[Rt4-whois] WHOIS Review Team - briefing

Sun Jan 22 18:52:32 UTC 2012

Dear Steve

Thank you for your recent mail, and for your detailed comments on the draft
report of the WHOIS Review Team.

I will forward your substantive comments on the draft report for
publication, and have cc'd the Review Team so that they have an early view
of them. Your input will receive careful consideration along with the other
public comments.  I will not respond to those substantive comments here,
but look forward to discussing them with you as part of our future
engagement with the Board. You will note that the Review Team has
specifically asked for feedback on who should be tasked with the
recommendations, timeframes and priorities.

I will respond here to the points that you raise about process.  You are
right to focus on it, as it seems to me that the Board has not yet absorbed
the Affirmation of Commitments Reviews into its psyche or planning
processes.  I share your view that it is appropriate to take stock at this
stage.

You raise concerns about the quality of the AoC Reviews, and seem to
suggest that the Board has a role to play in quality control. I
respectfully disagree.  From my perspective, the Affirmation of Commitments
Reviews provide an important accountability mechanism for ICANN as an
organisation, community and Board.  The fact that they are scheduled to be
repeated at regular intervals strengthens their role in evaluating ICANN's
performance over time in key areas.  In that context, the Board has a role
(through the CEO) as co-selector of the Review Team members, providing
input into the Reviews as an interested stakeholder, and overseeing the
implementation of the recommendations.

It is vital for the credibility of the Affirmation of Commitments Reviews
that the Board is not involved in the final editing of the report beyond
providing input with other stakeholders, in an open and transparent manner.
 These are independent reviews, conducted on behalf of the signatories of
the Affirmation of Commitments in the public interest.  They are not Board
outputs.  If the Board decides that the quality of the individuals on a
Review Team is sub-standard (as your reply seems to indicate is your view),
or disagrees with the findings or recommendations, or finds the quality of
the report itself to be poor, these are issues for the Board to raise in
the appropriate manner.  In my view, the most effective way of doing so
would have been for the Board to engage with the Review Team throughout the
process, as others within the ICANN community have done.

If I have misunderstood your intent in this regard, please let me know.

With these points in mind, a possible approach might be for the Board to
arrange orientation/training /brainstorming sessions to identify the role
of the Board with respect to the Reviews, and appropriate mechanisms for
the Board to participate in and respond to them. The former chairs of
Review Teams could be involved, as could the NTIA (as the other signatory
of the AoC) or the GAC (as the NTIA's proxy).

As for selection of the Review Team members, any issues you have with the
quality of the individuals or distribution of skill-sets you should raise
with your CEO and the Chair of the GAC, who selected us.  I would say,
having had the privilege to lead the WHOIS Review Team over the past year,
that the individuals are of the highest competence, and showed a readiness
both to argue their own corner, and to subsume personal or professional
interests to the public interest in completing our task.  As volunteers,
they also gave generously of their time in an effort to create a timely and
quality output.  In this regard, the early endorsement of our draft report
by both the FTC and Larry Strickling are welcome.

You particularly asked about our technical expertise.  We were fortunate to
have members of the Review Team who understood the technical issues, the
underlying protocol, and the history of the WHOIS.  We also benefited from
regular interaction with SSAC, in particular Patrik Fältström and Jim
Galvin.  No doubt, if our draft report contains technical errors, they will
continue to guide us with the same patience that they have shown to date.

Finally, on behalf of the WHOIS Review Team I am grateful for your input,
and look forward to exploring all these issues with you and the Board on
our upcoming call and face to face meeting.

Best wishes,

Emily

On 21 January 2012 00:22, Steve Crocker <steve at shinkuro.com> wrote:

> Emily,
>
> Thank you for your note and, more importantly, for all the hard work you
> and your team have put into this effort.  I apologize for the delay in
> responding.  It's not been for lack of interest or attention; in fact, it's
> precisely because this is an important effort that I want to work out with
> you what the next steps need to be.  You've asked for both a telephone
> briefing and a face to face briefing to the Board.  I think these will be
> useful and we should do them, but I want to look both deeper and farther
> ahead.  I want to make sure we ensure that the recommendations are reviewed
> carefully and either accepted or responded to, and for those
> recommendations that are accepted there will be effective implementation.
>  Your report is but the first part of the overall process.
>
> Another aspect that has been on my mind applies to reports in general, not
> just to yours.  Having received reports from many different expert groups
> over the years, I've observed two problems that sometimes occur.  One is
> weaknesses in writing or reasoning within a report, e.g. missing steps
> between factual data and conclusions, assumptions that the reader is more
> familiar with the subject matter, etc.  The other weakness that sometimes
> occurs is an expert group goes beyond its mandate or purview and makes
> recommendations that are outside its scope.  In the past we've been scared
> to push back on reports lest we be seen as influencing the report.  I'd
> like to find a way to include a quality review cycle to address the
> weaknesses I listed but without attempting to influence the judgment or
> recommendations of the expert team.  We haven't yet gotten this built into
> our cycle, so I'm struggling a bit with this.  I had wanted to get a small
> set of people together to read and comment on your report from this
> perspective, but it hasn't happened yet.  So, to avoid having more time
> pass, I'll share my comments with you and we'll move forward.  See below
> for my comments.
>
> Returning to the main point, I think we need to work out what the steps
> will be after you brief the Board.  You have a list of 20 recommendations
> in the last section of the report.  For the sake of argument, let's suppose
> we agreed wholeheartedly with all of these, what should happen next?  Quite
> a lot of work will be required, and perhaps more to the point, quite a lot
> of coordination and buy in from others will be required.  The Board doesn't
> have the power to unilaterally compel the set of changes you're
> recommending.
>
> I've copied Diane and Denise on this note.  Diane can help get a call to
> the Board scheduled and Denise can begin the discussion about next steps.
>  Let's work on these.
>
> Thanks,
>
> Steve
>
>
> ==================================================================================================
>
> Crocker's comments on the WHOIS Review Team Final Report (Draft), 5
> December 2011
>
> The report is very good and contains a lot of useful information and, of
> course, twenty recommendations worthy of careful consideration.  The
> following comments are focused on specific weaknesses and are not a
> criticism of the overall report.  They are intended to improve the accuracy
> and readability of the report not to argue with the facts or
> recommendations.
>
> Chapter 1, section A: I believe the original purpose of whois was to
> provide points of contact for the hosts that were on the network.  In the
> early days, hosts were multi-user machines, and their administrators were
> roughly comparable to the operators of small ISPs.  These were not points
> of contact for each individual.  The whois system morphed over time, but
> the formal definition and the protocols supporting it didn't change except
> to become more distributed in order to scale.
>
> Chapter 1, section B: "It is likely that it was selected for use in this
> context because it existed and was well understood.  In all probability, it
> was selected by default."  (1) It would be easy to check the facts.  Almost
> all of the relevant people are still available.  (2) What's the relevance
> of this statement?  This in contrast with what?
>
> Chapter 1, section C: "ICANN has adopted the age-old tradition of 'the
> study' in lieu of or [as] a precursor to action."  This seems pejorative to
> me.
>
> Chapter 1, section D: "Rather, it is an attempt to concisely present in a
> balanced and fair manner the very real truth  that the current system is
> broken and needs to be repaired."  While I don't disagree, I don't think
> the report has presented a proper foundation.  The whois system is intended
> to provide contact information for a purpose, or perhaps or multiple
> purposes.  The accuracy of that information is an important part of the
> story, but it's not the whole story.  What needs are not being met?  I
> think it's important to lay out the purposes of this information and how
> those purposes are not being met.  With that in hand I think it will be a
> lot more clear what it means to say the current system is broken and it
> will also be much clearer how to fix it.  To give a specific, concrete
> example, why is a proxy registration harmful?  Suppose the proxy service
> promptly and reliably passes on all message directed to the technical,
> administrative and/or owner points of contact.  Under what circumstances
> would that be insufficient?  I believe it depends on the purpose you have
> in mind for contacting the registrant.  If you have in mind telling him you
> think the domain name or the content on his web site is infringing on
> someone else's intellectual property and that if he doesn't respond the
> domain name will be removed from service, do you actually need the
> registrant's true name?  On the other hand, if the registrant's web site
> contains child pornography, then you may well need to find the person
> physically so you arrest him.  Even in this case, a proxy may be sufficient
> if it's possible for appropriate law enforcement personnel to reach the
> actual registrant via the proxy.
>
> I'm not trying to argue for one outcome or another.  My point here is that
> the purpose(s) of whois are not laid out clearly enough and hence it's not
> clear exactly what it means to say it's broken and hence even less clear
> how to fix it.
>
> This lack of clarity is repeated throughout the report, and I think the
> report would be considerably stronger and more helpful if this were fleshed
> out.
>
> Chapter 1, section G, recommendation 5.  This recommendation calls for
> "reducing the number of unreachable WHOIS registrations ... by 50% within
> 12 months and by 50% again over the following 12 months."  What is the
> number of unreachable whois registrations now?
>
> Recommendation 17: "Thin registry" is mentioned but not yet defined.
>
> Chapter 2, section A: The list of people on the WHOIS Review Team is
> impressive, but I didn't see very many people who were likely to supply the
> technical depth and understanding of the history that you would have
> needed.  Were there outside advisers?
>
> Chapter 3, section A: "There are now over 900 gTLD Registrars..." This is
> accurate in a very narrow sense.  It would be a service to the reader to
> include a much better picture.  First, the very large majority of these 900
> registrars are shell companies that exist solely to provide threads to be
> used in the drop-catch process.  They're not particularly relevant to the
> whois issue.  Further, another largish clump of registrars are run by
> domainers.  The names registered through them are not active on the net in
> ways that are relevant to this report.  (Or, perhaps they are relevant, but
> only for a specific purpose such as determining who's holding a name that
> infringes on a trademark.)  Yet further, even among the remaining
> registrars, there are important distinctions and segments.  Just a few,
> starting with GoDaddy, are very large.  The top several account for the
> vast majority of the registrations.  Meanwhile, the resellers drastically
> change the numbers in the opposite direction and also play a prominent role
> in any analysis of what the problems are.  It would be useful if this
> report included a good description of what the registrar and reseller
> landscape actually looks like.
>
> Chapter 3, section B: "Modern WHOIS Policy is buried in the contracts of
> the current Registry and Registrar Agreements."  What was WHOIS and WHOIS
> policy prior to ICANN?
>
> "As discussed above, the .COM and .ORG Registries, both run by
> VeriSign..."  I think you meant NET, not ORG.  (Also, Verisign no longer
> uses camel case.)
>
> Chapter 4, section D: What constitutes "wholly accurate"?  What impact
> does this inaccuracy have?  (These questions are a continuation of the
> primary question asked above about the purpose of the whois data.)
>
> "Just as there is no shared understanding or statement of the purpose of
> WHOIS..."  To me, this is the key.  It seems to me important to put the
> purpose of WHOIS squarely on the table and deal with the multiple purposes
> and multiple understandings of what the problems are.
>
> Chapter 5, "the issue of non-Latin scripts" -- What is the issue?
>
> "ad hoc solutions" might be interpreted as a pejorative term
>
> "the community needs to urgently address the following issues:
>
> 1. What data is needed from the registrant,
>
> 2. How this data will be represented in the data model, and
>
> 3. How this data will be accessed through registration data services."
>
> I don't think this is sufficient.  I'd add:
>
> 4. By whom?
>
> 5. For what purpose?
>
> This last question controls the accuracy question, i.e. is the data
> accurate enough for the purpose?
>
> "... a consistent policy across ccTLDs and gTLDs would make it much easier
> for consumers and law enforcement to use WHOIS data."  Yes, but the
> diversity also provides a richer set of practices to study and learn from.
>
> Chapter 6, "... effective in meeting the needs of law enforcement and
> promoting consumer trust."  These phrases should be expanded and explicated.
>
> Chapter 6, section A: "Having a failsafe avenue to contact
> administrators..."  What is the difference between inaccurate information
> and an unresponsive registrant?
>
> "Even this is not a significant concern for many registrants when only a
> small proportion of domain names lead to web sites that the registrant has
> a vested interest in maintaining uninterrupted access."  So why does
> accuracy matter?
>
> Chapter 6, section B, "knock on effects" -- What does this term mean?
>
> Chapter 6, section B, "lack of due diligence" -- What does this mean here?
>  This seems like a different matter
>
> "Another issue identified by the review team relates to the ability of
> consumers to access  WHOIS data. ... over 80% of consumers are unaware of
> WHOIS..." -- This is an entirely different issue and it should be put in a
> different part of the report.  This is perhaps a really good example of one
> of the many distinct "purposes."
>
> "... the Intellectual Property Constituency argued that:
>
> ICANN is subject to a commitment 'to having accurate and complete WHOIS'
> ... ICANN is not required to implement national safeguards for individuals'
> privacy..." -- This statement seems fatuous or perhaps disingenuous and
> hence puts the Intellectual Property Constituency in an unnecessarily bad
> light.  Is this a fair presentation of their position?
>
> "Comparison with ccTLD Practices" -- This section is very good.
>
>
>
>
>
> On Jan 9, 2012, at 4:43 AM, Emily Taylor wrote:
>
> Hi Steve
>
> And a very Happy New Year to you and your family.  I'm sure this year will
> be a challenging one for ICANN, but if I may say so, I think that your
> recent statements as Chairman have done much to calm the waters.
>
> I'm writing as Chair of the WHOIS Review Team, to explain the reasons why
> we have requested some time with the Board to discuss our draft report.
>
> The draft was published in December 2010, and is currently out for public
> comment.  We will be holding a public forum in Costa Rica.
>
> You may recall that the WHOIS Review Team was formed under the Affirmation
> of Commitments.  Its membership was selected by Rod and Heather, and it was
> formally constituted in late 2010.  We held our first formal face to face
> meeting in January 2011.  We published our report in early December, with
> 20 recommendations that we hope the Board will adopt. Our plan is to
> finalise the report following Costa Rica, to be published in April.
>
> As you may be aware, the draft report and recommendations have been
> referred to with approval by both the Federal Trade Commission and in Larry
> Strickling's most recent letter to ICANN.
>
> During the course of 2011, the Review Team undertook extensive outreach
> within the ICANN Community.  We met with the GAC, various GNSO
> constituencies including the Registries, Registrars, IPC, BC, and NCUC,
> also with ALAC, and ccNSO.   We also invited both signatories of the
> Affirmation of Commitments to give us an early briefing, so that we could
> better understand each party's objectives in calling for a review of
> WHOIS.  We had a very helpful briefing with Larry Strickling, but
> unfortunately it was not possible for ICANN's Chief Executive to find the
> time.  However, I would say that the ICANN staff were generous with their
> time, open and professional throughout the Review.
>
> I made a number of requests to Peter for us to meet with the Board during
> 2011, to give a progress report and seek the Board's input.  Unfortunately,
> due to other demands on the Board's time, it proved impossible to schedule
> any time together.
>
> Denise and I discussed the idea of doing a phone briefing with the Board.
> I believe that by having this contact in good time prior to the Costa Rica
> meeting, we will all be giving ourselves the best chances of success by:
>
>
>    - Guiding the Board through the salient points in the report, and
>    introducing the recommendations
>    - Hearing any concerns or comments that you may have early in the
>    public comment process, so that the Review Team has time to consider them
>    prior to Costa Rica
>    - We are conscious that we have had no communication at Board level
>    with ICANN, one of the signatories of the AoC, throughout our review, and
>    believe that it would be appropriate to have some dialogue before our work
>    is finalised, especially as our recommendations are directed at the Board.
>
>
> I would also be happy to have a short phone call 1:1 with you, in order to
> provide an informal briefing, and discuss the most effective way of
> introducing the report to the Board.
>
>
> With best wishes,
>
>
> Emily Taylor
> Chair,
> WHOIS Review Team
> --
>
>
>
>
> *
> *
>
> 76 Temple Road, Oxford OX4 2EZ UK
> t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
> emily at emilytaylor.eu
>
> *www.etlaw.co.uk*
>
> Emily Taylor Consultancy Limited is a company registered in England and
> Wales No. 7630471. VAT No. 114487713.
>
>
>

-- 

*
*

76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily at emilytaylor.eu

*www.etlaw.co.uk*

Emily Taylor Consultancy Limited is a company registered in England and
Wales No. 7630471. VAT No. 114487713.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20120122/31457a06/attachment.html 