[Rt4-whois] Reviewing the Comments from ICANN Community
Kathy Kleiman
kathy at kathykleiman.com
Wed Aug 31 15:38:31 UTC 2011
I'm so sorry Bill, but I am having trouble identifying your comments.
Would it be possible to preface them with a set of characters (e.g., BS
or Comments?).
Thanks!
Kathy
> Comments inline:
>
> On Aug 30, 2011, at 1:16 PM,<kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>> <kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>> wrote:
>
> Hi All,
> I hope all is well. My family and I have survived the earthquake and
> hurricane on the East Coast this past week -- and are hoping for easier
> conditions in the future :-)!
>
> Like you, I am in the midst of my due diligence preparing for our meeting
> on Thursday (with the disclaimer that I may not be able to attend due to
> the change of date and my travel schedule). I am preparing my email
> comments to share with the group.
>
> As promised, I did my "deep dive" on the comments we received in June/July
> to our Discussion Paper. I complement the many groups that submitted
> interesting and informative comments -- a lot of work was spent responding
> to our queries.
>
> To Olof, I say Thank You! His comment summary, and especially his sorting
> of the comments question by question is excellent. I urge you to review
> the document at
> http://www.icann.org/en/public-comment/report-comments-whoisrt-discussion-paper-05aug11-en.pdf
>
> However, a few commenters asked us to look at things a little differently.
> They asked us to include questions we had not asked, and history we had
> not included. Some have very long histories in the Whois Arena, as part of
> GAC, ALAC, Registrars and NCUC. ** I created a short summary of these
> comments -- and some addition, important, points and questions they raise.
>
> I have tried to shorten and summarize with quotes (as Olof did -- thanks
> for the example, Olof!) --- below and attached.
> Best, Kathy
> ------------- expanding our inquiry -- comment highlights ----------
>
> AN EXPANDED VIEW OF THE WRT QUESTIONS
> (Responses to WRT Discussion Paper)
>
> Introduction: While Olof did an outstanding job of summarizing the
> questions by sorting them according to their responses to our 14
> questions, certain issues fell between the cracks – largely because groups
> and communities asked us to look at questions beyond those we had chosen
> to ask. This paper takes a short look at what others asked us to see –
> including overstretching the purpose of Whois, significant policy work in
> the limitations of Whois, and the importance of history and historical
> perspective in our work. Thanks for taking a fast look at these
> summaries—and feel free to return to the full comments (found at
> http://forum.icann.org/lists/whoisrt-discussion-paper/).
>
> 1. Christopher Wilkinson, former GAC& GAC Secretariat (EU) on purpose of
> Whois:
>
> “I rather doubt that the initial purposes of the Whois protocol and
> database extended to their current utilisation. It would appear that
> rather more is expected of Whois than it is capable of delivering in view
> of the legacy of past practice and the current and prospective scale of
> the Internet.” (In Discussion Paper Comments)
>
> I am not aware of any evidence that WHOIS, protocol or data delivery, is
> incapable of operating at Internet scale. In fact, we have an existence proof
> of the opposite.
>
> I hope we review these comments in light of our scope<https://community.icann.org/display/whoisreview/Scope+and+Roadmap+of+the+WHOIS+RT> and recall that our primary
> charge is to Policy assess policy, not protocol. Simple as it is, WHOIS the protocol
> is capable of delivering, at scale, most any information that policy dictates.
>
> Whatever the problems of WHOIS, they are not related to databases or
> protocol as suggested in the excerpted paragraph.
>
>
> 2. At Large Advisory Committee on the need to view the issues differently:
>
> “It is our view that this Team must treat with and declare (1) whether the
> WHOIS construct as originally devised and for the purpose intended is
> still necessary, (2) whether the WHOIS dataset as originally determined
> remains fit to its original purpose, and (3) whether the several
> identifiable uses made of both the WHOIS data and processes that have
> expanded the original intent are useful and in the public interest.”
>
> At Large Advisory Committee on the need to consider types of use in our
> compliance schemes: “Neither is it rational for the same risk in class or
> kind to be ascribed to all domains; domains used primarily for support of
> business transactions on the Web have a higher risk of consequential
> fraudulent activities than do those used for more personal or
> informational pursuits. As such, certain adjustments in approach to
> compliance and our expectations of the impact from compliance might
> benefit from a change in the philosophical construct of compliance and the
> processes used to affect the assurance of compliance.”
>
> At Large Advisory Committee on the need to consider cycles of registration
> in our compliance schemes:
>
> “We believe that the all‐round public interest may be better served
> by recognizing that the risks from the fraudulent actions of bad actors
> are not the same throughout the WHOIS data cycle but tend to be cyclical –
> higher following the establishment of new domains and decreasing
> thereafter.” (In Discussion Paper Comments)
>
> 3. Noncommercial Users Constituency on Why Privacy and Accuracy are Not at
> Odds:
>
> “Privacy and accuracy go hand-in-hand. Rather than putting sensitive
> information into public records, some registrants use "inaccurate" data
> as a means of protecting their privacy. If registrants have other
> channels to keep this information private, they may be more willing to
> share accurate data with their registrar.”
>
> “The problem for many registrants is indiscriminate public access to the
> data. The lack of any restriction means that there is an unlimited
> potential for bad actors to access and use the data, as well as
> legitimate users and uses of these data.”
>
> Noncommercial Users Constituency on Why the Operational Point of Contact
> Proceeding Marks a Critical Point of Agreement in the GNSO on a narrow
> purpose to Whois:
>
> “ICANN stakeholders devoted a great deal of time and energy to this
> question in GNSO Council-chartered WHOIS Task Forces. At the end of the
> Task Force discussion in 2006, the group proposed that WHOIS be modified
> to include an Operational Point of Contact (OPOC):
> <http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm>”
>
> “Under the OPOC proposal, "accredited registrars [would] publish three
> types of data:
> 1) Registered Name Holder
> 2) Country and state/province of the registered nameholder
> 3) Contact information of the OPoC, including name, address, telephone
> number, email."
>
> “Registrants with privacy concerns could name agents to serve as
> OPoC,thereby keeping their personal address information out of the
> public records.” (In Discussion Paper Comments)
>
> 4. Why Registrars under Tucows leadership strongly sought a balance to
> simply Whois data, while improving it.
>
> Slides of Ross Rader, of Registrars Constituency and registrar Tucows,
> discussing goals and advantages of Operational Point of Contact, endorsed
> and a multi-year GNSO team. These slides and ideas were reference by
> Elliot Noss, Pres of Tucows at the Registrars/WRT meeting in San Fran as
> well as by the NCUC in the recent comment period.
>
> Goals (Operational Point of Contact- Powerpoint Slides)
> “• to simply Whois data output
> • reduce facilitation of domain related scams, illegal data mining,
> phishing and identity theft
> • maintain or increase the value of Whois for all stakeholders
> • provide solid foundation for enhanced access to data by key stakeholders
> • promote data accuracy” (Link to slides in NCUC Discussion Paper Comments)
>
> 5. Dr. Mueller: Why technical History is important – because it shows us
> where we stopped thinking about purpose and goals.
>
> Dr. Milton Mueller asks us to examine his academic paper on the Whois
> issues, and considers history to be a very important factor – before and
> during ICANN. Here are some highlights.
>
> “This article examines how the Internet’s
> Whois service has evolved into a surrogate
> identity system. The Whois service allows any
> Internet user to type a domain name into a Web
> interface and be immediately returned the name
> and contact details of whoever has registered
> the domain. It is used by police to bring down
> Web sites committing crimes; its information is
> harvested by spammers and marketers seeking
> to send their solicitations; it is used by people
> curious to know who is behind a Web site or
> e-mail address; above all, it is used by trademark
> and copyright attorneys to keep an eye on
> their brands in cyberspace…
>
> “We recount the story of Whois because it
> forces us to re-examine our understanding of
> the relationship between technological systems
> and global governance institutions. To understand
> the importance of the Whois service, one
> need only think of the license plate of an automobile
> on the road, and imagine that anyone
> who saw the license plate would be able to type
> it into a computer and be returned the name of
> the car owner and his or her street address, telephone
> number, and e-mail address.
>
> “That is what Whois does to domain name registrants. It
> links the vehicle for navigating the complex
> arena of cyberspace (domains) to a responsible
> individual, a location, or a jurisdiction.
> Of course in the real world, access to drivers’
> license databases is restricted to law enforcement
> authorities and motor vehicle departments. It is
> not difficult to imagine both the benefits—and
> the trouble—that might be caused by free,
> anonymous, unrestricted public access to drivers’
> license databases. No doubt some additional
> crimes would be solved and perhaps some
> amazing new information services could be
> developed by a Google of the future. No doubt,
> also, incidents of road rage and stalking would
> be taken to new heights. The same concerns
> apply to Whois. In addition to facilitating
> accountability on the Internet, open access to
> registrant contact data raises privacy issues and
> concerns about abuse of sensitive personal data
> by spammers, stalkers, and identity thieves.
>
> The author fails to point out that license plates are also a source of revenue and indicate
> that a vehicle, at least in some cases, meets certain safety standards and has passed
> one or more inspections. There are a variety of reasons for requiring licenses plates, among them
> identifying the owner of a vehicle. A license plate is an indicia; the vehicle
> is registered. Similarly a postmark is an indicia; postage has been paid.
>
> In most jurisdictions, vehicle operators are also required to have a license and a registration
> form that in all cases carry information identifying the driver and owner of the vehicle in question.
> Some jurisdictions require evidence of insurance which also identifies both the driver and vehicle,
> and additionally provides the insurance carrier's name and the account number for the vehicle/driver.
> That card potentially carries other information like spouse, domestic partner, children ,etc.
>
> Most jurisdictions require that operators exchange the information contained in these documents
> and file reports with authorities in certain cases. Regardless, individuals involved in accidents are
> required to exchange certain identifying information, contained on the above-mentioned documents.
> No intervention by law enforcement is required.
>
> The information hidden behind a license plate is not, per se, limited to access by law enforcement as
> the author suggests. Rather that information is to anyone at least in certain situations.
>
> Comparison of Whois to other registration systems, like business licenses might be more appropriate.
> Many jurisdictions require businesses to display licenses. These licenses typically include names
> and addresses and must be displayed "conspicuously". Similarly cosmetologists are required to display
> their license, that typically includes name and address, at their primary workstation. Access to the
> information in these licenses is intended to be public, to anyone entering the establishment or
> seeking services. Access is not restricted in any way.
>
> By misstating the facts of vehicle licensing (registration) and ignoring to point out other registration
> models, the author leads the reader to the conclusion that access to identifying information in the
> "real world" is commonplace and therefor need be restricted in the virtual world.
>
> While there are legitimate needs to protect (some) individuals virtual space, blanket protections are not
> the norm in the real world. The issue is more complex than the author would have the reader believe.
>
>
> “… Defaults tilt the playing
> field toward one option by giving the
> specified value the benefit of inertia…a Whois directory originated
> as a feature of the Internet when it was a smallscale,
> closed, scientific network. As the Internet
> evolved into a large-scale, public, commercial
> system, the Whois capability remained in place
> by default.
>
> This is true.
>
>
> (Historical evolution)
>
> “The first RFCs make it clear that the Whois
> protocol was intended to make available to
> users a general directory of other ARPANET/
> Internet users. At the time, ARPANET was
> what we would now call an intranet that
>
> RFC 812, the first standardization of WHOIS states, when speaking of the NICNAME/WHOIS
> server, "It is one of a series of ARPANET/Internet name services maintained
>
> by the Network Information Center (NIC) ..."
>
> Even in 1982, when the RFC was published,
>
> linked a few hundred computer scientists and
> researchers at less than a hundred geographically
> distributed sites. A critical fact about this
> directory, then, is that it was intended to serve a
> closed, relatively homogeneous, and—compared
> to today’s Internet—very small group of networked
> computer users.8 The early standards
> documents do not specify exactly what the purpose
> of this directory was. One can infer from
>
> From RFC 812, "The server ... delivers the full name, U.S. mailing address, telephone number, and network mailbox for ARPANET users."
>
> context that it served a variety of purposes, and
> was seen as a convenience to the community of
> defense contractors involved in building the
> early Internet. Another critical fact is that for
> most users, participation in the directory was
> encouraged, but was not operationally, legally,
>
> Actually the language in RFC 812 is "strongly encourages" and "requests
> that ... all individuals capable of sending traffic across the ARPANET, be registered..."
>
> Further, in RFC 954, the language "MILNET TAC users must be registered in the database."
> was added and we see the first requirement for inclusion in a WHOIS database with full
> identifying information, in 1985.
>
>
> or contractually required.9 It may be that the
> request to register in the centralized Whois
> database was made to facilitate technical coordination,
> but this is not documented in the
> RFC, and evidence supporting this has not
> been found anywhere else. The RFC states
>
> Did the author consult with any of the Internet pioneers?
>
> only that the purpose is to provide “a directory
> service” (RFC 954, 1985, p. 1) to the network
> users…
>
> “Phase 2: Internet Opened to the Public and to Commerce
> While the number of host computers connected
> to it grew rapidly, the Internet was still a closed
> community of specialized users throughout the
> 1980s. From 1991 to 1995, a critical change
> occurred: The Internet was opened to commercial
> users and to the general public. This change was
> accelerated by the creation and deployment of the
> World Wide Web (WWW) and user-friendly
> Web browsers, which made the Internet usable
> and interesting to ordinary members of the public.
> The number of computers connected to the Internet
> exceeded 1.3 million before the end of 1992,
> and was somewhere between 6 and 8 million by
> the middle of 1995.10 This was no longer a “community”
> of computer scientists and researchers,
> but a mass, heterogeneous public engaged in commerce
> and in public and personal communication.
> It was also an increasingly contentious and litigious
> public… During this tornado of change, the Whois
> service that was implemented between 1982
> and 1985 remained in place. The user base of
> the Internet was no longer closed, no longer
> homogeneous, no longer situated within a noncommercial
> community, and no longer relatively
> small and manageable. But the technical
> protocol and the practices supporting a directory
> of Internet users remained the same. The
> only significant change was that the burden of
> supplying the Whois service shifted from
> defense contractor Stanford Research Institute
> to civilian National Science Foundation contractor
> Network Solutions, Inc. As the Internet
> moved from the small, noncommercial, and
> closed world of the 1980s to the open, public,
> and commercial world of the mid-1990s, no
> one made a conscious decision to retain the
> open-access Whois service of RFC 954; Whois
> was an unnoticed default value.
>
> If memory serves, the Green Paper that served as the basis for what we now know as
> ICANN and the rest of IG, specifically mentioned WHOIS and that trademark specialists
> did not feel it contained sufficient capability to meet their needs.
>
> The author's assertion that Whois was the default choice may be correct. However, it
> certainly was noticed as indicated by the record.
>
> Should we decide to include the author's remarks or provide a link to his paper, I suggest
> that we will need to do a further review of the content.
>
> Our review is fact-based.
>
>
> (In Discussion Paper Comments)
>
> Final note from KK: I look forward to our discussion!
> <New Issues Raised in Comments.docx>_______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
--
More information about the Rt4-whois
mailing list