period. Goals (Operational Point of Contact- Powerpoint Slides) ?? to simply Whois data output ? reduce facilitation of domain related scams, illegal data mining, phishing and identity theft ? maintain or increase the value of Whois for all stakeholders ? provide solid foundation for enhanced access to data by key stakeholders ? promote data accuracy? (Link to slides in NCUC Discussion Paper Comments) 5. Dr. Mueller: Why technical History is important ? because it shows us where we stopped thinking about purpose and goals. Dr. Milton Mueller asks us to examine his academic paper on the Whois issues, and considers history to be a very important factor ? before and during ICANN. Here are some highlights. ?This article examines how the Internet?s Whois service has evolved into a surrogate identity system. The Whois service allows any Internet user to type a domain name into a Web interface and be immediately returned the name and contact details of whoever has registered the domain. It is used by police to bring down Web sites committing crimes; its information is harvested by spammers and marketers seeking to send their solicitations; it is used by people curious to know who is behind a Web site or e-mail address; above all, it is used by trademark and copyright attorneys to keep an eye on their brands in cyberspace? ?We recount the story of Whois because it forces us to re-examine our understanding of the relationship between technological systems and global governance institutions. To understand the importance of the Whois service, one need only think of the license plate of an automobile on the road, and imagine that anyone who saw the license plate would be able to type it into a computer and be returned the name of the car owner and his or her street address, telephone number, and e-mail address. ?That is what Whois does to domain name registrants. It links the vehicle for navigating the complex arena of cyberspace (domains) to a responsible individual, a location, or a jurisdiction. Of course in the real world, access to drivers? license databases is restricted to law enforcement authorities and motor vehicle departments. It is not difficult to imagine both the benefits?and the trouble?that might be caused by free, anonymous, unrestricted public access to drivers? license databases. No doubt some additional crimes would be solved and perhaps some amazing new information services could be developed by a Google of the future. No doubt, also, incidents of road rage and stalking would be taken to new heights. The same concerns apply to Whois. In addition to facilitating accountability on the Internet, open access to registrant contact data raises privacy issues and concerns about abuse of sensitive personal data by spammers, stalkers, and identity thieves. The author fails to point out that license plates are also a source of revenue and indicate that a vehicle, at least in some cases, meets certain safety standards and has passed one or more inspections. There are a variety of reasons for requiring licenses plates, among them identifying the owner of a vehicle. A license plate is an indicia; the vehicle is registered. Similarly a postmark is an indicia; postage has been paid. In most jurisdictions, vehicle operators are also required to have a license and a registration form that in all cases carry information identifying the driver and owner of the vehicle in question. Some jurisdictions require evidence of insurance which also identifies both the driver and vehicle, and additionally provides the insurance carrier's name and the account number for the vehicle/driver. That card potentially carries other information like spouse, domestic partner, children ,etc. Most jurisdictions require that operators exchange the information contained in these documents and file reports with authorities in certain cases. Regardless, individuals involved in accidents are required to exchange certain identifying information, contained on the above-mentioned documents. No intervention by law enforcement is required. The information hidden behind a license plate is not, per se, limited to access by law enforcement as the author suggests. Rather that information is to anyone at least in certain situations. Comparison of Whois to other registration systems, like business licenses might be more appropriate. Many jurisdictions require businesses to display licenses. These licenses typically include names and addresses and must be displayed "conspicuously". Similarly cosmetologists are required to display their license, that typically includes name and address, at their primary workstation. Access to the information in these licenses is intended to be public, to anyone entering the establishment or seeking services. Access is not restricted in any way. By misstating the facts of vehicle licensing (registration) and ignoring to point out other registration models, the author leads the reader to the conclusion that access to identifying information in the "real world" is commonplace and therefor need be restricted in the virtual world. While there are legitimate needs to protect (some) individuals virtual space, blanket protections are not the norm in the real world. The issue is more complex than the author would have the reader believe. ?? Defaults tilt the playing field toward one option by giving the specified value the benefit of inertia?a Whois directory originated as a feature of the Internet when it was a smallscale, closed, scientific network. As the Internet evolved into a large-scale, public, commercial system, the Whois capability remained in place by default. This is true. (Historical evolution) ?The first RFCs make it clear that the Whois protocol was intended to make available to users a general directory of other ARPANET/ Internet users. At the time, ARPANET was what we would now call an intranet that RFC 812, the first standardization of WHOIS states, when speaking of the NICNAME/WHOIS server, "It is one of a series of ARPANET/Internet name services maintained by the Network Information Center (NIC) ..." Even in 1982, when the RFC was published, linked a few hundred computer scientists and researchers at less than a hundred geographically distributed sites. A critical fact about this directory, then, is that it was intended to serve a closed, relatively homogeneous, and?compared to today?s Internet?very small group of networked computer users.8 The early standards documents do not specify exactly what the purpose of this directory was. One can infer from >From RFC 812, "The server ... delivers the full name, U.S. mailing address, telephone number, and network mailbox for ARPANET users." context that it served a variety of purposes, and was seen as a convenience to the community of defense contractors involved in building the early Internet. Another critical fact is that for most users, participation in the directory was encouraged, but was not operationally, legally, Actually the language in RFC 812 is "strongly encourages" and "requests that ... all individuals capable of sending traffic across the ARPANET, be registered..." Further, in RFC 954, the language "MILNET TAC users must be registered in the database." was added and we see the first requirement for inclusion in a WHOIS database with full identifying information, in 1985. or contractually required.9 It may be that the request to register in the centralized Whois database was made to facilitate technical coordination, but this is not documented in the RFC, and evidence supporting this has not been found anywhere else. The RFC states Did the author consult with any of the Internet pioneers? only that the purpose is to provide ?a directory service? (RFC 954, 1985, p. 1) to the network users? ?Phase 2: Internet Opened to the Public and to Commerce While the number of host computers connected to it grew rapidly, the Internet was still a closed community of specialized users throughout the 1980s. From 1991 to 1995, a critical change occurred: The Internet was opened to commercial users and to the general public. This change was accelerated by the creation and deployment of the World Wide Web (WWW) and user-friendly Web browsers, which made the Internet usable and interesting to ordinary members of the public. The number of computers connected to the Internet exceeded 1.3 million before the end of 1992, and was somewhere between 6 and 8 million by the middle of 1995.10 This was no longer a ?community? of computer scientists and researchers, but a mass, heterogeneous public engaged in commerce and in public and personal communication. It was also an increasingly contentious and litigious public? During this tornado of change, the Whois service that was implemented between 1982 and 1985 remained in place. The user base of the Internet was no longer closed, no longer homogeneous, no longer situated within a noncommercial community, and no longer relatively small and manageable. But the technical protocol and the practices supporting a directory of Internet users remained the same. The only significant change was that the burden of supplying the Whois service shifted from defense contractor Stanford Research Institute to civilian National Science Foundation contractor Network Solutions, Inc. As the Internet moved from the small, noncommercial, and closed world of the 1980s to the open, public, and commercial world of the mid-1990s, no one made a conscious decision to retain the open-access Whois service of RFC 954; Whois was an unnoticed default value. If memory serves, the Green Paper that served as the basis for what we now know as ICANN and the rest of IG, specifically mentioned WHOIS and that trademark specialists did not feel it contained sufficient capability to meet their needs. The author's assertion that Whois was the default choice may be correct. However, it certainly was noticed as indicated by the record. Should we decide to include the author's remarks or provide a link to his paper, I suggest that we will need to do a further review of the content. Our review is fact-based. (In Discussion Paper Comments) Final note from KK: I look forward to our discussion! _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Wed Aug 31 15:38:31 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 31 Aug 2011 11:38:31 -0400 Subject: [Rt4-whois] Reviewing the Comments from ICANN Community In-Reply-To: <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> References: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> Message-ID: <4E5E5577.4080807@kathykleiman.com> I'm so sorry Bill, but I am having trouble identifying your comments. Would it be possible to preface them with a set of characters (e.g., BS or Comments?). Thanks! Kathy > Comments inline: > > On Aug 30, 2011, at 1:16 PM,> > wrote: > > Hi All, > I hope all is well. My family and I have survived the earthquake and > hurricane on the East Coast this past week -- and are hoping for easier > conditions in the future :-)! > > Like you, I am in the midst of my due diligence preparing for our meeting > on Thursday (with the disclaimer that I may not be able to attend due to > the change of date and my travel schedule). I am preparing my email > comments to share with the group. > > As promised, I did my "deep dive" on the comments we received in June/July > to our Discussion Paper. I complement the many groups that submitted > interesting and informative comments -- a lot of work was spent responding > to our queries. > > To Olof, I say Thank You! His comment summary, and especially his sorting > of the comments question by question is excellent. I urge you to review > the document at > http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf > > However, a few commenters asked us to look at things a little differently. > They asked us to include questions we had not asked, and history we had > not included. Some have very long histories in the Whois Arena, as part of > GAC, ALAC, Registrars and NCUC. ** I created a short summary of these > comments -- and some addition, important, points and questions they raise. > > I have tried to shorten and summarize with quotes (as Olof did -- thanks > for the example, Olof!) --- below and attached. > Best, Kathy > ------------- expanding our inquiry -- comment highlights ---------- > > AN EXPANDED VIEW OF THE WRT QUESTIONS > (Responses to WRT Discussion Paper) > > Introduction: While Olof did an outstanding job of summarizing the > questions by sorting them according to their responses to our 14 > questions, certain issues fell between the cracks ? largely because groups > and communities asked us to look at questions beyond those we had chosen > to ask. This paper takes a short look at what others asked us to see ? > including overstretching the purpose of Whois, significant policy work in > the limitations of Whois, and the importance of history and historical > perspective in our work. Thanks for taking a fast look at these > summaries?and feel free to return to the full comments (found at > http://forum.icann.org/lists/whoisrt-discussion-paper/). > > 1. Christopher Wilkinson, former GAC& GAC Secretariat (EU) on purpose of > Whois: > > ?I rather doubt that the initial purposes of the Whois protocol and > database extended to their current utilisation. It would appear that > rather more is expected of Whois than it is capable of delivering in view > of the legacy of past practice and the current and prospective scale of > the Internet.? (In Discussion Paper Comments) > > I am not aware of any evidence that WHOIS, protocol or data delivery, is > incapable of operating at Internet scale. In fact, we have an existence proof > of the opposite. > > I hope we review these comments in light of our scope and recall that our primary > charge is to Policy assess policy, not protocol. Simple as it is, WHOIS the protocol > is capable of delivering, at scale, most any information that policy dictates. > > Whatever the problems of WHOIS, they are not related to databases or > protocol as suggested in the excerpted paragraph. > > > 2. At Large Advisory Committee on the need to view the issues differently: > > ?It is our view that this Team must treat with and declare (1) whether the > WHOIS construct as originally devised and for the purpose intended is > still necessary, (2) whether the WHOIS dataset as originally determined > remains fit to its original purpose, and (3) whether the several > identifiable uses made of both the WHOIS data and processes that have > expanded the original intent are useful and in the public interest.? > > At Large Advisory Committee on the need to consider types of use in our > compliance schemes: ?Neither is it rational for the same risk in class or > kind to be ascribed to all domains; domains used primarily for support of > business transactions on the Web have a higher risk of consequential > fraudulent activities than do those used for more personal or > informational pursuits. As such, certain adjustments in approach to > compliance and our expectations of the impact from compliance might > benefit from a change in the philosophical construct of compliance and the > processes used to affect the assurance of compliance.? > > At Large Advisory Committee on the need to consider cycles of registration > in our compliance schemes: > > ?We believe that the all‐round public interest may be better served > by recognizing that the risks from the fraudulent actions of bad actors > are not the same throughout the WHOIS data cycle but tend to be cyclical ? > higher following the establishment of new domains and decreasing > thereafter.? (In Discussion Paper Comments) > > 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at > Odds: > > ?Privacy and accuracy go hand-in-hand. Rather than putting sensitive > information into public records, some registrants use "inaccurate" data > as a means of protecting their privacy. If registrants have other > channels to keep this information private, they may be more willing to > share accurate data with their registrar.? > > ?The problem for many registrants is indiscriminate public access to the > data. The lack of any restriction means that there is an unlimited > potential for bad actors to access and use the data, as well as > legitimate users and uses of these data.? > > Noncommercial Users Constituency on Why the Operational Point of Contact > Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow > purpose to Whois: > > ?ICANN stakeholders devoted a great deal of time and energy to this > question in GNSO Council-chartered WHOIS Task Forces. At the end of the > Task Force discussion in 2006, the group proposed that WHOIS be modified > to include an Operational Point of Contact (OPOC): > ? > > ?Under the OPOC proposal, "accredited registrars [would] publish three > types of data: > 1) Registered Name Holder > 2) Country and state/province of the registered nameholder > 3) Contact information of the OPoC, including name, address, telephone > number, email." > > ?Registrants with privacy concerns could name agents to serve as > OPoC,thereby keeping their personal address information out of the > public records.? (In Discussion Paper Comments) > > 4. Why Registrars under Tucows leadership strongly sought a balance to > simply Whois data, while improving it. > > Slides of Ross Rader, of Registrars Constituency and registrar Tucows, > discussing goals and advantages of Operational Point of Contact, endorsed > and a multi-year GNSO team. These slides and ideas were reference by > Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as > well as by the NCUC in the recent comment period. > > Goals (Operational Point of Contact- Powerpoint Slides) > ?? to simply Whois data output > ? reduce facilitation of domain related scams, illegal data mining, > phishing and identity theft > ? maintain or increase the value of Whois for all stakeholders > ? provide solid foundation for enhanced access to data by key stakeholders > ? promote data accuracy? (Link to slides in NCUC Discussion Paper Comments) > > 5. Dr. Mueller: Why technical History is important ? because it shows us > where we stopped thinking about purpose and goals. > > Dr. Milton Mueller asks us to examine his academic paper on the Whois > issues, and considers history to be a very important factor ? before and > during ICANN. Here are some highlights. > > ?This article examines how the Internet?s > Whois service has evolved into a surrogate > identity system. The Whois service allows any > Internet user to type a domain name into a Web > interface and be immediately returned the name > and contact details of whoever has registered > the domain. It is used by police to bring down > Web sites committing crimes; its information is > harvested by spammers and marketers seeking > to send their solicitations; it is used by people > curious to know who is behind a Web site or > e-mail address; above all, it is used by trademark > and copyright attorneys to keep an eye on > their brands in cyberspace? > > ?We recount the story of Whois because it > forces us to re-examine our understanding of > the relationship between technological systems > and global governance institutions. To understand > the importance of the Whois service, one > need only think of the license plate of an automobile > on the road, and imagine that anyone > who saw the license plate would be able to type > it into a computer and be returned the name of > the car owner and his or her street address, telephone > number, and e-mail address. > > ?That is what Whois does to domain name registrants. It > links the vehicle for navigating the complex > arena of cyberspace (domains) to a responsible > individual, a location, or a jurisdiction. > Of course in the real world, access to drivers? > license databases is restricted to law enforcement > authorities and motor vehicle departments. It is > not difficult to imagine both the benefits?and > the trouble?that might be caused by free, > anonymous, unrestricted public access to drivers? > license databases. No doubt some additional > crimes would be solved and perhaps some > amazing new information services could be > developed by a Google of the future. No doubt, > also, incidents of road rage and stalking would > be taken to new heights. The same concerns > apply to Whois. In addition to facilitating > accountability on the Internet, open access to > registrant contact data raises privacy issues and > concerns about abuse of sensitive personal data > by spammers, stalkers, and identity thieves. > > The author fails to point out that license plates are also a source of revenue and indicate > that a vehicle, at least in some cases, meets certain safety standards and has passed > one or more inspections. There are a variety of reasons for requiring licenses plates, among them > identifying the owner of a vehicle. A license plate is an indicia; the vehicle > is registered. Similarly a postmark is an indicia; postage has been paid. > > In most jurisdictions, vehicle operators are also required to have a license and a registration > form that in all cases carry information identifying the driver and owner of the vehicle in question. > Some jurisdictions require evidence of insurance which also identifies both the driver and vehicle, > and additionally provides the insurance carrier's name and the account number for the vehicle/driver. > That card potentially carries other information like spouse, domestic partner, children ,etc. > > Most jurisdictions require that operators exchange the information contained in these documents > and file reports with authorities in certain cases. Regardless, individuals involved in accidents are > required to exchange certain identifying information, contained on the above-mentioned documents. > No intervention by law enforcement is required. > > The information hidden behind a license plate is not, per se, limited to access by law enforcement as > the author suggests. Rather that information is to anyone at least in certain situations. > > Comparison of Whois to other registration systems, like business licenses might be more appropriate. > Many jurisdictions require businesses to display licenses. These licenses typically include names > and addresses and must be displayed "conspicuously". Similarly cosmetologists are required to display > their license, that typically includes name and address, at their primary workstation. Access to the > information in these licenses is intended to be public, to anyone entering the establishment or > seeking services. Access is not restricted in any way. > > By misstating the facts of vehicle licensing (registration) and ignoring to point out other registration > models, the author leads the reader to the conclusion that access to identifying information in the > "real world" is commonplace and therefor need be restricted in the virtual world. > > While there are legitimate needs to protect (some) individuals virtual space, blanket protections are not > the norm in the real world. The issue is more complex than the author would have the reader believe. > > > ?? Defaults tilt the playing > field toward one option by giving the > specified value the benefit of inertia?a Whois directory originated > as a feature of the Internet when it was a smallscale, > closed, scientific network. As the Internet > evolved into a large-scale, public, commercial > system, the Whois capability remained in place > by default. > > This is true. > > > (Historical evolution) > > ?The first RFCs make it clear that the Whois > protocol was intended to make available to > users a general directory of other ARPANET/ > Internet users. At the time, ARPANET was > what we would now call an intranet that > > RFC 812, the first standardization of WHOIS states, when speaking of the NICNAME/WHOIS > server, "It is one of a series of ARPANET/Internet name services maintained > > by the Network Information Center (NIC) ..." > > Even in 1982, when the RFC was published, > > linked a few hundred computer scientists and > researchers at less than a hundred geographically > distributed sites. A critical fact about this > directory, then, is that it was intended to serve a > closed, relatively homogeneous, and?compared > to today?s Internet?very small group of networked > computer users.8 The early standards > documents do not specify exactly what the purpose > of this directory was. One can infer from > > From RFC 812, "The server ... delivers the full name, U.S. mailing address, telephone number, and network mailbox for ARPANET users." > > context that it served a variety of purposes, and > was seen as a convenience to the community of > defense contractors involved in building the > early Internet. Another critical fact is that for > most users, participation in the directory was > encouraged, but was not operationally, legally, > > Actually the language in RFC 812 is "strongly encourages" and "requests > that ... all individuals capable of sending traffic across the ARPANET, be registered..." > > Further, in RFC 954, the language "MILNET TAC users must be registered in the database." > was added and we see the first requirement for inclusion in a WHOIS database with full > identifying information, in 1985. > > > or contractually required.9 It may be that the > request to register in the centralized Whois > database was made to facilitate technical coordination, > but this is not documented in the > RFC, and evidence supporting this has not > been found anywhere else. The RFC states > > Did the author consult with any of the Internet pioneers? > > only that the purpose is to provide ?a directory > service? (RFC 954, 1985, p. 1) to the network > users? > > ?Phase 2: Internet Opened to the Public and to Commerce > While the number of host computers connected > to it grew rapidly, the Internet was still a closed > community of specialized users throughout the > 1980s. From 1991 to 1995, a critical change > occurred: The Internet was opened to commercial > users and to the general public. This change was > accelerated by the creation and deployment of the > World Wide Web (WWW) and user-friendly > Web browsers, which made the Internet usable > and interesting to ordinary members of the public. > The number of computers connected to the Internet > exceeded 1.3 million before the end of 1992, > and was somewhere between 6 and 8 million by > the middle of 1995.10 This was no longer a ?community? > of computer scientists and researchers, > but a mass, heterogeneous public engaged in commerce > and in public and personal communication. > It was also an increasingly contentious and litigious > public? During this tornado of change, the Whois > service that was implemented between 1982 > and 1985 remained in place. The user base of > the Internet was no longer closed, no longer > homogeneous, no longer situated within a noncommercial > community, and no longer relatively > small and manageable. But the technical > protocol and the practices supporting a directory > of Internet users remained the same. The > only significant change was that the burden of > supplying the Whois service shifted from > defense contractor Stanford Research Institute > to civilian National Science Foundation contractor > Network Solutions, Inc. As the Internet > moved from the small, noncommercial, and > closed world of the 1980s to the open, public, > and commercial world of the mid-1990s, no > one made a conscious decision to retain the > open-access Whois service of RFC 954; Whois > was an unnoticed default value. > > If memory serves, the Green Paper that served as the basis for what we now know as > ICANN and the rest of IG, specifically mentioned WHOIS and that trademark specialists > did not feel it contained sufficient capability to meet their needs. > > The author's assertion that Whois was the default choice may be correct. However, it > certainly was noticed as indicated by the record. > > Should we decide to include the author's remarks or provide a link to his paper, I suggest > that we will need to do a further review of the content. > > Our review is fact-based. > > > (In Discussion Paper Comments) > > Final note from KK: I look forward to our discussion! > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- From bill.smith at paypal-inc.com Wed Aug 31 16:13:05 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 31 Aug 2011 10:13:05 -0600 Subject: [Rt4-whois] Reviewing the Comments from ICANN Community In-Reply-To: <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> References: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> Message-ID: <10FCA7E1-FBF8-4C16-87FB-4C41123B7E7F@paypal.com> Apologies. I've done my best to delimit my comments by ... . I have also amended my comments, where content was dropped and to clarify points I made. On Aug 31, 2011, at 8:11 AM, Bill Smith wrote: Comments inline: On Aug 30, 2011, at 1:16 PM, > > wrote: Hi All, I hope all is well. My family and I have survived the earthquake and hurricane on the East Coast this past week -- and are hoping for easier conditions in the future :-)! Like you, I am in the midst of my due diligence preparing for our meeting on Thursday (with the disclaimer that I may not be able to attend due to the change of date and my travel schedule). I am preparing my email comments to share with the group. As promised, I did my "deep dive" on the comments we received in June/July to our Discussion Paper. I complement the many groups that submitted interesting and informative comments -- a lot of work was spent responding to our queries. To Olof, I say Thank You! His comment summary, and especially his sorting of the comments question by question is excellent. I urge you to review the document at http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf However, a few commenters asked us to look at things a little differently. They asked us to include questions we had not asked, and history we had not included. Some have very long histories in the Whois Arena, as part of GAC, ALAC, Registrars and NCUC. ** I created a short summary of these comments -- and some addition, important, points and questions they raise. I have tried to shorten and summarize with quotes (as Olof did -- thanks for the example, Olof!) --- below and attached. Best, Kathy ------------- expanding our inquiry -- comment highlights ---------- AN EXPANDED VIEW OF THE WRT QUESTIONS (Responses to WRT Discussion Paper) Introduction: While Olof did an outstanding job of summarizing the questions by sorting them according to their responses to our 14 questions, certain issues fell between the cracks ? largely because groups and communities asked us to look at questions beyond those we had chosen to ask. This paper takes a short look at what others asked us to see ? including overstretching the purpose of Whois, significant policy work in the limitations of Whois, and the importance of history and historical perspective in our work. Thanks for taking a fast look at these summaries?and feel free to return to the full comments (found at http://forum.icann.org/lists/whoisrt-discussion-paper/). 1. Christopher Wilkinson, former GAC & GAC Secretariat (EU) on purpose of Whois: ?I rather doubt that the initial purposes of the Whois protocol and database extended to their current utilisation. It would appear that rather more is expected of Whois than it is capable of delivering in view of the legacy of past practice and the current and prospective scale of the Internet.? (In Discussion Paper Comments) I am not aware of any evidence that WHOIS, protocol or data delivery, is incapable of operating at Internet scale. In fact, we have an existence proof of the opposite. I hope we review these comments in light of our scope and recall that our primary charge is to Policy assess policy, not protocol. Simple as it is, WHOIS the protocol is capable of delivering, at scale, most any information that policy dictates. Whatever the problems of WHOIS, they are not related to databases or protocol as suggested in the excerpted paragraph. 2. At Large Advisory Committee on the need to view the issues differently: ?It is our view that this Team must treat with and declare (1) whether the WHOIS construct as originally devised and for the purpose intended is still necessary, (2) whether the WHOIS dataset as originally determined remains fit to its original purpose, and (3) whether the several identifiable uses made of both the WHOIS data and processes that have expanded the original intent are useful and in the public interest.? At Large Advisory Committee on the need to consider types of use in our compliance schemes: ?Neither is it rational for the same risk in class or kind to be ascribed to all domains; domains used primarily for support of business transactions on the Web have a higher risk of consequential fraudulent activities than do those used for more personal or informational pursuits. As such, certain adjustments in approach to compliance and our expectations of the impact from compliance might benefit from a change in the philosophical construct of compliance and the processes used to affect the assurance of compliance.? At Large Advisory Committee on the need to consider cycles of registration in our compliance schemes: ?We believe that the all‐round public interest may be better served by recognizing that the risks from the fraudulent actions of bad actors are not the same throughout the WHOIS data cycle but tend to be cyclical ? higher following the establishment of new domains and decreasing thereafter.? (In Discussion Paper Comments) 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at Odds: ?Privacy and accuracy go hand-in-hand. Rather than putting sensitive information into public records, some registrants use "inaccurate" data as a means of protecting their privacy. If registrants have other channels to keep this information private, they may be more willing to share accurate data with their registrar.? ?The problem for many registrants is indiscriminate public access to the data. The lack of any restriction means that there is an unlimited potential for bad actors to access and use the data, as well as legitimate users and uses of these data.? Noncommercial Users Constituency on Why the Operational Point of Contact Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow purpose to Whois: ?ICANN stakeholders devoted a great deal of time and energy to this question in GNSO Council-chartered WHOIS Task Forces. At the end of the Task Force discussion in 2006, the group proposed that WHOIS be modified to include an Operational Point of Contact (OPOC): ? ?Under the OPOC proposal, "accredited registrars [would] publish three types of data: 1) Registered Name Holder 2) Country and state/province of the registered nameholder 3) Contact information of the OPoC, including name, address, telephone number, email." ?Registrants with privacy concerns could name agents to serve as OPoC,thereby keeping their personal address information out of the public records.? (In Discussion Paper Comments) 4. Why Registrars under Tucows leadership strongly sought a balance to simply Whois data, while improving it. Slides of Ross Rader, of Registrars Constituency and registrar Tucows, discussing goals and advantages of Operational Point of Contact, endorsed and a multi-year GNSO team. These slides and ideas were reference by Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as well as by the NCUC in the recent comment period. Goals (Operational Point of Contact- Powerpoint Slides) ?? to simply Whois data output ? reduce facilitation of domain related scams, illegal data mining, phishing and identity theft ? maintain or increase the value of Whois for all stakeholders ? provide solid foundation for enhanced access to data by key stakeholders ? promote data accuracy? (Link to slides in NCUC Discussion Paper Comments) 5. Dr. Mueller: Why technical History is important ? because it shows us where we stopped thinking about purpose and goals. Dr. Milton Mueller asks us to examine his academic paper on the Whois issues, and considers history to be a very important factor ? before and during ICANN. Here are some highlights. ?This article examines how the Internet?s Whois service has evolved into a surrogate identity system. The Whois service allows any Internet user to type a domain name into a Web interface and be immediately returned the name and contact details of whoever has registered the domain. It is used by police to bring down Web sites committing crimes; its information is harvested by spammers and marketers seeking to send their solicitations; it is used by people curious to know who is behind a Web site or e-mail address; above all, it is used by trademark and copyright attorneys to keep an eye on their brands in cyberspace? ?We recount the story of Whois because it forces us to re-examine our understanding of the relationship between technological systems and global governance institutions. To understand the importance of the Whois service, one need only think of the license plate of an automobile on the road, and imagine that anyone who saw the license plate would be able to type it into a computer and be returned the name of the car owner and his or her street address, telephone number, and e-mail address. ?That is what Whois does to domain name registrants. It links the vehicle for navigating the complex arena of cyberspace (domains) to a responsible individual, a location, or a jurisdiction. Of course in the real world, access to drivers? license databases is restricted to law enforcement authorities and motor vehicle departments. It is not difficult to imagine both the benefits?and the trouble?that might be caused by free, anonymous, unrestricted public access to drivers? license databases. No doubt some additional crimes would be solved and perhaps some amazing new information services could be developed by a Google of the future. No doubt, also, incidents of road rage and stalking would be taken to new heights. The same concerns apply to Whois. In addition to facilitating accountability on the Internet, open access to registrant contact data raises privacy issues and concerns about abuse of sensitive personal data by spammers, stalkers, and identity thieves. The author fails to point out that license plates are also a source of revenue and indicate that a vehicle, at least in some cases, meets certain safety standards and has passed one or more inspections. There are a variety of reasons for requiring licenses plates, among them identifying the owner of a vehicle. A license plate is an indicia; the vehicle is registered. Similarly a postmark is an indicia; postage has been paid. In most jurisdictions, vehicle operators are also required to have a license and a registration form that in all cases carry information identifying the driver and owner of the vehicle in question. Some jurisdictions require evidence of insurance which also identifies both the driver and vehicle, and additionally provides the insurance carrier's name and the account number for the vehicle/driver. That card potentially carries other information like spouse, domestic partner, children ,etc. Most jurisdictions require that operators exchange the information contained in these documents and file reports with authorities in certain cases. Regardless, individuals involved in accidents are required to exchange certain identifying information, contained on the above-mentioned documents. No intervention by law enforcement is required. The information hidden behind a license plate is not, per se, limited to access by law enforcement as the author suggests. Rather that information is to anyone at least in certain situations. Comparison of Whois to other registration systems, like business licenses might be more appropriate. Many jurisdictions require businesses to display licenses. These licenses typically include names and addresses and must be displayed "conspicuously". Similarly cosmetologists are required to display their license, that typically includes name and address, at their primary workstation. Access to the information in these licenses is intended to be public, to anyone entering the establishment or seeking services. Access is not restricted in any way. By misstating the facts of vehicle licensing (registration) and ignoring to point out other registration models, the author leads the reader to the conclusion that access to identifying information in the "real world" is commonplace and therefor need be restricted in the virtual world. While there are legitimate needs to protect (some) individuals virtual space, blanket protections are not the norm in the real world. The issue is more complex than the author would have the reader believe. ?? Defaults tilt the playing field toward one option by giving the specified value the benefit of inertia?a Whois directory originated as a feature of the Internet when it was a smallscale, closed, scientific network. As the Internet evolved into a large-scale, public, commercial system, the Whois capability remained in place by default. This is true. [added] ... to a point. (Historical evolution) ?The first RFCs make it clear that the Whois protocol was intended to make available to users a general directory of other ARPANET/ Internet users. At the time, ARPANET was what we would now call an intranet that RFC 812, the first standardization of WHOIS states, when speaking of the NICNAME/WHOIS server, "It is one of a series of ARPANET/Internet name services maintained by the Network Information Center (NIC) ..." Even in 1982, when the RFC was published, [added] the ARPANET was *architecturally* identical to the Internet today. The number of connected machines/users was quite different but the ARPANET was in fact a network of networks - the definition of the Internet. [something like the above was dropped from my original message] linked a few hundred computer scientists and researchers at less than a hundred geographically distributed sites. A critical fact about this directory, then, is that it was intended to serve a closed, relatively homogeneous, and?compared to today?s Internet?very small group of networked computer users.8 The early standards documents do not specify exactly what the purpose of this directory was. One can infer from >From RFC 812, "The server ... delivers the full name, U.S. mailing address, telephone number, and network mailbox for ARPANET users." [added] Reading the early RFCs (812 and 954) it is a simple matter to ascertain the purpose, to make available to any individual with access to the NICNAME/WHOIS service with the information provided by "any [registeerd] individua capable of sending traffic across the ARPANET". While there was no firm requirement that all individuals be registered RFC 812 clear states that if you are registered, the server will deliver your contact details. context that it served a variety of purposes, and was seen as a convenience to the community of defense contractors involved in building the early Internet. Another critical fact is that for most users, participation in the directory was encouraged, but was not operationally, legally, Actually the language in RFC 812 is "strongly encourages" and "requests that ... all individuals capable of sending traffic across the ARPANET, be registered..." Further, in RFC 954, the language "MILNET TAC users must be registered in the database." was added and we see the first requirement for inclusion in a WHOIS database with full identifying information, in 1985. or contractually required.9 It may be that the request to register in the centralized Whois database was made to facilitate technical coordination, but this is not documented in the RFC, and evidence supporting this has not been found anywhere else. The RFC states Did the author consult with any of the Internet pioneers? only that the purpose is to provide ?a directory service? (RFC 954, 1985, p. 1) to the network users? ?Phase 2: Internet Opened to the Public and to Commerce While the number of host computers connected to it grew rapidly, the Internet was still a closed community of specialized users throughout the 1980s. From 1991 to 1995, a critical change occurred: The Internet was opened to commercial users and to the general public. This change was accelerated by the creation and deployment of the World Wide Web (WWW) and user-friendly Web browsers, which made the Internet usable and interesting to ordinary members of the public. The number of computers connected to the Internet exceeded 1.3 million before the end of 1992, and was somewhere between 6 and 8 million by the middle of 1995.10 This was no longer a ?community? of computer scientists and researchers, but a mass, heterogeneous public engaged in commerce and in public and personal communication. It was also an increasingly contentious and litigious public? During this tornado of change, the Whois service that was implemented between 1982 and 1985 remained in place. The user base of the Internet was no longer closed, no longer homogeneous, no longer situated within a noncommercial community, and no longer relatively small and manageable. But the technical protocol and the practices supporting a directory of Internet users remained the same. The only significant change was that the burden of supplying the Whois service shifted from defense contractor Stanford Research Institute to civilian National Science Foundation contractor Network Solutions, Inc. As the Internet moved from the small, noncommercial, and closed world of the 1980s to the open, public, and commercial world of the mid-1990s, no one made a conscious decision to retain the open-access Whois service of RFC 954; Whois was an unnoticed default value. If memory serves, the Green Paper that served as the basis for what we now know as ICANN and the rest of IG, specifically mentioned WHOIS and that trademark specialists did not feel it contained sufficient capability to meet their needs. The author's assertion that Whois was the default choice may be correct. However, it certainly was noticed as indicated by the record. Should we decide to include the author's remarks or provide a link to his paper, I suggest that we will need to do a further review of the content. Our review is fact-based. (In Discussion Paper Comments) Final note from KK: I look forward to our discussion! _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Wed Aug 31 17:08:26 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 31 Aug 2011 13:08:26 -0400 Subject: [Rt4-whois] Reviewing the Comments from ICANN Community In-Reply-To: <10FCA7E1-FBF8-4C16-87FB-4C41123B7E7F@paypal.com> References: <3226.66.44.74.157.1314735413.squirrel@kathykleiman.com> <2FD26ECD-9211-412B-BDC7-575C4EAB21BA@paypal.com> <10FCA7E1-FBF8-4C16-87FB-4C41123B7E7F@paypal.com> Message-ID: <4E5E6A8A.4070006@kathykleiman.com> Thanks so much, Bill! : > Apologies. I've done my best to delimit my comments by .... > > I have also amended my comments, where content was dropped and to clarify points I made. > > On Aug 31, 2011, at 8:11 AM, Bill Smith wrote: > > Comments inline: > > On Aug 30, 2011, at 1:16 PM,> > wrote: > > Hi All, > I hope all is well. My family and I have survived the earthquake and > hurricane on the East Coast this past week -- and are hoping for easier > conditions in the future :-)! > > Like you, I am in the midst of my due diligence preparing for our meeting > on Thursday (with the disclaimer that I may not be able to attend due to > the change of date and my travel schedule). I am preparing my email > comments to share with the group. > > As promised, I did my "deep dive" on the comments we received in June/July > to our Discussion Paper. I complement the many groups that submitted > interesting and informative comments -- a lot of work was spent responding > to our queries. > > To Olof, I say Thank You! His comment summary, and especially his sorting > of the comments question by question is excellent. I urge you to review > the document at > http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf > > However, a few commenters asked us to look at things a little differently. > They asked us to include questions we had not asked, and history we had > not included. Some have very long histories in the Whois Arena, as part of > GAC, ALAC, Registrars and NCUC. ** I created a short summary of these > comments -- and some addition, important, points and questions they raise. > > I have tried to shorten and summarize with quotes (as Olof did -- thanks > for the example, Olof!) --- below and attached. > Best, Kathy > ------------- expanding our inquiry -- comment highlights ---------- > > AN EXPANDED VIEW OF THE WRT QUESTIONS > (Responses to WRT Discussion Paper) > > Introduction: While Olof did an outstanding job of summarizing the > questions by sorting them according to their responses to our 14 > questions, certain issues fell between the cracks ? largely because groups > and communities asked us to look at questions beyond those we had chosen > to ask. This paper takes a short look at what others asked us to see ? > including overstretching the purpose of Whois, significant policy work in > the limitations of Whois, and the importance of history and historical > perspective in our work. Thanks for taking a fast look at these > summaries?and feel free to return to the full comments (found at > http://forum.icann.org/lists/whoisrt-discussion-paper/). > > 1. Christopher Wilkinson, former GAC& GAC Secretariat (EU) on purpose of > Whois: > > ?I rather doubt that the initial purposes of the Whois protocol and > database extended to their current utilisation. It would appear that > rather more is expected of Whois than it is capable of delivering in view > of the legacy of past practice and the current and prospective scale of > the Internet.? (In Discussion Paper Comments) > > > > > I am not aware of any evidence that WHOIS, protocol or data delivery, is > incapable of operating at Internet scale. In fact, we have an existence proof > of the opposite. > > I hope we review these comments in light of our scope and recall that our primary > charge is to Policy assess policy, not protocol. Simple as it is, WHOIS the protocol > is capable of delivering, at scale, most any information that policy dictates. > > Whatever the problems of WHOIS, they are not related to databases or > protocol as suggested in the excerpted paragraph. > > > > > > 2. At Large Advisory Committee on the need to view the issues differently: > > ?It is our view that this Team must treat with and declare (1) whether the > WHOIS construct as originally devised and for the purpose intended is > still necessary, (2) whether the WHOIS dataset as originally determined > remains fit to its original purpose, and (3) whether the several > identifiable uses made of both the WHOIS data and processes that have > expanded the original intent are useful and in the public interest.? > > At Large Advisory Committee on the need to consider types of use in our > compliance schemes: ?Neither is it rational for the same risk in class or > kind to be ascribed to all domains; domains used primarily for support of > business transactions on the Web have a higher risk of consequential > fraudulent activities than do those used for more personal or > informational pursuits. As such, certain adjustments in approach to > compliance and our expectations of the impact from compliance might > benefit from a change in the philosophical construct of compliance and the > processes used to affect the assurance of compliance.? > > At Large Advisory Committee on the need to consider cycles of registration > in our compliance schemes: > > ?We believe that the all‐round public interest may be better served > by recognizing that the risks from the fraudulent actions of bad actors > are not the same throughout the WHOIS data cycle but tend to be cyclical ? > higher following the establishment of new domains and decreasing > thereafter.? (In Discussion Paper Comments) > > 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at > Odds: > > ?Privacy and accuracy go hand-in-hand. Rather than putting sensitive > information into public records, some registrants use "inaccurate" data > as a means of protecting their privacy. If registrants have other > channels to keep this information private, they may be more willing to > share accurate data with their registrar.? > > ?The problem for many registrants is indiscriminate public access to the > data. The lack of any restriction means that there is an unlimited > potential for bad actors to access and use the data, as well as > legitimate users and uses of these data.? > > Noncommercial Users Constituency on Why the Operational Point of Contact > Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow > purpose to Whois: > > ?ICANN stakeholders devoted a great deal of time and energy to this > question in GNSO Council-chartered WHOIS Task Forces. At the end of the > Task Force discussion in 2006, the group proposed that WHOIS be modified > to include an Operational Point of Contact (OPOC): > ? > > ?Under the OPOC proposal, "accredited registrars [would] publish three > types of data: > 1) Registered Name Holder > 2) Country and state/province of the registered nameholder > 3) Contact information of the OPoC, including name, address, telephone > number, email." > > ?Registrants with privacy concerns could name agents to serve as > OPoC,thereby keeping their personal address information out of the > public records.? (In Discussion Paper Comments) > > 4. Why Registrars under Tucows leadership strongly sought a balance to > simply Whois data, while improving it. > > Slides of Ross Rader, of Registrars Constituency and registrar Tucows, > discussing goals and advantages of Operational Point of Contact, endorsed > and a multi-year GNSO team. These slides and ideas were reference by > Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as > well as by the NCUC in the recent comment period. > > Goals (Operational Point of Contact- Powerpoint Slides) > ?? to simply Whois data output > ? reduce facilitation of domain related scams, illegal data mining, > phishing and identity theft > ? maintain or increase the value of Whois for all stakeholders > ? provide solid foundation for enhanced access to data by key stakeholders > ? promote data accuracy? (Link to slides in NCUC Discussion Paper Comments) > > 5. Dr. Mueller: Why technical History is important ? because it shows us > where we stopped thinking about purpose and goals. > > Dr. Milton Mueller asks us to examine his academic paper on the Whois > issues, and considers history to be a very important factor ? before and > during ICANN. Here are some highlights. > > ?This article examines how the Internet?s > Whois service has evolved into a surrogate > identity system. The Whois service allows any > Internet user to type a domain name into a Web > interface and be immediately returned the name > and contact details of whoever has registered > the domain. It is used by police to bring down > Web sites committing crimes; its information is > harvested by spammers and marketers seeking > to send their solicitations; it is used by people > curious to know who is behind a Web site or > e-mail address; above all, it is used by trademark > and copyright attorneys to keep an eye on > their brands in cyberspace? > > ?We recount the story of Whois because it > forces us to re-examine our understanding of > the relationship between technological systems > and global governance institutions. To understand > the importance of the Whois service, one > need only think of the license plate of an automobile > on the road, and imagine that anyone > who saw the license plate would be able to type > it into a computer and be returned the name of > the car owner and his or her street address, telephone > number, and e-mail address. > > ?That is what Whois does to domain name registrants. It > links the vehicle for navigating the complex > arena of cyberspace (domains) to a responsible > individual, a location, or a jurisdiction. > Of course in the real world, access to drivers? > license databases is restricted to law enforcement > authorities and motor vehicle departments. It is > not difficult to imagine both the benefits?and > the trouble?that might be caused by free, > anonymous, unrestricted public access to drivers? > license databases. No doubt some additional > crimes would be solved and perhaps some > amazing new information services could be > developed by a Google of the future. No doubt, > also, incidents of road rage and stalking would > be taken to new heights. The same concerns > apply to Whois. In addition to facilitating > accountability on the Internet, open access to > registrant contact data raises privacy issues and > concerns about abuse of sensitive personal data > by spammers, stalkers, and identity thieves. > > > > > The author fails to point out that license plates are also a source of revenue and indicate > that a vehicle, at least in some cases, meets certain safety standards and has passed > one or more inspections. There are a variety of reasons for requiring licenses plates, among them > identifying the owner of a vehicle. A license plate is an indicia; the vehicle > is registered. Similarly a postmark is an indicia; postage has been paid. > > In most jurisdictions, vehicle operators are also required to have a license and a registration > form that in all cases carry information identifying the driver and owner of the vehicle in question. > Some jurisdictions require evidence of insurance which also identifies both the driver and vehicle, > and additionally provides the insurance carrier's name and the account number for the vehicle/driver. > That card potentially carries other information like spouse, domestic partner, children ,etc. > > Most jurisdictions require that operators exchange the information contained in these documents > and file reports with authorities in certain cases. Regardless, individuals involved in accidents are > required to exchange certain identifying information, contained on the above-mentioned documents. > No intervention by law enforcement is required. > > The information hidden behind a license plate is not, per se, limited to access by law enforcement as > the author suggests. Rather that information is to anyone at least in certain situations. > > Comparison of Whois to other registration systems, like business licenses might be more appropriate. > Many jurisdictions require businesses to display licenses. These licenses typically include names > and addresses and must be displayed "conspicuously". Similarly cosmetologists are required to display > their license, that typically includes name and address, at their primary workstation. Access to the > information in these licenses is intended to be public, to anyone entering the establishment or > seeking services. Access is not restricted in any way. > > By misstating the facts of vehicle licensing (registration) and ignoring to point out other registration > models, the author leads the reader to the conclusion that access to identifying information in the > "real world" is commonplace and therefor need be restricted in the virtual world. > > While there are legitimate needs to protect (some) individuals virtual space, blanket protections are not > the norm in the real world. The issue is more complex than the author would have the reader believe. > > > > > > ?? Defaults tilt the playing > field toward one option by giving the > specified value the benefit of inertia?a Whois directory originated > as a feature of the Internet when it was a smallscale, > closed, scientific network. As the Internet > evolved into a large-scale, public, commercial > system, the Whois capability remained in place > by default. > > > > > This is true. > > > [added] ... to a point. > > > > > (Historical evolution) > > ?The first RFCs make it clear that the Whois > protocol was intended to make available to > users a general directory of other ARPANET/ > Internet users. At the time, ARPANET was > what we would now call an intranet that > > > > > RFC 812, the first standardization of WHOIS states, when speaking of the NICNAME/WHOIS > server, "It is one of a series of ARPANET/Internet name services maintained > > by the Network Information Center (NIC) ..." > > Even in 1982, when the RFC was published, > > [added] the ARPANET was *architecturally* identical to the Internet today. The number of connected > machines/users was quite different but the ARPANET was in fact a network of networks - the definition > of the Internet. > > [something like the above was dropped from my original message] > > > > > linked a few hundred computer scientists and > researchers at less than a hundred geographically > distributed sites. A critical fact about this > directory, then, is that it was intended to serve a > closed, relatively homogeneous, and?compared > to today?s Internet?very small group of networked > computer users.8 The early standards > documents do not specify exactly what the purpose > of this directory was. One can infer from > > > > From RFC 812, "The server ... delivers the full name, U.S. mailing address, telephone number, and network mailbox for ARPANET users." > > [added] Reading the early RFCs (812 and 954) it is a simple matter to ascertain the purpose, to make > available to any individual with access to the NICNAME/WHOIS service with the information provided > by "any [registeerd] individua capable of sending traffic across the ARPANET". While there was no firm > requirement that all individuals be registered RFC 812 clear states that if you are registered, the server > will deliver your contact details. > > > > > context that it served a variety of purposes, and > was seen as a convenience to the community of > defense contractors involved in building the > early Internet. Another critical fact is that for > most users, participation in the directory was > encouraged, but was not operationally, legally, > > > > > Actually the language in RFC 812 is "strongly encourages" and "requests > that ... all individuals capable of sending traffic across the ARPANET, be registered..." > > Further, in RFC 954, the language "MILNET TAC users must be registered in the database." > was added and we see the first requirement for inclusion in a WHOIS database with full > identifying information, in 1985. > > > > > > or contractually required.9 It may be that the > request to register in the centralized Whois > database was made to facilitate technical coordination, > but this is not documented in the > RFC, and evidence supporting this has not > been found anywhere else. The RFC states > > > > > Did the author consult with any of the Internet pioneers? > > > > > only that the purpose is to provide ?a directory > service? (RFC 954, 1985, p. 1) to the network > users? > > ?Phase 2: Internet Opened to the Public and to Commerce > While the number of host computers connected > to it grew rapidly, the Internet was still a closed > community of specialized users throughout the > 1980s. From 1991 to 1995, a critical change > occurred: The Internet was opened to commercial > users and to the general public. This change was > accelerated by the creation and deployment of the > World Wide Web (WWW) and user-friendly > Web browsers, which made the Internet usable > and interesting to ordinary members of the public. > The number of computers connected to the Internet > exceeded 1.3 million before the end of 1992, > and was somewhere between 6 and 8 million by > the middle of 1995.10 This was no longer a ?community? > of computer scientists and researchers, > but a mass, heterogeneous public engaged in commerce > and in public and personal communication. > It was also an increasingly contentious and litigious > public? During this tornado of change, the Whois > service that was implemented between 1982 > and 1985 remained in place. The user base of > the Internet was no longer closed, no longer > homogeneous, no longer situated within a noncommercial > community, and no longer relatively > small and manageable. But the technical > protocol and the practices supporting a directory > of Internet users remained the same. The > only significant change was that the burden of > supplying the Whois service shifted from > defense contractor Stanford Research Institute > to civilian National Science Foundation contractor > Network Solutions, Inc. As the Internet > moved from the small, noncommercial, and > closed world of the 1980s to the open, public, > and commercial world of the mid-1990s, no > one made a conscious decision to retain the > open-access Whois service of RFC 954; Whois > was an unnoticed default value. > > > > > If memory serves, the Green Paper that served as the basis for what we now know as > ICANN and the rest of IG, specifically mentioned WHOIS and that trademark specialists > did not feel it contained sufficient capability to meet their needs. > > The author's assertion that Whois was the default choice may be correct. However, it > certainly was noticed as indicated by the record. > > Should we decide to include the author's remarks or provide a link to his paper, I suggest > that we will need to do a further review of the content. > > Our review is fact-based. > > > > > (In Discussion Paper Comments) > > Final note from KK: I look forward to our discussion! > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- From kim at vonarx.ca Wed Aug 31 19:05:20 2011 From: kim at vonarx.ca (Kim G. von Arx) Date: Wed, 31 Aug 2011 15:05:20 -0400 Subject: [Rt4-whois] chapter comments resending Message-ID: Dear All: I am not sure if I can make the call tomorrow, but I will certainly try my best to participate. In anticipation of the call, please find below my general comments on the chapters. 1. Peter I really enjoyed reading your chapter and I think you did an excellent job writing it. There are two concerns that I have: (a) I feel that the chapter lacks some balance between the different factions privacy vs. full disclosure. I am cognizant of the fact that one side certainly is more vocal than the other, however, I do believe that we need to take extra care to make sure that all the views are equally represented in the discussion. Half way through the chapter, I did get the feeling that it was arguing much more strongly in favour of full disclosure and for commercial and law enforcement interests. While I believe that many of the arguments raised are very valid, I do believe it is important to provide a balanced view on all of the positions that were brought to us. (b) While I think the recommendations and conclusions are well argued and thought out, I am somewhat concerned by the scope of the recommendations. I do believe that there is an opportunity for the WHOIS policy to be amended to reflect the needs of all the stakeholders and not just to regulate the proxy services. Indeed, in the grand scheme of things, the former would be easier to implement, maintain, and regulate then the latter - I think. Again, Peter, thank you very much for all the work you did on this. I can only imagine how much time you spent on drafting this and I think you did an excellent job. 2. Kathy Again, thank you very much for the work and I think you did a bang on job in outlining our approach and methodology. I don't really have any comments with respect to your chapter as it was simply a "pulling together" of the facts, dates, and quotes. This is not to say that it did not take much effort on your part, it is merely meant to say that there is really nothing for me to comment and/or argue about considering that all of the things you mentioned are factual. 3. Sharon My thanks to you too for all the work you put into this. I know how busy you are in trying to keep our world a saver place for all of us. I actually spent most time on your parts and re-read them a few times to figure out whether I think any of the comments warrant an amendment to our definition. After a lengthy debate with myself, I reached the conclusion that I do not believe that our definitions need any amendments. I feel that we found a fairly good balance in our approach to the terms and any amendments to the definitions of those terms would slant the balance into one or the other direction. At this stage, I believe that our definitions have found the best possible balance for all stakeholders concerned. 4. Emily I am still working through yours. Kim __________________________________ kim at vonarx.ca +1 (613) 286-4445 "Shoot for the moon. Even if you miss, you'll land among the stars..." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/f4a1ed12/attachment.html From emily at emilytaylor.eu Wed Aug 31 19:17:31 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 31 Aug 2011 20:17:31 +0100 Subject: [Rt4-whois] chapter comments resending In-Reply-To: References: Message-ID: Thank you Kim I hope you will be able to join the call, but in the meantime, your feedback is much appreciated - look forward to hearing your further thoughts. kind regards Emily On 31 August 2011 20:05, Kim G. von Arx wrote: > Dear All: > > I am not sure if I can make the call tomorrow, but I will certainly try my > best to participate. In anticipation of the call, please find below my > general comments on the chapters. > > 1. Peter > > I really enjoyed reading your chapter and I think you did an excellent job > writing it. There are two concerns that I have: > > (a) I feel that the chapter lacks some balance between the different > factions privacy vs. full disclosure. I am cognizant of the fact that one > side certainly is more vocal than the other, however, I do believe that > we need to take extra care to make sure that all the views are equally > represented in the discussion. Half way through the chapter, I did get > the feeling that it was arguing much more strongly in favour of full > disclosure and for commercial and law enforcement interests. While I > believe that many of the arguments raised are very valid, I do believe > it is important to provide a balanced view on all of the positions that were > brought to us. > > (b) While I think the recommendations and conclusions are well argued and > thought out, I am somewhat concerned by the scope of the recommendations. I > do believe that there is an opportunity for the WHOIS policy to be > amended to reflect the needs of all the stakeholders and not just to > regulate the proxy services. Indeed, in the grand scheme of things, the > former would be easier to implement, maintain, and regulate then the latter > - I think. > > Again, Peter, thank you very much for all the work you did on this. I can > only imagine how much time you spent on drafting this and I think you did an > excellent job. > > 2. Kathy > > Again, thank you very much for the work and I think you did a bang on job > in outlining our approach and methodology. I don't really have any comments > with respect to your chapter as it was simply a "pulling together" of the > facts, dates, and quotes. This is not to say that it did not take much > effort on your part, it is merely meant to say that there is really > nothing for me to comment and/or argue about considering that all of the > things you mentioned are factual. > > 3. Sharon > > My thanks to you too for all the work you put into this. I know how busy > you are in trying to keep our world a saver place for all of us. I actually > spent most time on your parts and re-read them a few times to figure out > whether I think any of the comments warrant an amendment to our definition. > After a lengthy debate with myself, I reached the conclusion that I do > not believe that our definitions need any amendments. I feel that we found > a fairly good balance in our approach to the terms and any amendments to the > definitions of those terms would slant the balance into one or the other > direction. At this stage, I believe that our definitions have found the > best possible balance for all stakeholders concerned. > > 4. Emily > > I am still working through yours. > > Kim > > > __________________________________ > > *kim at vonarx.ca* > *+1 (613) 286-4445* > > "Shoot for the moon. Even if you miss, you'll land among the stars..." > > > > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/0d8ceb8c/attachment.html From lynn at goodsecurityconsulting.com Wed Aug 31 20:34:22 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 31 Aug 2011 13:34:22 -0700 Subject: [Rt4-whois] re-sending Consumer Trust key conceps draft Message-ID: <20110831133422.00ef555ff13978e3e1b8d2179880f99e.db1312fd5a.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/a726f52a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Working Draft Consumer Trust.doc Type: application/msword application Size: 34304 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110831/a726f52a/WorkingDraftConsumerTrust.doc From susank at fb.com Thu Sep 1 00:00:52 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Sep 2011 00:00:52 +0000 Subject: [Rt4-whois] Accuracy in the WHOIS Message-ID: Hello All, I have been giving accuracy in the WHOIS record much thought in the last two days and came across interesting information in the NSI registration agreement . NSI utilizes the Coding Accuracy Support System (CASS) and the National Change of Address program to update the mailing address information for their clients. I have not thoroughly reviewed other large registrars registration agreement but others may be using these accuracy validation mechanisms too. I have included links to additional information on each of these services further down but the Wikipedia page I have copied below (if it is accurate) illustrates CASS. Coding Accuracy Support System (CASS) enables the United States Postal Service to evaluate the accuracy of software that corrects and matches street addresses. CASS certification is offered to all mailers, service bureaus, and software vendors that would like the USPS to evaluate the quality of their address-matching software and improve the accuracy of their ZIP+4, carrier route, and five-digit coding. For software vendors and service bureaus, CASS Certification must be renewed annually with the USPS to meet current CASS Certification cycle requirements. CASS Certified products are listed in USPS literature and on its web site. CASS software will correct and standardize addresses. It will also add missing address information, such as ZIP codes, cities, and states, to ensure the address is complete. Starting with 2007 Cycle L, CASS software will also perform delivery point validation to verify whether or not an address is a deliverable address and check against the USPS Locatable Address Conversion System to update addresses that have been renamed or renumbered. A correct address saves the Postal Service time, money and manpower by reducing the volume of 1) non-deliverable mail; 2) unsorted mail; 3) mail that is deliverable, but requires extra effort to determine the proper location to deliver it to.[1] Mailers who use CASS software to check the addresses of their mailing may be able to qualify for discounted postage rates from the USPS. An example of what CASS software will correct in an address: The input of: 1 MICROWSOFT REDMUND WA Produces the output of: MICROSOFT 1 MICROSOFT WAY REDMOND WA 98052-8300 Here the street and city name misspellings have been corrected; street suffix, ZIP code and ZIP+4 add-on have been added; and, in this case, the address was determined to be the location of a business. In addition to an updated address, CASS software can also return descriptive information about the address. The information falls into two categories: 1. If the address was successfully processed, or if not then why, 2. Information on how to deliver the mailing. It is also interesting that in reading the information about CASS a similar process has been adopted in the UK, Germany and Canada. PCI is used by major credit card companies to verify data - we may learn something useful for WHOIS accuracy from this. https://www.pcisecuritystandards.org/ Sample of language from NSI registrar terms of service. ACCURATE INFORMATION. You agree to: (1) provide certain true, current, complete and accurate information about you as required by the application process; and (2) maintain and update according to our modification procedures the information you provided to us when purchasing our services as needed to keep it current, complete and accurate. We rely on this information to send you important information and notices regarding your account and our services. You agree that Network Solutions (itself or through its third party service providers) is authorized, but not obligated, to use Coding Accuracy Support System (CASS) certified software and/or the National Change of Address program (and/or such other systems or programs as may be recognized by the United States Postal Service or other international postal authority for updating and/or standardizing address information) to change any address information associated with your account (e.g., registrant address, billing contact address, etc.), and you agree that Network Solutions may use and rely upon any such changed address information for all purposes in connection with your account (including the sending of invoices and other important account information) as though such changes had been made directly by you. Network Solutions' Disclosure of Certain Information. Subject to the requirements of our privacy statement, in order for us to comply the current rules and policies for the domain name system, you hereby grant to Network Solutions the right to disclose to third parties through an interactive publicly accessible registration database (such as WHOIS) the following mandatory information that you are required to provide when registering or reserving a domain name: (i) the domain name(s) registered by you; (ii) your name and postal address; (iii) the name(s), postal address(es), email address(es), voice telephone number and where available the fax number(s) of the technical, administrative and billing contacts for your domain name(s); (iv) the Internet protocol numbers of the primary nameserver and secondary nameserver(s) for such domain name(s); (v) the corresponding names of those nameservers; (vi) the original creation date of the registration; and (vii) the expiration date of the registration. If you are an individual who wishes to opt out of having your information displayed in the WHOIS database, you must choose the Private Registration service that is described in Schedule D to this Agreement. You consent to allow us to transmit this registration data to an ICANN approved or designated escrow agent who stores this information pursuant to ICANN requirements. You also grant to Network Solutions the right to make this information available in bulk form to third parties who agree not to use it to (a) allow, enable or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via telephone, facsimile, or email (spam) or (b) enable high volume, automated, electronic processes that apply to our systems to register domain names. CASS http://ribbs.usps.gov/cassmass/documents/tech_guides/CASS%20Cert%20Req%20MAILERS%20Guide.pdf NCOALink(r) Systems A comprehensive program that aids mailers in identifying address changes before mail enters the mail stream. Over 40 million Americans change their address annually, which creates formidable obstacles in maintaining a high-quality mailing list. The NCOALink product makes change-of-address information available to mailers to help reduce undeliverable mailpieces before mail enters the mailstream. The NCOALink process consists of computer software purchased, leased, or developed by the licensee to access the NCOALink data. The Postal Service certifies the process and licenses the NCOALink product to private sector companies for commercial mail list processing or internal mail list management. Updated, computerized change-of-address information is provided on a regular basis to the NCOALink licensees by the Postal Service. The NCOALink process improves mail deliverability by providing mailers with current, standardized, delivery point coded addresses for individual, family, and business moves. Input address information must first be standardized to conform to USPS(r) requirements, including the ZIP + 4(r) code. An attempt is made to match each name and address against the NCOALink product. Address change information is derived from the PS Form 3575, Change-of-Address Order, filed by relocating postal customers. If a match is made with the name and old address information in the NCOALink file, then the NCOALink licensee is permitted to provide the current move information (new address or undeliverable status) to update the mailing list. The full NCOALink Product contains approximately 160 million records or 48 months of permanent address changes and is available to Full Service Provider Licensees. The limited NCOALink product contains approximately 60 million records or 18 months of permanent address changes and is available to Limited Service Provider and End User Licensees. NCOALink helps reduce undeliverable-as-addressed (UAA) mail by correcting input addresses prior to mailing. Since 1986, Move Update predecessors such as ACSTM Service, National Change of Address (NCOA), and the FASTforward(r) system have saved mailers millions of dollars that otherwise would have been wasted in materials and postage. NCOALink continues this trend and, like its predecessors, provides the following benefits to mailers... * Reduces undeliverable mail by providing the most current address information for matches made to the NCOALink file. * Prevents re-mailings after address corrections are received because the address correction is applied prior to the mailing. * Reduces mailer costs by reducing the number of undeliverable mailpieces by using most current address information. * Provides the opportunity for faster product/service marketing through accurate mail delivery. In addition to change-of-address information, NCOALink also utilizes Return Codes to provide explanation of match and non-match status. Return Codes, which indicate that a match was obtained, are accompanied by a new address or undeliverable status. Return Codes, which indicate a match was not obtained, provide the reason a match could not be made to the NCOALink file. The analysis of Return Codes can help the mailer determine the deliverability of specific address records. For more information on NCOALink and the licenses available, visit the NCOALink page on RIBBS(r). For a list of Licensed Vendors, visit the NCOALink Vendors page on RIBBS or contact the National Customer Support Center at 800-589-5766. Links Vendors and Licensees RIBBS Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110901/5e03a1ea/attachment.html From alice.jansen at icann.org Thu Sep 1 10:45:08 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Thu, 1 Sep 2011 03:45:08 -0700 Subject: [Rt4-whois] REMINDER - Call today @ 22:00 UTC Message-ID: Dear Review Team Members, Your next conference call is scheduled for: **Thursday, 1 September 2011** 22:00 UTC Please check your local time at: http://timeanddate.com/worldclock/fixedtime.html?msg=WHOIS+RT+Call&iso=20110901T22&ah=1&am=30 PASSWORD: 27318 followed by # Agenda: https://community.icann.org/display/whoisreview/Call+19+-+1+September+2011 Adobe room: http://icann.adobeconnect.com/whois-review/ Audio-cast (silent observers): http://stream.icann.org:8000/whois.m3u Dial-in numbers: Please find below a table which encapsulates dial-in numbers for your countries of residence. Should you be traveling, please refer to the full list which is available at: http://www.adigo.com/icann/ Australia 1 800 009 820 1 800 036 775 Sydney T +61 290372962 Melbourne T +61 399996500 Brisbane T +61 731777546 Austria L - 0 800 295 858 M - 0 800 295 138 T - +43 720 882 638 Belgium L - 0800 79210 M ? 0800 79218 T - +32 78 480 286 Brazil L - 0800 891 1597 M - 0800 891 1598 T - +55 613 717 2040 Canada 1 800 550 6865 T - +1 213 233 3193 France 0800 90 25 56 T - +33 170618347 Germany L - 0800 1016 120 G - M 0800 1016 124 Russia 8 10 8002 535 3011 T - +7 499 650 7835 United Kingdom 0800 032 6646 T - +44 207 099 0867 United States 1 800 550 6865 T - +1 213 233 3193 T ? local toll number ; M ? mobile preferred number ; L ? landline preferred number Please do not hesitate to contact me should you require a dial-out for this call. Thank you, Very best regards Alice Alice E. Jansen -------------------------- ICANN Assistant, Organizational & Affirmation Reviews alice.jansen at icann.org Direct Dial: +32.2.234.78.64 Mobile: +32.4.73.31.76.56 Office Fax: +32.2.234.78.48 Skype: alice_jansen_icann -------------------------- 6, Rond Point Schuman B-1040 Brussels, Belgium -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110901/3a91146e/attachment.html From bill.smith at paypal-inc.com Thu Sep 1 16:20:52 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Sep 2011 10:20:52 -0600 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> References: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> Message-ID: Comments inline below: On Aug 19, 2011, at 5:03 PM, James M. Bladel wrote: Peter, Emily, and Team: Thanks for getting this thread started. I have numerous comments on this chapter, and have organized them in to two categories (below). I look forward to a longer discussion of this (and other) chapters between now and our meeting in MdR. Thanks-- J. Concerns with the Approach: * This chapter represents an unbalanced perspective of the Privacy/Proxy issue. It emphasizes the views of governments, law enforcement, and others opposed to P&P services, while marginalizing the positions of those supporting, offering, or using these services. Have we received comments supporting those positions? Specifics? * It proceeds from the default LE & Gov't position that some registrants, under certain conditions, have legitimate needs for privacy. While the civil tradition in most democracies (and on the Internet) is that privacy is a right enjoyed by everyone unless/until their conduct abuses this. As I pointed out in my comments on Milton Mueller's paper, privacy is not absolute. When one registers a business, a car, to practice certain trades, identifying information must be displayed to the public or provided to a member of the public on request (in the case of an auto accident(. Tradition in the "real world" is mixed, depending on the *choices* one makes (to register a car, to operate a business, to practice a trade). In the virtual world, as evidenced by the RFCs Mueller references indicates tradition should be that public disclosure of identifying information is the norm. * The ICANN Policy that resolves conflicts between WHOIS requirements and local law is a protection for Registries and Registrars---not for Registrants. For Registrants, their only option to enhanced privacy protection (beyond that required by their local laws) is to engage a P&P service. * It is not appropriate to cite a 2009 study by ICANN without noting that more specific studies have been approved by the Board (at Singapore) and may or may not be completed in time for their findings to be referenced by this report. Respectfully, I disagree. We presently have facts. Current or future studies that might offer a different set of facts are not our concern. * It is not appropriate to cite a study by Knujon, or any other commercially-interested third-party that is engaged in the promotion of their products & services. If broadly applied, we would be unable to include any studies, papers, etc. For example, ICANN is itself "commercially-interested" even though it is a non-profit. Without the fees it receives from registrations, it would cease to exist. Martin Mueller is similarly commercially interested; his current livelihood is dependent on Internet Governance and controversies surrounding it. * The quotes by Law Enforcement do not include those who have neutral or uncritical views of P&P services, or those in LE who frequently and publicly make the distinction between the "good" or "model" P&P operators, versus the "bad actors." You should feel free to solicit them. * Proxy registrations do not "hide" or "shield" registrant contact data. The proxy service IS the registrant. Law Enforcement & Gov'ts and other interested parties are, in effect, demanding disclosure of the business relationship between the Proxy provider and its customer(s). Concerns with the Recommendations: * Overall: Many of these recommendations exceed "Policy Review" and fall in to the realm of "Policy Recommendation." * Rec #1: Because it is not a regulator, ICANN cannot prohibit services offered by firms with which it does not have a contract. And it cannot compel business to enter in to contracts unless there is a clear incentive for them to do so. * Rec #2: ICANN could offer a voluntary accreditation program for P&P providers. But it would by necessity be a voluntary program, so there should be clear benefits for P&P providers to gain ICANN accreditation, and clear benefits for registrars to use accredited P&P services. * Rec #3: Accredited Registrars could use Accredited P&P Providers, presuming they were -aware- when a non-accredited service was being used. For example, if I contact my lawyer and ask him to register a domain name on my behalf, I do not expect the registrar to know that the lawyer is functioning as a Proxy for me in this example. * Rec #4: It is not within ICANN's mission to examine how a domain name is used. Domain names are not synonymous with websites. Registrars are often, but not necessarily, the web content hosts for the names they manage. As an organization, ICANN is and must remain "content neutral." * Rec #5 - #7: These recommendations seem to ouline the charter of a desired Policy Development Process (PDP), which is beyond the remit of this review team. -------- Original Message -------- Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] From: Emily Taylor > Date: Wed, August 17, 2011 6:17 am To: "Nettlefold, Peter" > Cc: "rt4-whois at icann.org" > Dear Peter, Many thanks for your work on this draft. I really like the way that you have based your commentary on a bottom-up analysis of what the comments said. It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us. I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us. I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out. My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views. We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote. I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views. All - please can we look out our notes of our face-to-face meetings. I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome. This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet. For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them). Thank you again for a thorough and thoughtful piece of work Peter. It provides us with an excellent first draft on which to focus our discussions. Kind regards Emily Kind regards Emily On 17 August 2011 10:16, Mikhail Yakushev > wrote: Dear Peter, colleagues, I have carefully reviewed Peter?s draft and mostly agree with the provided analysis. I also would mostly agree with the suggested recommendations ? but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team. Kind regards, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, August 16, 2011 11:48 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] Hello all, Attached is the first section of the draft ?gaps? chapter, for review and comment. As you?ll see, this section covers accessibility and privacy issues, and it still has some gaps. I?ve also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful. As you?ll see, I?ve drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn?t want to delay getting this out to you any further while I worked on this). I?ve tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you. The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I?ve put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data ? at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN?s ability to enforce its AoC obligations. I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work. I?m aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that. Unfortunately the next call is now scheduled for 1am my time, so I won?t be attending. I look forward to discussing this further as we work towards our Marina del Ray meeting. Cheers, Peter ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Sep 1 16:41:51 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Sep 2011 10:41:51 -0600 Subject: [Rt4-whois] Chapters on private wiki In-Reply-To: References: Message-ID: <90674462-CC5E-44B6-9EF9-A897BE2C87BA@paypal.com> A small thing with the Scope & methodology section. The text reads: "In addition, the WRT raised with the community a number of sensitive issues regarding the tension between two values with the Affirmation: privacy of registrant data and public access to it. The Discussion Paper requested country code TLDs (ccTLDs) to share information regarding if they have responded to domestic laws and whether they have modified their ccTLD Whois policies." The Affirmation is silent on "privacy of registrant data". I believe the only mention of privacy is in the makeup of our team. No doubt there is a tension in the community but the Affirmation is clear regarding public access to WHOIS data. I would suggest that we change "between two values with the Affirmation: privacy of registrant data and public access to it" to "between those who view registrant data as private and the Affirmation promise of public access to it". I am sensitive to, and very aware of the tension. However, I do not agree that there is a tension in the Affirmation itself. On Aug 19, 2011, at 5:24 AM, Alice Jansen wrote: Dear Review Team Members, Chapters submitted to date are available on the private wiki for your convenience: https://community.icann.org/display/whoisreviewprivate/Chapters Please be kindly reminded that comments on chapters should be submitted by 31 August (cf: conference call held on 17 August). Thank you, Very best regards Alice _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From m.yakushev at corp.mail.ru Thu Sep 1 16:44:12 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Thu, 1 Sep 2011 16:44:12 +0000 Subject: [Rt4-whois] Chapters on private wiki In-Reply-To: <90674462-CC5E-44B6-9EF9-A897BE2C87BA@paypal.com> References: <90674462-CC5E-44B6-9EF9-A897BE2C87BA@paypal.com> Message-ID: <71B38F372F86D940B9C644A99264FA31275C36@M2EMBS2.mail.msk> Dear colleagues, I would like to support Bill in this particular question. Kind regards, Michael -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Smith, Bill Sent: Thursday, September 01, 2011 8:42 PM To: rt4-whois at icann.org WHOIS Subject: Re: [Rt4-whois] Chapters on private wiki A small thing with the Scope & methodology section. The text reads: "In addition, the WRT raised with the community a number of sensitive issues regarding the tension between two values with the Affirmation: privacy of registrant data and public access to it. The Discussion Paper requested country code TLDs (ccTLDs) to share information regarding if they have responded to domestic laws and whether they have modified their ccTLD Whois policies." The Affirmation is silent on "privacy of registrant data". I believe the only mention of privacy is in the makeup of our team. No doubt there is a tension in the community but the Affirmation is clear regarding public access to WHOIS data. I would suggest that we change "between two values with the Affirmation: privacy of registrant data and public access to it" to "between those who view registrant data as private and the Affirmation promise of public access to it". I am sensitive to, and very aware of the tension. However, I do not agree that there is a tension in the Affirmation itself. On Aug 19, 2011, at 5:24 AM, Alice Jansen wrote: Dear Review Team Members, Chapters submitted to date are available on the private wiki for your convenience: https://community.icann.org/display/whoisreviewprivate/Chapters Please be kindly reminded that comments on chapters should be submitted by 31 August (cf: conference call held on 17 August). Thank you, Very best regards Alice _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Sep 1 18:01:09 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Sep 2011 12:01:09 -0600 Subject: [Rt4-whois] re-sending Consumer Trust key conceps draft In-Reply-To: <20110831133422.00ef555ff13978e3e1b8d2179880f99e.db1312fd5a.wbe@email12.secureserver.net> References: <20110831133422.00ef555ff13978e3e1b8d2179880f99e.db1312fd5a.wbe@email12.secureserver.net> Message-ID: Lynn, I think this is an excellent, and balanced, document that outlines key concepts and concerns. Bill On Aug 31, 2011, at 1:35 PM, "lynn at goodsecurityconsulting.com" > wrote: My apologies for the difficulties opening the attachment sent previously. It is fixed now and attached to this message. Lynn _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From alice.jansen at icann.org Thu Sep 1 19:42:07 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Thu, 1 Sep 2011 12:42:07 -0700 Subject: [Rt4-whois] SSAC Report on WHOIS Review - please refer to private wiki Message-ID: Dear Review Team Members, The SSAC would like to solicit the Review Team Members' feedback on its report on WHOIS. This report is not for distribution as it is not published yet. You will find it on your private wiki at: https://community.icann.org/display/whoisreviewprivate/SSAC+-+WHOIS+Advisory Please be kindly reminded that you will need your login details to access the page. Thanks, Kindest regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110901/334f145d/attachment.html From kim at vonarx.ca Thu Sep 1 21:23:13 2011 From: kim at vonarx.ca (Kim G. von Arx) Date: Thu, 1 Sep 2011 17:23:13 -0400 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: References: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> Message-ID: All, I am sorry, but I won't be able to attend the call today. I may be able to call in for 15 or so min. My apologies for that. I do have comments for Emily's piece and Lynn's, but those are on my laptop an I don't have it with me right now. Overall, I tend to agree with Bill's comments with some exceptions. But generally speaking I believe Bill raised very valid points. As I said I will try to call in for a few minutes, but it depends on a number of things which I won't know until the actual time. Kim Please excuse my typos! This is sent from my iPhone. On 2011-09-01, at 12:20, "Smith, Bill" wrote: > Comments inline below: > > On Aug 19, 2011, at 5:03 PM, James M. Bladel wrote: > > Peter, Emily, and Team: > > Thanks for getting this thread started. I have numerous comments on this chapter, and have organized them in to two categories (below). I look forward to a longer discussion of this (and other) chapters between now and our meeting in MdR. > > Thanks-- > > J. > > > > Concerns with the Approach: > * This chapter represents an unbalanced perspective of the Privacy/Proxy issue. It emphasizes the views of governments, law enforcement, and others opposed to P&P services, while marginalizing the positions of those supporting, offering, or using these services. > > > > Have we received comments supporting those positions? Specifics? > > > > > * It proceeds from the default LE & Gov't position that some registrants, under certain conditions, have legitimate needs for privacy. While the civil tradition in most democracies (and on the Internet) is that privacy is a right enjoyed by everyone unless/until their conduct abuses this. > > > > As I pointed out in my comments on Milton Mueller's paper, privacy is not absolute. When one registers a business, a car, to practice certain trades, identifying information must be displayed to the public or provided to a member of the public on request (in the case of an auto accident(. > > Tradition in the "real world" is mixed, depending on the *choices* one makes (to register a car, to operate a business, to practice a trade). In the virtual world, as evidenced by the RFCs Mueller references indicates tradition should be that public disclosure of identifying information is the norm. > > > > > * The ICANN Policy that resolves conflicts between WHOIS requirements and local law is a protection for Registries and Registrars---not for Registrants. For Registrants, their only option to enhanced privacy protection (beyond that required by their local laws) is to engage a P&P service. > > * It is not appropriate to cite a 2009 study by ICANN without noting that more specific studies have been approved by the Board (at Singapore) and may or may not be completed in time for their findings to be referenced by this report. > > > > Respectfully, I disagree. We presently have facts. Current or future studies that might offer a different set of facts are not our concern. > > > > > * It is not appropriate to cite a study by Knujon, or any other commercially-interested third-party that is engaged in the promotion of their products & services. > > > > If broadly applied, we would be unable to include any studies, papers, etc. For example, ICANN is itself "commercially-interested" even though it is a non-profit. Without the fees it receives from registrations, it would cease to exist. Martin Mueller is similarly commercially interested; his current livelihood is dependent on Internet Governance and controversies surrounding it. > > > > > * The quotes by Law Enforcement do not include those who have neutral or uncritical views of P&P services, or those in LE who frequently and publicly make the distinction between the "good" or "model" P&P operators, versus the "bad actors." > > > > You should feel free to solicit them. > > > > > * Proxy registrations do not "hide" or "shield" registrant contact data. The proxy service IS the registrant. Law Enforcement & Gov'ts and other interested parties are, in effect, demanding disclosure of the business relationship between the Proxy provider and its customer(s). > > > Concerns with the Recommendations: > > * Overall: Many of these recommendations exceed "Policy Review" and fall in to the realm of "Policy Recommendation." > > * Rec #1: Because it is not a regulator, ICANN cannot prohibit services offered by firms with which it does not have a contract. And it cannot compel business to enter in to contracts unless there is a clear incentive for them to do so. > > * Rec #2: ICANN could offer a voluntary accreditation program for P&P providers. But it would by necessity be a voluntary program, so there should be clear benefits for P&P providers to gain ICANN accreditation, and clear benefits for registrars to use accredited P&P services. > > * Rec #3: Accredited Registrars could use Accredited P&P Providers, presuming they were -aware- when a non-accredited service was being used. For example, if I contact my lawyer and ask him to register a domain name on my behalf, I do not expect the registrar to know that the lawyer is functioning as a Proxy for me in this example. > > * Rec #4: It is not within ICANN's mission to examine how a domain name is used. Domain names are not synonymous with websites. Registrars are often, but not necessarily, the web content hosts for the names they manage. As an organization, ICANN is and must remain "content neutral." > > * Rec #5 - #7: These recommendations seem to ouline the charter of a desired Policy Development Process (PDP), which is beyond the remit of this review team. > > > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps' > [SEC=UNCLASSIFIED] > From: Emily Taylor > > Date: Wed, August 17, 2011 6:17 am > To: "Nettlefold, Peter" > > Cc: "rt4-whois at icann.org" > > > Dear Peter, > > Many thanks for your work on this draft. I really like the way that you have based your commentary on a bottom-up analysis of what the comments said. It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us. > > I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us. I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out. > > My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views. We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote. I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views. > > All - please can we look out our notes of our face-to-face meetings. I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome. This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet. > > For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them). > > Thank you again for a thorough and thoughtful piece of work Peter. It provides us with an excellent first draft on which to focus our discussions. > > Kind regards > > Emily > > Kind regards > > Emily > > > On 17 August 2011 10:16, Mikhail Yakushev > wrote: > Dear Peter, colleagues, > I have carefully reviewed Peter?s draft and mostly agree with the provided analysis. I also would mostly agree with the suggested recommendations ? but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team. > Kind regards, > Michael > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter > Sent: Tuesday, August 16, 2011 11:48 AM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] > > Hello all, > > Attached is the first section of the draft ?gaps? chapter, for review and comment. > > As you?ll see, this section covers accessibility and privacy issues, and it still has some gaps. > > I?ve also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful. > > As you?ll see, I?ve drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn?t want to delay getting this out to you any further while I worked on this). I?ve tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you. > > The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I?ve put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data ? at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN?s ability to enforce its AoC obligations. > > I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work. > > I?m aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that. > > Unfortunately the next call is now scheduled for 1am my time, so I won?t be attending. > > I look forward to discussing this further as we work towards our Marina del Ray meeting. > > Cheers, > > Peter > > > > ------------------------------------------------------------------------------- > The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. > > If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. > > Please consider the environment before printing this email. > > ------------------------------------------------------------------------------- > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] > > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. > > ________________________________ > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Thu Sep 1 21:44:00 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Thu, 1 Sep 2011 18:44:00 -0300 Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] In-Reply-To: References: <20110819170316.9c1b16d3983f34082b49b9baf8cec04a.6eebbb4fd7.wbe@email00.secureserver.net> Message-ID: Dear all, I'm doing my best to follow the discussions but I'm in a specially busy period. Anyway I'll attend the call and I hope the dial-in number collaborates this time :) Omar 2011/9/1 Kim G. von Arx : > All, > > I am sorry, but I won't be able to attend the call today. I may be able to call in for 15 or so min. My apologies for that. > > I do have comments for Emily's piece and Lynn's, but those are on my laptop an I don't have it with me right now. > > Overall, I tend to agree with Bill's comments with some exceptions. But generally speaking I believe Bill raised very valid points. > > As I said I will try to call in for a few minutes, but it depends on a number of things which I won't know until the actual time. > > Kim > > Please excuse my typos! ?This is sent from my iPhone. > > On 2011-09-01, at 12:20, "Smith, Bill" wrote: > >> Comments inline below: >> >> On Aug 19, 2011, at 5:03 PM, James M. Bladel wrote: >> >> Peter, Emily, and Team: >> >> Thanks for getting this thread started. ?I have numerous comments on this chapter, and have organized them in to two categories (below). ?I look forward to a longer discussion of this (and other) chapters between now and our meeting in MdR. >> >> Thanks-- >> >> J. >> >> >> >> Concerns with the Approach: >> * ?This chapter represents an unbalanced perspective of the Privacy/Proxy issue. ?It emphasizes the views of governments, law enforcement, and others opposed to P&P services, while marginalizing the positions of those supporting, offering, or using these services. >> >> >> >> Have we received comments supporting those positions? Specifics? >> >> >> >> >> * ?It proceeds from the default LE & Gov't position that some registrants, under certain conditions, have legitimate needs for privacy. ?While the civil tradition in most democracies (and on the Internet) is that privacy is a right enjoyed by everyone unless/until their conduct abuses this. >> >> >> >> As I pointed out in my comments on Milton Mueller's paper, privacy is not absolute. When one registers a business, a car, to practice certain trades, identifying information must be displayed to the public or provided to a member of the public on request (in the case of an auto accident(. >> >> Tradition in the "real world" is mixed, depending on the *choices* one makes (to register a car, to operate a business, to practice a trade). In the virtual world, as evidenced by the RFCs Mueller references indicates tradition should be that public disclosure of identifying information is the norm. >> >> >> >> >> * ?The ICANN Policy that resolves conflicts between WHOIS requirements and local law is a protection for Registries and Registrars---not for Registrants. ?For Registrants, their only option to enhanced privacy protection (beyond that required by their local laws) is to engage a P&P service. >> >> * ?It is not appropriate to cite a 2009 study by ICANN without noting that more specific studies have been approved by the Board (at Singapore) and may or may not be completed in time for their findings to be referenced by this report. >> >> >> >> Respectfully, I disagree. We presently have facts. Current or future studies that might offer a different set of facts are not our concern. >> >> >> >> >> * ?It is not appropriate to cite a study by Knujon, or any other commercially-interested third-party that is engaged in the promotion of their products & services. >> >> >> >> If broadly applied, we would be unable to include any studies, papers, etc. For example, ICANN is itself "commercially-interested" even though it is a non-profit. Without the fees it receives from registrations, it would cease to exist. Martin Mueller is similarly commercially interested; his current livelihood is dependent on Internet Governance and controversies surrounding it. >> >> >> >> >> * ?The quotes by Law Enforcement do not include those who have neutral or uncritical views of P&P services, or those in LE who frequently and publicly make the distinction between the "good" or "model" P&P operators, versus the "bad actors." >> >> >> >> You should feel free to solicit them. >> >> >> >> >> * ?Proxy registrations do not "hide" or "shield" registrant contact data. The proxy service IS the registrant. ?Law Enforcement & Gov'ts and other interested parties are, in effect, demanding disclosure of the business relationship between the Proxy provider and its customer(s). >> >> >> Concerns with the Recommendations: >> >> * ?Overall: ?Many of these recommendations exceed "Policy Review" and fall in to the realm of "Policy Recommendation." >> >> * ?Rec #1: Because it is not a regulator, ICANN cannot prohibit services offered by firms with which it does not have a contract. ?And it cannot compel business to enter in to contracts unless there is a clear incentive for them to do so. >> >> * ?Rec #2: ICANN could offer a voluntary accreditation program for P&P providers. ?But it would by necessity be a voluntary program, so there should be clear benefits for P&P providers to gain ICANN accreditation, and clear benefits for registrars to use accredited P&P services. >> >> * Rec #3: Accredited Registrars could use Accredited P&P Providers, presuming they were -aware- when a non-accredited service was being used. ?For example, if I contact my lawyer and ask him to register a domain name on my behalf, I do not expect the registrar to know that the lawyer is functioning as a Proxy for me in this example. >> >> * ?Rec #4: It is not within ICANN's mission to examine how a domain name is used. ?Domain names are not synonymous with websites. ?Registrars are often, but not necessarily, the web content hosts for the names they manage. As an organization, ICANN is and must remain "content neutral." >> >> * ?Rec #5 - #7: These recommendations seem to ouline the charter of a desired Policy Development Process (PDP), which is beyond the remit of this review team. >> >> >> >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps' >> [SEC=UNCLASSIFIED] >> From: Emily Taylor > >> Date: Wed, August 17, 2011 6:17 am >> To: "Nettlefold, Peter" > >> Cc: "rt4-whois at icann.org" > >> >> Dear Peter, >> >> Many thanks for your work on this draft. ?I really like the way that you have based your commentary on a bottom-up analysis of what the comments said. ?It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us. >> >> I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us. ?I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out. >> >> My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views. ?We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote. ?I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views. >> >> All - please can we look out our notes of our face-to-face meetings. ? I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome. ?This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet. >> >> For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them). >> >> Thank you again for a thorough and thoughtful piece of work Peter. ?It provides us with an excellent first draft on which to focus our discussions. >> >> Kind regards >> >> Emily >> >> Kind regards >> >> Emily >> >> >> On 17 August 2011 10:16, Mikhail Yakushev > wrote: >> Dear Peter, colleagues, >> I have carefully reviewed Peter?s draft and mostly agree with the provided analysis. ?I also would mostly agree with the suggested recommendations ? but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team. >> Kind regards, >> Michael >> >> From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter >> Sent: Tuesday, August 16, 2011 11:48 AM >> To: rt4-whois at icann.org >> Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED] >> >> Hello all, >> >> Attached is the first section of the draft ?gaps? chapter, for review and comment. >> >> As you?ll see, this section covers accessibility and privacy issues, and it still has some gaps. >> >> I?ve also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful. >> >> As you?ll see, I?ve drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn?t want to delay getting this out to you any further while I worked on this). I?ve tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you. >> >> The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I?ve put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data ? at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN?s ability to enforce its AoC obligations. >> >> I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work. >> >> I?m aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that. >> >> Unfortunately the next call is now scheduled for 1am my time, so I won?t be attending. >> >> I look forward to discussing this further as we work towards our Marina del Ray meeting. >> >> Cheers, >> >> Peter >> >> >> >> ------------------------------------------------------------------------------- >> The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. >> >> If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. >> >> Please consider the environment before printing this email. >> >> ------------------------------------------------------------------------------- >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> >> >> -- >> >> >> ? [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] >> >> >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> www.etlaw.co.uk >> >> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. >> >> ________________________________ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From alice.jansen at icann.org Thu Sep 1 21:54:22 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Thu, 1 Sep 2011 14:54:22 -0700 Subject: [Rt4-whois] Please join the Adobe room @ http://icann.adobeconnect.com/whois-review/ Message-ID: http://icann.adobeconnect.com/whois-review/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110901/3fc54a1a/attachment.html From Peter.Nettlefold at dbcde.gov.au Thu Sep 1 21:56:51 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Fri, 2 Sep 2011 07:56:51 +1000 Subject: [Rt4-whois] re-sending Consumer Trust key conceps draft [SEC=UNCLASSIFIED] In-Reply-To: References: <20110831133422.00ef555ff13978e3e1b8d2179880f99e.db1312fd5a.wbe@email12.secureserver.net> Message-ID: <636771A7F4383E408C57A0240B5F8D4A305FF1183F@EMB01.dept.gov.au> Hi Lynn and all, I agree. I've just had a chance to read this now, and think this is a very thoughtful piece of work that adds some useful new dimensions to our discussion. My one question relates to the paragraph: "Consumers today have the option of procuring a privacy service which functions as a "registered agent" on behalf of the individual and prevents disclosure of the consumer name and contact details on WHOIS. This still provides a way for any legitimate or necessary contact to be made with the domain registrant." I'm interested particularly in the last sentence, which appears to be silent on concerns that some privacy and proxy services actually make it quite difficult to contact a registrant - by being difficult to contact themselves, not passing on details, and so on. I'm not sure if I'm reading this out of context, but just wanted to raise it to see if I was missing something. Thanks again for your work on this Lynn. Cheers, Peter -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Smith, Bill Sent: Friday, 2 September 2011 4:01 AM To: lynn at goodsecurityconsulting.com Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] re-sending Consumer Trust key conceps draft Lynn, I think this is an excellent, and balanced, document that outlines key concepts and concerns. Bill On Aug 31, 2011, at 1:35 PM, "lynn at goodsecurityconsulting.com" > wrote: My apologies for the difficulties opening the attachment sent previously. It is fixed now and attached to this message. Lynn _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties. If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments. Please consider the environment before printing this email. ------------------------------------------------------------------------------- From alice.jansen at icann.org Sat Sep 3 15:40:13 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Sat, 3 Sep 2011 08:40:13 -0700 Subject: [Rt4-whois] Adobe Connect - Note Pod Content from WHOIS-Review - 1 Sept call In-Reply-To: <26238369.6208.1314919169374.JavaMail.breezesvc@pacna7app03> Message-ID: Dear Review Team Members, For your convenience, please find enclosed the note pod content of your call held on 1 September. Kindly note that these are draft notes and that Staff will create a preliminary report. Thanks, Kind regards Alice AGENDA 1. Roll-call, apologies & agenda 2. Adopt preliminary report (17 August) 3. Update on consumer research (Lynn) 4. Further discussion on the gap analysis (Peter, James, all) 5. Staff response to compliance questions (Michele) 6. Update on progress from other sections, and setting deadlines (Sharon, Lynn, Kathy/James, Emily) 7. Keeping track of recommendations 8. Expectations for MdR (All) 9. A.O.B PARTICIPANTS: Emily, Lynn, Sarmad, Peter, Omar, Kim, James, Bill, Susan, Kathy APOLOGIES : Michael, Olof, Sharon NOTES: 1) Agenda adopted 2) Preliminary report adopted 3) Thanks to Lynn and Staff for contract Lynn update: Thanks to ON and DM - Timeline: research divided into 2 phases: Qualitative research - in-depth interviews - sample of 20 people - video-taped (copy available to Team) - shared with client but not posted on the web - High-level findins of qualitative research and videotape for MdR meeting. Follow-on findings from qualitative phase will be very fruitful. Quantitative will be surveys - number of countries in order to be validated. Had to consider factors in addition to considering geography; e.g. at least 100 people - short expedite timeframe. Commitment final report on quantitative research by the end of Dakar meeting. Drafting of paper for comments prior to Dakar - will have the high level findings. Will have results quantitative to publish for comments and integrate those. Argentina, Brazil, US, Australia, China, India, France, Germany, Spain, South Africa. Constraints in Middle-East... Good global representation. Kim - thanks to Lynn for efforts - Lynn: encouraged that this will give us another perspective that won't get from ICANN community - validation Kathy: gratitude - criteria? in addition to country, ages, education levels, demographic attributes, look at the ways people use the internet, internet use diversity. In order to have objective study, make sure include mix domain-name registrants included - contact details available via WHOIS etc... Not attempting to suggest questions but tried to give them enought background for selecting people during their research. Rigorous selection - attempt to include diversity - on subject matter - expert/ordinary users - Supplier on agenda of Mdr meeting to present results of qualitative research - dial-in - send report and video-tape in advance. 4) Gap Analysis Accuracy - ICANN compliance and activities Flow from beginning to the end - by the end of next week. Help Peter with notes from ICANN meeting Members agree that this approach is working. Peter - happy to respond to comments - Members should feel free to take pen on this one. Emily: Keep comments flowing in - are there elements that need to think about? A lot of commentay tends to be around accuracy or privacy concept. Compliance difficult to pull it into one section - might be in 2 questions. Emily: difficult to write section on implementation without raising the gaps. Expect gap analysis to be quite lively - most controversial. Please send your comment :-) - represents views - 3dimensional approach Goal: in good shape by the time in 5. Please review the ICANN staff reponses. Bill, James and Susan please send document. 6. Progress James: gathering exercise mostly covered in SFO - will share draft before MdR meeting. Kathy to help James. James-Kathy compare presentations to ICANN material. RySG-WHOIS transcript https://community.icann.org/download/attachments/19300487/Transcript-+Registries+Stakeholder+Group+Afternoon+Session+%282-00+P.M.+TO+4-00+P.M.%29+%281%29.pdf?version=1&modificationDate=1313668189000 (page 21) 7. Recommendations How should recommendations be captured? Suggestions? James: Placeholders - what test recommendation should contain: enforceable, implementable, no overlap Peter: Central repository AJ to work on notes Singapore based on transcript - + to work on recommendation repository. Use cases - Kim - by MdR describe other approaches 8. James - Compliance efforts were focused on registrar activities. Focused on accuracy of WHOIS data. Want to make sure that comprehensive in report - Accessability - availability. Kathy: thread on purposes of WHOIS. AJ Post documents on WIKI. Peter: thick WHOIS - hoping to include this into registry part. Susan: wrote a step by step section on consumer. What would consumer do to look up WHOIS and make a recommendation. Lynn: In privacy laws, distinction between individuals and commercial activity - what are the percentages? Privacy is a growing consumer concern. Peter; national privacy law. Kathy: suggestion to add this item to agenda next call. James: concerned that create recommendations of different registrant classes. Bill: consumer unaware of what happens behing the scenes. Emily: How should integrate this on paper? Lynn: in London difference between privacy and anonymous. This decision on agenda for next call. 9. MdR - draft cirulated by MdR meeting Room + dinner day before. KK + ET to draft an agenda 10. No A.O.B -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110903/9dd4c5ca/attachment.html From alice.jansen at icann.org Sun Sep 4 14:54:03 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Sun, 4 Sep 2011 07:54:03 -0700 Subject: [Rt4-whois] PLEASE READ & COMMENT - Revised SSAC Report on WHOIS Terminology and Structure Message-ID: Dear Review Team Members, This is to inform you that the SSAC has updated its report on WHOIS terminology and structure. You will find this revised version on your wiki at: https://community.icann.org/display/whoisreviewprivate/SSAC+-+WHOIS+Advisory Please note that comments should be submitted by 8 September. Thank you, Very best regards Alice -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110904/f60efcf7/attachment.html From fax at vonarx.ca Wed Aug 31 19:01:03 2011 From: fax at vonarx.ca (Kim G. von Arx (Fax)) Date: Wed, 31 Aug 2011 15:01:03 -0400 Subject: [Rt4-whois] Comments re: chapters Message-ID: Dear All: I am not sure if I can make the call tomorrow, but I will certainly try my best to participate. In anticipation of the call, please find below my general comments on the chapters. 1. Peter I really enjoyed reading your chapter and I think you did an excellent job writing it. There are two concerns that I have: (a) I feel that the chapter lacks some balance between the different factions privacy vs. full disclosure. I am cognizant of the fact that one side certainly is more vocal than the other, however, I do believe that we need to take extra care to make sure that all the views are equally represented in the discussion. Half way through the chapter, I did get the feeling that it was arguing much more strongly in favour of full disclosure and for commercial and law enforcement interests. While I believe that many of the arguments raised are very valid, I do believe it is important to provide a balanced view on all of the positions that were brought to us. (b) While I think the recommendations and conclusions are well argued and thought out, I am somewhat concerned by the scope of the recommendations. I do believe that there is an opportunity for the WHOIS policy to be amended to reflect the needs of all the stakeholders and not just to regulate the proxy services. Indeed, in the grand scheme of things, the former would be easier to implement, maintain, and regulate then the latter - I think. Again, Peter, thank you very much for all the work you did on this. I can only imagine how much time you spent on drafting this and I think you did an excellent job. 2. Kathy Again, thank you very much for the work and I think you did a bang on job in outlining our approach and methodology. I don't really have any comments with respect to your chapter as it was simply a "pulling together" of the facts, dates, and quotes. This is not to say that it did not take much effort on your part, it is merely meant to say that there is really nothing for me to comment and/or argue about considering that all of the things you mentioned are factual. 3. Sharon My thanks to you too for all the work you put into this. I know how busy you are in trying to keep our world a saver place for all of us. I actually spent most time on your parts and re-read them a few times to figure out whether I think any of the comments warrant an amendment to our definition. After a lengthy debate with myself, I reached the conclusion that I do not believe that our definitions need any amendments. I feel that we found a fairly good balance in our approach to the terms and any amendments to the definitions of those terms would slant the balance into one or the other direction. At this stage, I believe that our definitions have found the best possible balance for all stakeholders concerned. 4. Emily I am still working through yours. Kim