[ga] Re: [atlarge-discuss] my comments to the WHOIS Task Force reports

[Jeff Williams <jwkckid1@ix.netcom.com>]

Vittorio and all assembly members,


Vittorio Bertola wrote:

> Comments on the "Possible Recommendations" of the DNSO WHOIS Task
> Force Report
>
> Vittorio Bertola
> August 28, 2002
>
> This document exposes my comments to the "Possible Recommendations"
> section of the Report of the WHOIS Task Force of DNSO's Names Council.
> These comments are personal and do not reflect the view of any of the
> entities I am involved with (i.e. ISOC Italy, icannatlarge.com, or the
> At Large Organizing Committee). However, they have matured after
> careful reading of the discussions on the DNSO GA list and on other
> ICANN-related lists, mainly populated by users and individual domain
> name owners. So, while I do not claim that the following statements
> represent the opinions of these constituencies, I know that they are
> shared by a number of their members.
>
> A.      Accuracy of data contained in the WHOIS database
>
> The need of having accurate data listed in the WHOIS service is
> agreeable.

  Indeed accurate data in the Whois record for a Domain Name
is essential.  However "Accurate" should not be equated to
having personal and private information or the registrant as the
Draft Report suggests.

>
>
> First of all, I note that the only entity able to guarantee the
> freshness of the data is the registrant - so if accuracy has to be
> granted, the registrant must be deeply involved in the process.

  It is not necessary for the registrant to be deeply involved at all.
Rather the Admin for that Domain Name's whois or registration
listing is much more than adequate.

>
> However, if the registrant is to be required to keep its contact data
> updated - especially if failure to do so might mean getting penalties
> of any kind - then the registrar is to be clearly required to offer
> registrants a simple mechanism (ie Web and/or e-mail based) to check
> and update his contact data, as a provision in the RAA.

  Again no, it is not necessary or even advisable for every Registrant
to maintain themselves their Domain Name Whois data.  That is what
and Admin for a Domain Name is for.  This however does not preclude
some Registrants from doing os if they so choose.  (Opt-in option).

> Especially in
> ccTLDs, there are cases where, as a result of privacy protection
> measures, the registrant himself is unable even just to check the
> information currently listed for his domain.  However, to protect the
> registrant's privacy, such mechanism should be made available to the
> registrant only, via an authentication scheme established at the time
> of the domain registration.
>
> Also, I suggest that it is more likely that registrants keep their
> data updated if they are asked to give them in one and only one place.
> So, at least in the mid term, it should be established a system not to
> duplicate contact data across the various TLDs, for example in one of
> the following ways:
> ·       Creation of a centralized "Identity Registry" (for individuals
> and organizations) to which all WHOIS databases point with a standard
> identity handle, and which all registries use to store and retrieve
> the contact data;

  Again not necessary and a bit verbose as well.  The Admin contact
E-Mail address and Phone Number provides for this already in Whois.

>
> ·       Introduction of standard cross-TLD identity handles in all
> WHOIS databases, so that, when registering a domain, the registrant
> can point to his contact data as already provided to the
> registrar/registry of another TLD.

  Also not necessary, verbose, and easily subject to abuse's of various
types as has been vetted on the DNSO GA Forum to that Registrants
personal and private information.

>
> This of course requires complete standardization of the data set
> required to identify individuals and organizations in the DNS system.

  And that standard is already in place with the current Whois...

>
>
> Finally, I note that having an accurate WHOIS database under the
> registry's control does not imply that such database has to be made
> fully and easily available to whoever desires to read it. The Task
> Force Report should stress that this point deserves better
> consideration in all future agreements and policy-making processes. I
> will deal with more detail with privacy issues when commenting section
> C - but I have to note that the current, total lack of privacy about
> the registrants' personal information is a strong incentive for people
> and companies to purposedly provide invalid or incorrect contact data.
> Given the scale of the DNS and the difficulty in checking the
> veridicity of personal information for entities scattered around the
> whole world, I think that even the introduction of penalties of any
> kind will not particularly help to get better accuracy in WHOIS
> information if a certain degree of guaranteed privacy is not
> introduced. (And by the way, in many countries it is extremely dubious
> that a WHOIS system that does not offer such privacy guarantees abides
> by the privacy protection laws.)
>
> B.      Uniformity of data formats
>
> As already stated, I think that uniformity of data formats is a
> necessary precondition to get better accuracy in WHOIS data.

  Agreed.  We have this for gTLD Whois now.

>
>
> Especially for individuals and companies that own domains across a
> number of different TLDs, it is practically impossible to cope with
> the huge number of different data sets, input systems and local
> conventions that are currently used. So the agreement by all gTLD and
> ccTLD registries upon an uniform set of data to identify DNS entities
> is absolutely necessary. ICANN should try to foster such agreement,
> work with all gTLD and ccTLDs to reach it, and later force its
> adoption (with reasonable phase-in times) in its contracts with gTLD
> and ccTLD registries.

  Agreed here.

>
>
> C.      Better searchability of WHOIS databases
>
> Personally, I absolutely cannot see any need for better searchability
> of WHOIS databases, and especially for queries that might return more
> than one domain name at a time. In fact, I only see the need for
> reducing the access to WHOIS databases, to enforce a higher degree of
> privacy protection, and to avoid the current widespread use of WHOIS
> information for unsolicited e-mail and other unwanted marketing uses.
> Such higher degree of protection is clearly requested by the Internet
> community, as shown by the responses to the Task Force survey.

  No not requested, demanded...

>
>
> Registrants should be able to choose whether their personal data are
> to be publicly accessed through WHOIS queries, or not; they should
> have the option of accepting public distribution of their data, within
> a separate opt-in part of the registration agreement, when registering
> the domain

  Agreed.  And this is Key.

> . The implementation of this option should be required to
> registrars and registries; in fact, the absence of this option is very
> likely to make the whole WHOIS system illegal, at least under the laws
> of the European Union. The only exception to this should be the
> availability of a technical contact point e-mail (and, optionally,
> telephone and fax numbers), which should be made available via WHOIS
> queries on a per-domain basis; this can be justified (also in front of
> the law) as a necessary instrument for providing the DNS service.
> Also, the availability and functionality of the postmaster@domain
> e-mail address should be required in all domain registration
> agreements.
>
> In any case where access to other WHOIS data (for example, the
> identity of the registrant) is necessary for law enforcement purposes,
> there already are laws that give law enforcement agencies the
> necessary instruments to access such information even if it is not
> accessible via WHOIS queries. In fact, to speed this up, registries
> could be required to establish separate, private accesses, to be
> reserved to officers of the appropriate law enforcement bodies, that
> can offer full access and searchability to their databases.
>
> D.      Marketing use of WHOIS data
>
> Generally speaking (and as required by many national privacy laws),
> registrants have to be provided with options to opt in or out from any
> kind of usage, distribution and processing of their data that is not
> strictly necessary to supply the DNS service; these options must be
> clearly stated, separated from the core of the domain registration
> agreement, and it must be absolutely clear to customers that they can
> register the domain name even if they do not accept to provide their
> personal information for these additional uses.
>
> This means that, for example, all registrars should be required to
> structure their registration forms, either Web- or paper-based, with
> separate options for opting in to any kind of bulk access - even if
> not aimed at marketing purposes - or marketing usage of their data.
> Registrars and registries must not be able to refuse registrations due
> to the user's wish not to opt in to these additional uses.
> --
> vb.               [Vittorio Bertola - v.bertola [a] bertola.eu.org]<------
> ----------------------> http://bertola.eu.org/ <--------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html