[comments-whois] Comments in support of Interim Report of the Names Council

["Rebecca J. Richards" <rrichards@truste.org>]

Thank you for the opportunity to comment on the Interim Report.  TRUSTe,
an independent non-profit organization, dedicated to enabling
organizations and individuals to establish trusting relationships based
on respect for personal identity and information is pleased to submit
comments in response to the "Interim Report of the Names Council's Whois
Task Force."  

Reliable and substantially unrestricted access to current and accurate
Whois data is essential for trademark owners, as well as for consumers,
law enforcement authorities, and others who have a stake in transparency
and accountability on the Internet.  The legitimate uses of Whois data
by trademark owners range from carrying out legal audits of trademark
holders to enforcement against bad faith registrants, online pirates and
counterfeiters, and others engaged in unfair commercial practices.  

In June 2001, TRUSTe' Chairman of the Board, Lori Fena testified before
the United States House of Representatives' subcommittee on Courts, the
Internet and Intellectual Property, Judiciary Committee. In this
testimony, we stated the need for the WHOIS database to be not only open
to public use, but also to be accurate and transparent. On a regular
basis TRUSTe depends upon the information provided in the WHOIS database
to find and contact Web sites that are illegally or improperly posting
the TRUSTe seals. When information about a Web site owner is accurate
and accessible, TRUSTe can contact offenders and arrive at a speedy
resolution. However, there are a few sites that illegally display our
seal and, not surprisingly, do not post accurate contact information on
their Web site. It is these fly-by-night operations that create the need
to balance the privacy rights of the Web site owner with the safety of
the public at-large.

For this reason TRUSTe supports many of the recommendations put forth by
the task force.  In particular, we support the recommendation that ICANN
enforce the existing contractual obligations (in the Registrar
Accreditation Agreement and in the ICANN agreements with the new gTLD
registries) regarding accuracy of Whois data.  The Interim Report
includes several recommendations that would improve compliance with
these existing obligations.  These include:  

1)      Requiring the use of standard tools to screen out obviously
false contact data (Recommendation 1.0A(4)(a)); 

2)      Cancellation of registrations whose contact data reflect
"willful provision of inaccurate or unreliable information"
(Recommendation 1.0A(4)(b));

3)      Demanding verification of "corrected" data supplied by a
registrant that has already deliberately provided incorrect data
(Recommendation 1.0A(4)(c));

4)      Handling registrations based on the same false contact data
together (Recommendation 1.0A(4)(d)).  

5)	Reviewing the bulk access provisions of the RAA and providing
for at a minimum an opt-out for such uses. (Recommendation 4.0)

TRUSTe supports the recommendation that ICANN consider revising the RAA
to require spot-checking of a sample of registrant contact data (using
semi-automated methods) and re-validation of contact data at the time of
renewal of registration.  (Recommendation 1.0C).   These steps were
strongly supported by many respondents to the survey undertaken by the
Whois Task Force and could substantially improve the quality of Whois
data.  The costs of a reasonable and proactive program in this area
should be calmly assessed and weighed against the benefits that would
accrue to all Internet users from a more reliable Whois database.   

TRUSTe strongly supports the review of the bulk access provisions of the
RAA. In order for this database to be efficient and effective for both
consumers and businesses, the public information needs to be accurate
and accessible. By following the fair information practices of notice,
choice, access and security, the WHOIS database can balance the safety
of the public at-large with the privacy of Web site owners. 

As it stands today an accredited domain name registrar is not required
to allow domain name registrants to opt-out of having their personal
information provided to third parties for marketing purposes. This type
of an opt-out should be provided to all registrants.   

The information in the WHOIS database needs to remain public for the
benefits it provides to consumers, individuals and businesses of the Web
community.  However, individuals and companies registering their domain
need to clearly know how this information will be used and how to
control it. Providing the database information to mass marketers without
providing those in the database even the courtesy of allowing them to
opt-out does not create a trusting, transparent and accountable system.
This is even more true when there is little practical alternative for
those registering. Indeed, some individuals or companies may choose
deliberately to falsify their information, since it may be the only
effective way to avoid receiving unwanted marketing material. 

Clearly, the WHOIS database has been an important tool for consumer
safety and, in our experience, has been an irreplaceable means of
ensuring the validity of the privacy promises that companies make. This
will become even more important moving forward. 

Thank you for the opportunity to provide comments.  We look forward to
continued participation in the work of this Task Force through our
designated representatives.  


Rebecca J. Richards
Director, Policy and Compliance
TRUSTe
1776 K Street NW, Suite 360
Washington, DC 20006
P: 202-483-1900
F: 202-719-7207