[registrars] Fw: WHOIS & Transfers reports

[Ken Stubbs <kstubbs@digitel.net>]

FYI...

----- Original Message -----
From: "Cute, Brian" <bcute@networksolutions.com>
Sent: Wednesday, February 26, 2003 7:07 PM
Subject: WHOIS & Transfers reports


> Dear Bruce and Ken,
>
> I am writing you on behalf of Network Solutions with regard
> to the GNSO Council's recent approval of task force reports on Transfers
and
> WHOIS.  As our registrar representatives on the Council, I write to you to
> underscore Network Solutions' continuing concern regarding the likely
> negative impact of the implementation of these Reports on registrants and
> registrars alike.  Specifically, the growing awareness within the
Registrar
> community of the privacy implications raised by these Reports has given us
> pause to again carefully consider whether the implementation of either
> Report at this time is desirable.  We believe that implementation of
either
> report would be premature, at best.
>
> Network Solutions participated in the development of each
> report in an effort to improve the recommendations contained therein.  We
> believe that the reports have been improved, but have become increasingly
> convinced that implementation of them could 1) create significant privacy
> concerns for registrants; 2) subject consumers to future unauthorized
domain
> name transfers and unwanted marketing solicitations;  and 3) create
> unworkable obligations and significant potential liability for registrars.
>
> Specifically, the Transfers Report seeks to
> significantly restructure the transfer process in response to concerns
> raised almost two years ago about the efficiency and reliability of the
> transfer process.  During that period, however, broad improvements in the
> efficiency of transfers have rendered the issues addressed by the
Transfers
> Report all but moot.  At Network Solutions, for example, transfer success
> rates have dramatically improved since the Transfers Task Force initiated
> its work.  Today, almost 90 percent of attempts to transfer domain names
> from Network Solutions are successful and we expect that ratio to continue
> to rise as our processes are improved.  As a result, we believe that
> implementation of the Transfers Report would have a limited impact on the
> efficiency of transfers.
>
> In contrast, the proposed transfer procedures would
> unavoidably have the affect of increasing the rate of unauthorized
> transfers.  Rising incidences of slamming make the inherent risk of
imposing
> the proposed transfer scheme contained in the Transfers Report greater
than
> ever for registrants.  Although the Transfers Report attempts to provide
as
> many safeguards as possible for registrants, the proposed process requires
> registry transfers to be initiated before the registrant has verified the
> transfer.  We continue to believe that this system will encourage
slamming,
> as unscrupulous actors will simply migrate to the gaining registrars with
> the weakest systems of checks and balances.
>
> Finally, shifting responsibility for transfer verification
> to gaining registrars creates an unreasonable burden for registrars, as it
> is virtually impossible for registrars to efficiently and reliably verify
> the identity of registrants.  Compounding this structural flaw, the
> Transfers Report would have registrars verify transfer requests through
the
> collection of registrant personal data.  In addition to raising privacy
> concerns for registrants, collection of personal data subjects registrars
to
> potential liability for the collection, handling and storage of this
> personal data.  As just about everyone in the industry knows, registrars'
> obligations under various privacy laws have not been adequately addressed
in
> EITHER the Transfers or the WHOIS Reports process.
>
> It is also premature to implement the WHOIS Report at this
> time.  While we support the goal of maintaining accurate WHOIS data, the
> WHOIS Report seeks to impose registrant identity verification obligations
> that require registrars to obtain personal data from registrants.  As
noted
> above, it is impossible for registrars to efficiently and reliably verify
> the identity of registrants.  Requiring registrars to collect additional
> personal data -- data that will not be published along with WHOIS data --
> raises significant privacy concerns.  Since the WHOIS Task Force's
original
> mandate did not require an examination of privacy considerations, these
> concerns must be addressed before any determination concerning the WHOIS
> Report implementation can be made.
>
> Finally, although the GNSO Council seems to have proposed
> that the WHOIS task force report not be implemented until the Council has
> completed its examination of the privacy implications of WHOIS, this
> condition is not clear and any further implementation of the WHOIS report
> should specifically be delayed until the Council's privacy study is
> completed.  This is important because even the proposed modifications to
> Registrars' bulk WHOIS access agreements, in the final analysis, will
> neither eliminate prospective misuse of registrant data nor protect
> consumers from unwelcome marketing solicitations.  Incremental attempts to
> restrict third party use of bulk WHOIS data do not address the fundamental
> point (and growing consensus among registrars) that only the elimination
of
> third party bulk WHOIS access obligations will protect registrars and
> consumers alike from misuse of registrant data.
>
> In light of the all of the above, I wanted to let you know
> our continued strong view that it would be premature for the Board to
> approve and implement either Report until the privacy concerns cited above
> are fully addressed and understood.
>
>
> Sincerely,
> Brian Cute
>
>