DNSO Mailling lists archives


<<< Chronological Index >>>    <<< Thread Index >>>

[nc-whois] Summary: Comments on Bulk Acces, Marketing, and Privacy.


This comment from Vittorio Bertola was originally posted during the  
Task Force's first comment period in August, but effectively lost in 
the interim report due to a clerical error.  Mr. Bertola observes 
that "registrants have to be provided with options to opt in or out 
 from any kind of usage, distribution and processing of their data 
that is not strictly necessary to supply the DNS service; these 
options must be clearly stated, separated from the core of the 
domain registration agreement, and it must be absolutely clear to 
customers that they can register the domain name even if they do not 
accept to provide their personal information for these additional 
uses." Mr. Bertola explicitly applies this principle to bulk access, 
even if not aimed at marketing purposes.


In this comment, Michael Palage remarks: "Despite several comments  
 from participants regarding privacy rights it appears that the Whois 
Task Force did not provide a very detailed analysis of the European  
Data Privacy Directive, or other national laws. Any potential ICANN  
policy that is implemented must take into account national law and  
local stakeholder perspectives, particularly when an ICANN  
contracting party is subject to the jurisdiction of these laws."


In this further comment, Michael Palage writes that the current  
WHOIS system fails to "adequately meet the needs and concerns of  
governments, intellectual property owners, domain name registration  
authorities, as well as consumer and privacy advocacy groups." He  
then suggests to dissolve the Task Force, and initiate a "blue  
ribbon panel" in order to perform "a comprehensive bottoms-up [sic!] 
review and overhaul."


This comment from Karl Auerbach remarks that the interim report does 
not answer the "primary question why personally identifiable 
information must be published to the public at all." Mr. Auerbach  
then elaborates on a number of privacy protection mechanisms, in  
particular including the requirement that those examining the WHOIS  
reports first identify themselves, and that the "time, date, and  
identity of every inquiry be recorded and made available to the data 


In this comment from the NYIPLA Internet Law Committee, an argument  
based on U.S. law is given which leads to the view of the Committee  
that domain name registrations are public records.  A dissenting  
opinion by Wendy Seltzer, included with the comment, argues in favor 
of the use of anonymous or pseudonymous contacts, baesd on the  
observation that "in the United States, anonymous speech is a  
constitutionally protected right."


This message (including attachments) contains the comments from the  
gTLD registry constituency.  With respect to the interim  
recommendations on bulk access and marketing, it is observed that  
the "biggest problem with bulk access is the inability to enforce  
requirements.  If conditions are virtually unenforceable, then  
nothing is gained by making changes except possibly creating a false 
sense of accomplishment and increasing costs." It is asked who  
should decide what constitutes "legitimate" use of bulk data.  The  
idea of cost-based bulk access to WHOIS data is called "socialistic" 
and "terrible".  It is requested that the notes about RAA  
be clarified as dealing specifically with registrars making WHOIS  
databases available to third parties for marketing purposes. 
Further, is called "meaningless" unless it's enforceable; 
re, it is asked how a registrar should determine that Whois 
data is being used for improper marketing purposes, and it is 
doubted that this is feasible at all.


This comment, submitted by Rebecca J. Richards on behalf of TRUSTe,  
"strongly supports the review of the bulk access provisions of the  
RAA." It is suggested that by "following the fair information  
practices of notice, choice, access and security, the WHOIS database 
can balance the safety of the public at-large with the privacy of  
Web site owners." TRUSTe supports making an opportunity to opt-out 
of third party marketing uses of WHOIS available to all registrants.

"Providing the database information to mass marketers without  
providing those in the database even the courtesy of allowing them  
to opt-out does not create a trusting, transparent and accountable  
system," the comment continues.  

It is also noticed that "the WHOIS database has been an important
tool for consumer safety and, in our experience, has been an 
irreplaceable means of ensuring the validity of the privacy promises 
that companies make."


This comment was submitted by Troy Dow on behalf of the MPAA. The  
comments on bulk access and privacy are too concise to benefit from  
being summarized, so I quote them completely: "The Whois Survey  
clearly indicates both privacy concerns over bulk access to Whois  
data for marketing purposes and strong support for the continued  
public availability of Whois data for legitimate purposes.  As the  
Interim Report recognizes, there are a number of legitimate  
non-marketing purposes for bulk access.  In fact, much of the  
functionality supported by the survey respondents might be realized  
through third-party services enabled by bulk access to reliable  
Whois data.  MPAA would support efforts to protect against the use  
of bulk access to Whois data for unwanted and unsolicited marketing  
purposes.  In fact, such efforts may in fact contribute to better,  
more accurate Whois data for legitimate uses.  Care can and should  
be taken, however, to address such privacy concerns in a way that  
continues to accommodate bulk access by responsible parties in  
furtherance of legitimate uses of Whois data."


This extensive comment was submitted by Ross Wm. Rader on behalf of  
Tucows.  Tucows notes that limitations of the types of third parties 
eligible to enter into a bulk access agreement would require  
subjective determinations by registrars whether some definitions are 
satisfied. Tucows believes that this would require the installation 
of some kind of an appeals process, and proposes that such an 
approach "would likely be unwieldy."

Tucows takes the position that access to bulk data should be 
determined by registrars themselves, and feels that the bulk access 
requirement is inappropriate.  Practical experience is cited as 
having demonstrated "that those that most desire access to these 
customer lists are those that are most likely to inappropriate use 
these resources."  It is argued that the market-based approach 
advocated would enable registrants to choose registrars based on 
privacy policies, thereby increasing competition.

Regarding practical experiences with the current bulk access regime, 
Tucows quotes "inappropriate marketing (slamming, deceptive 
notices), misappropriation of intellectual property under the terms 
of the license and other wholly inappropriate activities."

The idea of restricting the fee for bulk data is rejected.  Instead, 
market-based pricing is suggested.

The proposed modification of section 3.3.6 of the RAA is rejected. 

The approach of imposing a number of minimal safeguards on bulk  
access provided by registrars on a voluntary basis seems to be  
acceptable to the commenter; it is suggested that the "restrictions 
on a registrars capability to impose new or differing requirements  
on bulk whois users" should be modified.

Tucows observes that registrars typically do make the condition in mandatory even with the current language.  In order to 
support business models which may not implement such a requirement, 
Tucows suggests that "it would seem prudent to continue to allow the 
flexibility in implementation as specified in the current contracts."

Under the assumption that the current contractual requirements are 
continued, a provision which explicitly forbids any use for purposes 
other than those stated in the bulk access agreement is supported by 
Tucows.  In the event of a change to the requirements, the question 
should be re-evaluated.

With respect to the opt-out provision, Tucows notes customer demand 
for an opt-in policy, and suggests that registrars should have the 
choice between opt-out and opt-in policies.

Tucows' response to the task force's question about different  
policies and different sets of bulk data for marketing and  
non-marketing uses is slightly confusing; I have asked Ross Rader  
for clarification, and will forward this to the Task Force. The 
response in Tucows' own words: "Not under the regulated approach 
advocated by the Task Force. Each of these approaches possesses 
significant social and economic costs for Registrants and Registrars 
that would be more appropriately dealt with through a market-based 
approach to the issue of Bulk Whois data access."


This comment was submitted by Rick Wesson (Alice's Registry).  It  
emphasizes that privacy is the "single most talked about topic with  
WHOIS", and that it impacts each of the areas of the report.  "The 
fact remains that the largest use of whois is for marketing 
purposes, the task-force MUST address this issue in its final 


This comment, submitted by Michael Erdle on behalf of the Domain  
Names and Trade-marks on the Internet Committee of the Intellectual  
Property Institute of Canada.  The Committee "notes that searching  
and marketing of WHOIS data must comply with applicable privacy  
laws. For example, in Canada, registrars must obtain consent to the  
collection and use of the data.  In many situations, implied consent 
and "opt-out" procedures are not sufficient." It is noted that  
explicit consent to both collection and use of data may be required, 
in particular when the use is "not directly necessary for hte  
maintenance of the registry."


In this comment, Norbert Klein (Open Forum of Cambodia) articulates  
surprise that, after the long process the Task Force has gone 
through, the bulk access recommendations do not answer the question 
what use is to be considered "legitimate."


In this comment, Paul Stahura from Enom points to the possible  
interaction between overly broad access to and use of WHOIS data and 
accuracy of these data.  With respect to bulk access to these data,  
Mr. Stahura recommends that "the $10k cap should be eliminated for  
anyone who is not authorized somehow by ICANN to get the bulk data." 
There should be small set of entities granted the ability to access  
bulk data at a relatively low price, which would (1) be policed by  
ICANN, and (2) could compete to offer services.  No opt-out of this  
"authorized" bulk access would be allowed.  Mr. Stahura apparently  
envisions these services as a replacement for (some features of)  
registrars' port 43 and web interfaces.

Thomas Roessler                        <roessler@does-not-exist.org>

<<< Chronological Index >>>    <<< Thread Index >>>