[Rt4-whois] WHOIS Review Team - briefing
Steve Crocker
steve at shinkuro.com
Sun Jan 22 19:19:01 UTC 2012
On Jan 22, 2012, at 1:52 PM, Emily Taylor wrote:
> Dear Steve
>
> Thank you for your recent mail, and for your detailed comments on the draft report of the WHOIS Review Team.
>
> I will forward your substantive comments on the draft report for publication, and have cc'd the Review Team so that they have an early view of them. Your input will receive careful consideration along with the other public comments. I will not respond to those substantive comments here, but look forward to discussing them with you as part of our future engagement with the Board. You will note that the Review Team has specifically asked for feedback on who should be tasked with the recommendations, timeframes and priorities.
Two points:
1. I did not consider my comments to be substantive comments in the sense of agreeing or disagreeing with the facts or conclusions, though I understand each of us may draw these lines in different places. Rather, I was commenting on the quality, i.e. clarity, completeness, etc., of the report. I have some thoughts on the substance of the report too, but I didn't think it was appropriate for me to insert them into the conversation at this point.
2. I apologize for not clearly understanding you were requesting feedback on whom should be tasked with the recommendations, timeframes and priorities. That will take a bit of work. I'll get that organized.
> I will respond here to the points that you raise about process. You are right to focus on it, as it seems to me that the Board has not yet absorbed the Affirmation of Commitments Reviews into its psyche or planning processes.
I'm not sure what you mean by this. We take the AoC reviews very seriously.
> I share your view that it is appropriate to take stock at this stage.
>
> You raise concerns about the quality of the AoC Reviews
Apologies if there was a lack of clarity of my part. My concern about the quality of reports is not specific to AoC Reviews. I've been concerned about this for much longer. We get reports from many different groups, and I've developed my concern about quality after seeing quite few reports that were unclear, incomplete or otherwise not as good as we should expect.
> , and seem to suggest that the Board has a role to play in quality control. I respectfully disagree. From my perspective, the Affirmation of Commitments Reviews provide an important accountability mechanism for ICANN as an organisation, community and Board. The fact that they are scheduled to be repeated at regular intervals strengthens their role in evaluating ICANN's performance over time in key areas. In that context, the Board has a role (through the CEO) as co-selector of the Review Team members, providing input into the Reviews as an interested stakeholder, and overseeing the implementation of the recommendations.
>
> It is vital for the credibility of the Affirmation of Commitments Reviews that the Board is not involved in the final editing of the report beyond providing input with other stakeholders, in an open and transparent manner. These are independent reviews, conducted on behalf of the signatories of the Affirmation of Commitments in the public interest. They are not Board outputs. If the Board decides that the quality of the individuals on a Review Team is sub-standard (as your reply seems to indicate is your view), or disagrees with the findings or recommendations, or finds the quality of the report itself to be poor, these are issues for the Board to raise in the appropriate manner. In my view, the most effective way of doing so would have been for the Board to engage with the Review Team throughout the process, as others within the ICANN community have done.
>
> If I have misunderstood your intent in this regard, please let me know.
We're in agreement that the Board should not be involved in editing. We absolutely don't want to apply any pressure with respect to the content or judgment embodied in the report. Equally, we don't have the time or resources to do detailed editing or provide detailed feedback with respect to the quality of reports. But somehow there needs to be some feedback and review of the quality of reports.
With respect to raising these issues during the process, until the draft report was available, I'm not sure how we could have commented on the quality of the report.
>
> With these points in mind, a possible approach might be for the Board to arrange orientation/training /brainstorming sessions to identify the role of the Board with respect to the Reviews, and appropriate mechanisms for the Board to participate in and respond to them. The former chairs of Review Teams could be involved, as could the NTIA (as the other signatory of the AoC) or the GAC (as the NTIA's proxy).
I'll be happy to facilitate this.
>
> As for selection of the Review Team members, any issues you have with the quality of the individuals or distribution of skill-sets you should raise with your CEO and the Chair of the GAC, who selected us. I would say, having had the privilege to lead the WHOIS Review Team over the past year, that the individuals are of the highest competence, and showed a readiness both to argue their own corner, and to subsume personal or professional interests to the public interest in completing our task. As volunteers, they also gave generously of their time in an effort to create a timely and quality output. In this regard, the early endorsement of our draft report by both the FTC and Larry Strickling are welcome.
I take no issue with the volunteers who participated on the team.
> You particularly asked about our technical expertise. We were fortunate to have members of the Review Team who understood the technical issues, the underlying protocol, and the history of the WHOIS. We also benefited from regular interaction with SSAC, in particular Patrik Fältström and Jim Galvin. No doubt, if our draft report contains technical errors, they will continue to guide us with the same patience that they have shown to date.
I think you're referring to my comment that one part of the report seemed light on the history of whois, which caused me to look at the list of people on the team and realize how few were technical to note the absence of people either on the team or referred to in the report who had lived through the more than forty year development of the whois service.
I don't think this is of the greatest importance since we can look at how whois operates today and work from where we are, but I would have hoped that people new to the whois debates would be able to turn to this report to get a good perspective based on the history and development of issues related to whois.
> Finally, on behalf of the WHOIS Review Team I am grateful for your input, and look forward to exploring all these issues with you and the Board on our upcoming call and face to face meeting.
Thanks,
Steve
>
> Best wishes,
>
> Emily
>
> On 21 January 2012 00:22, Steve Crocker <steve at shinkuro.com> wrote:
> Emily,
>
> Thank you for your note and, more importantly, for all the hard work you and your team have put into this effort. I apologize for the delay in responding. It's not been for lack of interest or attention; in fact, it's precisely because this is an important effort that I want to work out with you what the next steps need to be. You've asked for both a telephone briefing and a face to face briefing to the Board. I think these will be useful and we should do them, but I want to look both deeper and farther ahead. I want to make sure we ensure that the recommendations are reviewed carefully and either accepted or responded to, and for those recommendations that are accepted there will be effective implementation. Your report is but the first part of the overall process.
>
> Another aspect that has been on my mind applies to reports in general, not just to yours. Having received reports from many different expert groups over the years, I've observed two problems that sometimes occur. One is weaknesses in writing or reasoning within a report, e.g. missing steps between factual data and conclusions, assumptions that the reader is more familiar with the subject matter, etc. The other weakness that sometimes occurs is an expert group goes beyond its mandate or purview and makes recommendations that are outside its scope. In the past we've been scared to push back on reports lest we be seen as influencing the report. I'd like to find a way to include a quality review cycle to address the weaknesses I listed but without attempting to influence the judgment or recommendations of the expert team. We haven't yet gotten this built into our cycle, so I'm struggling a bit with this. I had wanted to get a small set of people together to read and comment on your report from this perspective, but it hasn't happened yet. So, to avoid having more time pass, I'll share my comments with you and we'll move forward. See below for my comments.
>
> Returning to the main point, I think we need to work out what the steps will be after you brief the Board. You have a list of 20 recommendations in the last section of the report. For the sake of argument, let's suppose we agreed wholeheartedly with all of these, what should happen next? Quite a lot of work will be required, and perhaps more to the point, quite a lot of coordination and buy in from others will be required. The Board doesn't have the power to unilaterally compel the set of changes you're recommending.
>
> I've copied Diane and Denise on this note. Diane can help get a call to the Board scheduled and Denise can begin the discussion about next steps. Let's work on these.
>
> Thanks,
>
> Steve
>
> ==================================================================================================
>
> Crocker's comments on the WHOIS Review Team Final Report (Draft), 5 December 2011
>
> The report is very good and contains a lot of useful information and, of course, twenty recommendations worthy of careful consideration. The following comments are focused on specific weaknesses and are not a criticism of the overall report. They are intended to improve the accuracy and readability of the report not to argue with the facts or recommendations.
>
> Chapter 1, section A: I believe the original purpose of whois was to provide points of contact for the hosts that were on the network. In the early days, hosts were multi-user machines, and their administrators were roughly comparable to the operators of small ISPs. These were not points of contact for each individual. The whois system morphed over time, but the formal definition and the protocols supporting it didn't change except to become more distributed in order to scale.
>
> Chapter 1, section B: "It is likely that it was selected for use in this context because it existed and was well understood. In all probability, it was selected by default." (1) It would be easy to check the facts. Almost all of the relevant people are still available. (2) What's the relevance of this statement? This in contrast with what?
>
> Chapter 1, section C: "ICANN has adopted the age-old tradition of 'the study' in lieu of or [as] a precursor to action." This seems pejorative to me.
>
> Chapter 1, section D: "Rather, it is an attempt to concisely present in a balanced and fair manner the very real truth that the current system is broken and needs to be repaired." While I don't disagree, I don't think the report has presented a proper foundation. The whois system is intended to provide contact information for a purpose, or perhaps or multiple purposes. The accuracy of that information is an important part of the story, but it's not the whole story. What needs are not being met? I think it's important to lay out the purposes of this information and how those purposes are not being met. With that in hand I think it will be a lot more clear what it means to say the current system is broken and it will also be much clearer how to fix it. To give a specific, concrete example, why is a proxy registration harmful? Suppose the proxy service promptly and reliably passes on all message directed to the technical, administrative and/or owner points of contact. Under what circumstances would that be insufficient? I believe it depends on the purpose you have in mind for contacting the registrant. If you have in mind telling him you think the domain name or the content on his web site is infringing on someone else's intellectual property and that if he doesn't respond the domain name will be removed from service, do you actually need the registrant's true name? On the other hand, if the registrant's web site contains child pornography, then you may well need to find the person physically so you arrest him. Even in this case, a proxy may be sufficient if it's possible for appropriate law enforcement personnel to reach the actual registrant via the proxy.
>
> I'm not trying to argue for one outcome or another. My point here is that the purpose(s) of whois are not laid out clearly enough and hence it's not clear exactly what it means to say it's broken and hence even less clear how to fix it.
>
> This lack of clarity is repeated throughout the report, and I think the report would be considerably stronger and more helpful if this were fleshed out.
>
> Chapter 1, section G, recommendation 5. This recommendation calls for "reducing the number of unreachable WHOIS registrations ... by 50% within 12 months and by 50% again over the following 12 months." What is the number of unreachable whois registrations now?
>
> Recommendation 17: "Thin registry" is mentioned but not yet defined.
>
> Chapter 2, section A: The list of people on the WHOIS Review Team is impressive, but I didn't see very many people who were likely to supply the technical depth and understanding of the history that you would have needed. Were there outside advisers?
>
> Chapter 3, section A: "There are now over 900 gTLD Registrars..." This is accurate in a very narrow sense. It would be a service to the reader to include a much better picture. First, the very large majority of these 900 registrars are shell companies that exist solely to provide threads to be used in the drop-catch process. They're not particularly relevant to the whois issue. Further, another largish clump of registrars are run by domainers. The names registered through them are not active on the net in ways that are relevant to this report. (Or, perhaps they are relevant, but only for a specific purpose such as determining who's holding a name that infringes on a trademark.) Yet further, even among the remaining registrars, there are important distinctions and segments. Just a few, starting with GoDaddy, are very large. The top several account for the vast majority of the registrations. Meanwhile, the resellers drastically change the numbers in the opposite direction and also play a prominent role in any analysis of what the problems are. It would be useful if this report included a good description of what the registrar and reseller landscape actually looks like.
>
> Chapter 3, section B: "Modern WHOIS Policy is buried in the contracts of the current Registry and Registrar Agreements." What was WHOIS and WHOIS policy prior to ICANN?
>
> "As discussed above, the .COM and .ORG Registries, both run by VeriSign..." I think you meant NET, not ORG. (Also, Verisign no longer uses camel case.)
>
> Chapter 4, section D: What constitutes "wholly accurate"? What impact does this inaccuracy have? (These questions are a continuation of the primary question asked above about the purpose of the whois data.)
>
> "Just as there is no shared understanding or statement of the purpose of WHOIS..." To me, this is the key. It seems to me important to put the purpose of WHOIS squarely on the table and deal with the multiple purposes and multiple understandings of what the problems are.
>
> Chapter 5, "the issue of non-Latin scripts" -- What is the issue?
>
> "ad hoc solutions" might be interpreted as a pejorative term
>
> "the community needs to urgently address the following issues:
>
> 1. What data is needed from the registrant,
>
> 2. How this data will be represented in the data model, and
>
> 3. How this data will be accessed through registration data services."
>
> I don't think this is sufficient. I'd add:
>
> 4. By whom?
>
> 5. For what purpose?
>
> This last question controls the accuracy question, i.e. is the data accurate enough for the purpose?
>
> "... a consistent policy across ccTLDs and gTLDs would make it much easier for consumers and law enforcement to use WHOIS data." Yes, but the diversity also provides a richer set of practices to study and learn from.
>
> Chapter 6, "... effective in meeting the needs of law enforcement and promoting consumer trust." These phrases should be expanded and explicated.
>
> Chapter 6, section A: "Having a failsafe avenue to contact administrators..." What is the difference between inaccurate information and an unresponsive registrant?
>
> "Even this is not a significant concern for many registrants when only a small proportion of domain names lead to web sites that the registrant has a vested interest in maintaining uninterrupted access." So why does accuracy matter?
>
> Chapter 6, section B, "knock on effects" -- What does this term mean?
>
> Chapter 6, section B, "lack of due diligence" -- What does this mean here? This seems like a different matter
>
> "Another issue identified by the review team relates to the ability of consumers to access WHOIS data. ... over 80% of consumers are unaware of WHOIS..." -- This is an entirely different issue and it should be put in a different part of the report. This is perhaps a really good example of one of the many distinct "purposes."
>
> "... the Intellectual Property Constituency argued that:
>
> ICANN is subject to a commitment 'to having accurate and complete WHOIS' ... ICANN is not required to implement national safeguards for individuals' privacy..." -- This statement seems fatuous or perhaps disingenuous and hence puts the Intellectual Property Constituency in an unnecessarily bad light. Is this a fair presentation of their position?
>
> "Comparison with ccTLD Practices" -- This section is very good.
>
>
>
>
>
> On Jan 9, 2012, at 4:43 AM, Emily Taylor wrote:
>
>> Hi Steve
>>
>> And a very Happy New Year to you and your family. I'm sure this year will be a challenging one for ICANN, but if I may say so, I think that your recent statements as Chairman have done much to calm the waters.
>>
>> I'm writing as Chair of the WHOIS Review Team, to explain the reasons why we have requested some time with the Board to discuss our draft report.
>>
>> The draft was published in December 2010, and is currently out for public comment. We will be holding a public forum in Costa Rica.
>>
>> You may recall that the WHOIS Review Team was formed under the Affirmation of Commitments. Its membership was selected by Rod and Heather, and it was formally constituted in late 2010. We held our first formal face to face meeting in January 2011. We published our report in early December, with 20 recommendations that we hope the Board will adopt. Our plan is to finalise the report following Costa Rica, to be published in April.
>>
>> As you may be aware, the draft report and recommendations have been referred to with approval by both the Federal Trade Commission and in Larry Strickling's most recent letter to ICANN.
>>
>> During the course of 2011, the Review Team undertook extensive outreach within the ICANN Community. We met with the GAC, various GNSO constituencies including the Registries, Registrars, IPC, BC, and NCUC, also with ALAC, and ccNSO. We also invited both signatories of the Affirmation of Commitments to give us an early briefing, so that we could better understand each party's objectives in calling for a review of WHOIS. We had a very helpful briefing with Larry Strickling, but unfortunately it was not possible for ICANN's Chief Executive to find the time. However, I would say that the ICANN staff were generous with their time, open and professional throughout the Review.
>>
>> I made a number of requests to Peter for us to meet with the Board during 2011, to give a progress report and seek the Board's input. Unfortunately, due to other demands on the Board's time, it proved impossible to schedule any time together.
>>
>> Denise and I discussed the idea of doing a phone briefing with the Board. I believe that by having this contact in good time prior to the Costa Rica meeting, we will all be giving ourselves the best chances of success by:
>>
>> Guiding the Board through the salient points in the report, and introducing the recommendations
>> Hearing any concerns or comments that you may have early in the public comment process, so that the Review Team has time to consider them prior to Costa Rica
>> We are conscious that we have had no communication at Board level with ICANN, one of the signatories of the AoC, throughout our review, and believe that it would be appropriate to have some dialogue before our work is finalised, especially as our recommendations are directed at the Board.
>>
>> I would also be happy to have a short phone call 1:1 with you, in order to provide an informal briefing, and discuss the most effective way of introducing the report to the Board.
>>
>>
>> With best wishes,
>>
>>
>> Emily Taylor
>> Chair,
>> WHOIS Review Team
>> --
>>
>>
>>
>>
>>
>>
>> 76 Temple Road, Oxford OX4 2EZ UK
>> t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
>> emily at emilytaylor.eu
>>
>> www.etlaw.co.uk
>>
>> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 7630471. VAT No. 114487713.
>>
>
>
>
>
> --
>
>
>
>
>
>
> 76 Temple Road, Oxford OX4 2EZ UK
> t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
> emily at emilytaylor.eu
>
> www.etlaw.co.uk
>
> Emily Taylor Consultancy Limited is a company registered in England and Wales No. 7630471. VAT No. 114487713.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20120122/8334c728/attachment.html
More information about the Rt4-whois
mailing list