[registrars] Revised Whois Task Force Comments

["Michael D. Palage" <michael@palage.com>]

Hello All:

Attached below are revised comments to my original submission to the Whois
Task Force regarding their interim report. Based upon some constructive
input from Directi, Register.com and some other registrars I have attempted
to make the document a more constructive proposal. I will be submitting a
formal motion to the constituency to begin voting on this and other issues
shortly.

Best regards,

Mike



Comments on the Names Council’s Whois Task Force Interim Report

I.	Executive Summary

The Names Council Whois Task Force should be commended for the unenviable
task of attempting to tackle the global and complex issues surrounding the
access and accuracy of Whois data. However, the appearance that there is
real consensus on these complex issues is misleading. For the reasons set
forth below, many of the Whois Task Force’s interim recommendations:

·	are inconsistent with the existing obligations in gTLD registries’ and
registrars’ contracts with ICANN;
·	would over-reach and therefore violate ICANN’s mission and core values as
set forth in both the current and proposed by-laws;
·	conflict with existing technical and market realities;
·	would threaten the stability of the Internet and cause undue harm and
damages to businesses and users;
·	are an admitted interpretion – often liberal – of the received responses,
thereby not providing systematic or trustworthy conclusions; and
·	are not based on documented and reliable consensus.

II.	Positive Elements of the Whois Task Force Report

Before detailing concerns with the report, we acknowledge and affirm some of
the principles contained therein, asthey are an important part of any future
comprehensive Whois solution:

·	Enforcing existing contractual provisions is an essential step toward
improving WHOIS data accuracy;
·	Uniformity of formats and elements is helpful, but relies upon standards
developments and agreement with all relevant parties; and
·	Whois discussion must take into account national law and local stakeholder
perspectives, particularly when an ICANN contracting party is subject to the
jurisdiction of these laws.  For this last reason, we applaud the Task Force
’s decision to consult farther with the GAC on issues such as privacy.

III.	Flaws in the Whois Task Force Report

·	The Task Force chose to “interpret their mandate broadly”; “there [were]
several questions which [the Task Force did not] fully examine”; and the
survey the Task Force conducted was not “statistically valid” – these
admissions by the Task Force indicate its liberal interpretation of data,
which underminesthe notion that a clear consensus was reached.

·	The Whois Task Force’s proposed regulatory solutions imposing substantial
fines ($250/$500/$1,000 per incident) and mandating business practices
(filters) contradicts ICANN’s role as a technical coordinating body.  Even
if the idea of a graduated approach to policing compliance with ICANN
contracts were acceptable, which it might well be, the levels of fines are
not based in any evident research or logic.  The fines may well be too low
to count; or too high to allow competition, particularly by small registrars
from countries with low GNPs.

·	Furthermore, the sanctions are based on certain terms and evidentiary
requirements that are either unrealistic or not explained.

o	First, what is “willful” provision of inaccurate data?  That term must be
defined in some way before a sanctions regime can be implemented.  What is
meant by re-verification and verification of data provided when a whois
account is challenged?
o	Second, is reverification of a challenged record to be accompanied by”
documentary proof” – could be high cost
o	Third, what happens to re-verification if an anniversary date is changed
upon registrar transfer? If it is required every time, may discourage
registrar transfers.

·	Some of the Whois Task Force’s recommendations rely on changes to the
ICANN Registrar Accreditation Agreement (RAA). Per Louis Touton’s note of
October 20, 2002, ICANN lacks the contractual authority to unilaterally
renegotiate this or other agreements without concensus.  As you can see from
this constituency’s reaction, as well as the concerns raised by the
registries, such concensus is highly unlikely.

·	In Interim recommendation 1.0, the Whois Task Force instructs ICANN to
require registrars to use “automated mechanisms” (filters) to screen data.
These recommendations are not supported by any data to demonstrate the
technical nor commercial viability of these “automated mechanisms” on small,
medium and large-scale registrars  Nor is there any data to show the
effectiveness of filters for example, which filters are more effective than
others? [In fact these recommendations would appear to contradict
established case law that has held filters “place an unreasonable burden” on
registrars. See Worldsport Networks Limited v. Artinternet S.A. and Cedric
Loison]


·	The Task Force suggests rigid enforcement of certain rules, such as
deletion of names whose data is not “fixed” within 15 days.  The reality of
a global Internet where registrars in one country interact with many
different types of users (individuals, businesses, etc.) in many different
geographies and jurisdictions make it difficult for some domain name
registrants to interact with certain registrars.  Therefore, rigid
enforcement of such rules would have dire and unintended consequences on
honest domain name registrants. Although affirmative steps should be taken
to remove domain name associated with potentially false Whois data from the
zone files, canceling the domain name is a Draconian approach with
potentially grave consequences. In fact, it may be gamed by unscrupulous
speculators seeking to “steal” a name. The more prudent approach that the
Whois Task Force should have considered is removing the domain from the zone
file (same goal as a delete) but with a safety net to protect consumers and
businesses.

The Whois Task Force recommends that any domain name cancelled on the basis
of false contact data be subject to the Redemption Grace Period (RGP).
Although the Task Force recommends that this rigid cancellation process be
implemented in the “near term,” it clearly cannot be untilthe TLD registries
institute an operational RGP.

·	The Whois Task Force makes several recommendation of the standardization
of Whois data formats and outputs. Although this is an effort that merits
further discussion, the Whois Task Force’s recommendation appears to
potentially violate NeuLevel’s registry contract that explicitly allows for
the registry to introduce the ability for registrars to use XRP to add
customized fields to a record in the registry, see Appendix O
http://www.icann.org/tlds/agreements/biz/registry-agmt-appo-11may01.htm.  In
fact, no one would want the goal of uniform data to stymie innovation and
competition.  While it makes sense to require certain minimum data elements,
a business’ ability to provide more or better Whois responses to satisfy
market demand (often from the the very users that make up the task force)
should not be stymied.

·	Similarly, standardization would hardly exist without the participation of
all relevant parties.  The Task Force should consult with ccTLDs to
determine how to bring them into uniformity or consistency with ICANN
standards.

·	Although the Whois Task Force acknowledges that certain standard efforts
involving Whois data such as the new Cross Registry Information Service
Protocol (CRISP) may improve or replace existing port 43 access to Whois,
the Task Force would get ahead of the technical development and impose
policy recommendations upon standards development in contradiction of ICANN’
s technical coordinating mandate to have policy supercede the standards
development. The Task Force should also note competitive concerns in looking
at universal systems – issues of data ownership and operation of such
services by companies in competition with registrars.

·	The Task Force missed a crucial opportunity to study the problem of Whois
Data mining, despite the concerns of the Registrar Constituency.  In fact,
addressing this problem would help registrars find the resources and create
more opportunities to address the other Whois issues of concern to the Task
Force. Privacy concerns may be addressed through limits on public
accessibility of Whois and proxy information.  The trade off should be to
allow IP and law enforcement to search full/accurate information. The mining
issue is particularly problematic in that there have been two litigations
filed involving registrars on this very matter.

Register.com v. Verio. This litigation addresses the very important
precedent of the no-third party beneficiary clause contained in the ICANN
Registrar Registry Agreement.  See
http://www.icann.org/registrars/register.com-verio/order-08dec00.htm

GoDaddy v. VeriSign. Although the parties in this litigation recently
reached a settlement agreement, in GoDaddy’s Fifth Claim for Relief it
alleged that VeriSign improperly and illegally obtained a copy of GoDaddy’s
Customer Contact Data.

·	The Task Force commendably addresses the abuses of bulk whois and users’
views of their data being used for marketing purposes, although there are
questions as to the statistical accuracy presented in the report.  The
report does not address the abuses of Port 43 and public Whois services,
which are often used clandestinely to steal customer information.

·	John Berryhill, Esq. has also raised a number of valid concerns regarding
shortcomings of the Whois Task Force recommendations. Specifically, the Task
Force has failed to define what constitutes “inaccurate” data for the
purposes of this policy, although the Task Force has assigned sanctions
associated with “inaccurate” data. As Mr. Berryhill has recently inquired,
does the use of role accounts in Whois data, which is neither a person nor a
legal entity, constituent inaccurate information?

·	The Whois Task Force recommendations requiring “thick” registries to
screen and filter data and to contact registrants lack any documented
evidence to support the technical nor commercial viability or preferability
of this solution.  In fact, this proposed solution potentially interferes
with the relationships between registrars and their customers – a step that
ICANN had scrupulously avoided in negotiating registry agreements. This
would clearly require contract modifications.  Moreover, imposing this
policy requirement on the thick registries may allow them to raise fees to
cover their expenses, raising costs to registrars and users.

·	Furthermore, any role for registries to identify and delete domain names
associated with inaccurate information, as suggested by the Task Force,
raises a newcontractual obligation on the registries not found in their
current agreements.  It is simply not clear how the Task Force would propose
the registries should do that or whethere and when registrars’ fees
associated with such names would be reimbursed

·	The Task Force has also failed to account for potential abuses of its
recommendations. For example, the Whois Task Force recommends that all
domain names associated with false and inaccurate Whois data be deleted.
Under these Draconian rules, consider the following scenario. Company A
falsely registers a domain name in the name of Company B seeking to
tortuously interfere with Company B’s business operations. Company A then
reports this information through ICANN Internet.net web site. When the data
is found to be false, under the proposed rules, all of Company B’s domain
names registered and used in good faith would be cancelled.  This scenario
opens a large window for abuse.  It also easily creates a situation where
one stale or negligent registration results in a loss of many domain names.
The situation would easily arise in the case of a large company managing
many names, and therefore would create a particular hardship on trademark
and brand holders.

·	There were also several valid comments submitted to the Whois Task Force
regarding the legal considerations involving the right to use the domain
name, and how these right associate to the different Whois data elements.
Although there is an established body of law holding that domain names are
not property, this legal view may not be universally shared around the
world. There should be detailed discussion regarding the legal implications
under the EPP protocol regarding the distinction between the Whois data
elements of Registrant Name and Registrant Organization. Given the rigid
sanctions proposed by the Whois Task Force, it would be prudent to discuss
the legal rights and obligations of individuals associated with different
Whois contact handles.

·	Despite several comments from participants regarding privacy rights it
appears that the Whois Task Force did not provide a very detailed analysis
of the European Data Privacy Directive, or other national laws. Any
potential ICANN policy that is implemented must take into account national
law and local stakeholder perspectives, particularly when an ICANN
contracting party is subject to the jurisdiction of these laws.  We commend
the Task Force for deciding to consult with the GAC on these and other
relevant national issues.

·	Similarly, the Task Force should consult with the most directly affected
constituencies – the registrars and registries –to determine the costs of
instituting its recommendations.  The question of costs was clearly not
address by the Task Force, yet it is a key factor to reaching balanced
conclusions.  We are all concerned with accurate data, but must also
consider the ICANN goals of competition, which is impacted by cost issues.