[ga] Text Posting of Michael Palage's Comments on Whois Task Force

["Michael D. Palage" <michael@palage.com>]

Comments on the Names Council’s Whois Task Force Interim Report

I.	Executive Summary

The Names Council Whois Task Force should be commended for the unenviable
task of attempting to tackle the global and complex issues surrounding the
access and accuracy of Whois data. However, the appearance that there is
real consensus on these complex issues is misleading. For the reasons set
forth below, most of the Whois Task Force’s interim recommendations:

·	are inconsistent with ICANN’s existing contractual obligations;
·	would violate ICANN’s mission and core values as set forth in both the
current and proposed by-laws;
·	conflict with existing technical and market realities;
·	would threaten the stability of the Internet and cause undue harm and
damages to businesses and users; and
·	are not based on documented and reliable consensus.

II.	Positive Elements of the Whois Task Force Report

Before detailing concerns with the report, it is important to acknowledge
and affirm some the principles contained in the report that are an important
part of any future comprehensive Whois solution:

·	Enforcing existing contractual provisions is an essential first step
toward improving WHOIS data accuracy;
·	Uniformity of formats and elements is helpful, but relies upon standards
developments; and
·	Whois discussion must take into account national law and local stakeholder
perspectives, particularly when an ICANN contracting party is subject to the
jurisdiction of these laws.

III.	Flaws in the Whois Task Force Report

·	The Task Force chose to “interpret their mandate broadly”; “there [were]
several questions which [the Task Force did not] fully examine”; and the
survey the Task Force conducted was not “statistically valid” – these
admissions indicate the Task Force’s liberal use of interpretation of data,
which counters against the notion that a clear consensus was found.

·	The Whois Task Force’s proposed regulatory solutions imposing substantial
graduated fines ($250/$500/$1,000 per incident) and mandating business
practices (filters) contradicts ICANN’s role as a technical coordinating
body.

·	Some of the Whois Task Force’s recommendations explicitly rely on changes
to the ICANN Registrar Accreditation Agreement (RAA). Per Louis Touton’s
note of October 20, 2002, ICANN lacks the contractual authority to
unilaterally renegotiate this or other agreements.

·	In Interim recommendation 1.0, the Whois Task Force instructs ICANN to
require registrars to use “automated mechanisms” (filters) to screen data.
These recommendations are not supported by any data to demonstrate the
technical nor commercial viability of these “automated mechanisms” on small,
medium and large-scale registrars. In fact these recommendations would
appear to contradict established case law that has held filters “place an
unreasonable burden” on registrars. See Worldsport Networks Limited v.
Artinternet S.A. and Cedric Loison.

·	The Whois Task Force reaffirmed the stated ICANN policy that the failure
of a registrant to respond to an inquiry regarding the accuracy of the Whois
data after fifteen days should result in immediate cancellation of the
domain name.

·	Market realities may make it difficult for some domain name registrants to
interact with certain registrars, and such rules if rigidly enforced would
have dire and unintended consequences to honest domain name registrants.
Although affirmative steps should be taken to remove domain name associated
with potentially false Whois data from the zone files, canceling the domain
name is a Draconian approach with potential grave consequences. The more
prudent approach that the Whois Task Force should have considered is
removing the domain from the zone file (same effect as a delete) but with a
larger safety net to protect consumers and businesses.

·	The Whois Task Force recommends that any domain name cancelled on the
basis of false contact data be subject to the Redemption Grace Period (RGP).
Although the Task Force recommends that this rigid cancellation process be
implemented in the “near term,” the Whois Task Force appears to have
overlooked the fact that no ICANN sanctioned TLD currently has an
operational RGP in place.

·	The Whois Task Force makes several recommendation of the standardization
of Whois data formats and outputs. Although this is an effort that merits
further discussion, the Whois Task Force’s recommendation appears to
potential violate NeuLevel’s registry contract that explicitly allows for
the registry to introduce the ability for registrars to use XRP to add
customized fields to a record in the registry, see Appendix O
http://www.icann.org/tlds/agreements/biz/registry-agmt-appo-11may01.htm

·	Although the Whois Task Force acknowledges that certain standard efforts
involving Whois data such as the new Cross Registry Information Service
Protocol (CRISP) may improve or replace existing port 43 access to Whois,
the Task Force would impose policy recommendations upon standards
development in contradiction of ICANN’s technical coordinating mandate to
have policy supercede the standards development upon which the Internet has
been built.

·	Despite the concerns of the Registrar Constituency regarding Whois data
mining, the Task Force failed to study this problem.  In fact, addressing
this problem would help registrars find the resources to address the other
Whois issues of concern to the Task Force.  This is particularly problematic
in that there have been two litigations filed involving registrars on this
very matter.

Register.com v. Verio. This litigation was one of the driving forces in the
creation of this Task Force, and it addresses the very important precedent
of the no-third party beneficiary clause contained in the ICANN Registrar
Registry Agreement.  See
http://www.icann.org/registrars/register.com-verio/order-08dec00.htm

GoDaddy v. VeriSign. Although the parties in this litigation recently
reached a settlement agreement, in GoDaddy’s Fifth Claim for Relief it
alleged that VeriSign improperly and illegally obtained a copy of GoDaddy’s
Customer Contact Data.

·	John Berryhill, Esq. has also raised a number of valid concerns regarding
shortcomings of the Whois Task Force recommendations. Specifically, the Task
Force has failed to define what constituents “inaccurate” data for the
purposes of this policy although it has set forth in great detail the
sanctions associated with “inaccurate” data. As Mr. Berryhill has recently
inquired, does the use of role accounts in Whois data which is neither a
person nor a legal entity constituent inaccurate information?

·	The Whois Task Force recommendations requiring “thick” registries to
screen and filter data similarly lack any documented evidence to support the
technical nor commercial viability of this solution.  This proposed solution
potentially interferes with the relationships between registrars and their
customers – a step that ICANN had scrupulously avoided in negotiating
registry agreements. Moreover, imposing this policy requirement on the thick
registries would allow them under their contract to raise their fees to
cover their expenses while also recognizing a reasonable profit. Because of
the unforeseen costs associated with these proposed policy recommendation,
registrars could have significant cost increases imposed upon them.

·	Some of the Task Force recommendations also ignore the contractual
obligations between the registries and registrars. For example, un-sponsored
registries are prohibited in most circumstances from contacting the domain
name registrant. However, the Whois Task Force seeks to impose an obligation
on thick registries to identify and delete domain names associated with
inaccurate information. There also appears to be no contractual right in the
current agreement for registries to collect the monetary sanctions proposed
by the Task Force.

·	The Task Force has also failed to account for potential abuses of its
recommendations. For example, the Whois Task Force recommends that all
domain names associated with false and inaccurate Whois data be deleted.
Under these Draconian rules, consider the following scenario. Company A
falsely registers a domain name in the name of Company B seeking to
tortuously interfere with Company B’s business operations. Company A then
reports this information through ICANN Internet.net web site. When the data
is found to be false, under the proposed rules, all of Company B’s domain
names registered and used in good faith would be cancelled.

·	There were also several valid comments submitted to the Whois Task Force
regarding the legal considerations involving the right to use the domain
name, and how these right associate to the different Whois data elements.
Although there is an established body of law holding that domain names are
not property, this legal view may not be universally shared around the
world. There should be detailed discussion regarding the legal implications
under the EPP protocol regarding the distinction between the Whois data
elements of Registrant Name and Registrant Organization. Given the rigid
sanctions proposed by the Whois Task Force, it would be prudent to discuss
the legal rights and obligations of individuals associated with different
Whois contact handles.

·	Despite several comments from participants regarding privacy rights it
appears that the Whois Task Force did not provide a very detailed analysis
of the European Data Privacy Directive, or other national laws. Any
potential ICANN policy that is implemented must take into account national
law and local stakeholder perspectives, particularly when an ICANN
contracting party is subject to the jurisdiction of these laws.

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html