[comments-whois] Tucows Comments on the "Final Report of the GNSO Council's Whois Task Force"

["Ross Wm. Rader" <ross@tucows.com>]

In April of 2001, Tucows re-affirmed its corporate position regarding
Registrant privacy in an open letter to the DNSO that stated that "the
business community must engage in the work necessary to ensure the
rights of the individual Registrant prior to legislative intervention by
various governmental bodies." This document set forth a challenge by
outlining the following policy goal;

"Registrant privacy is not an option, but a right. All submissions of
data are subject to treatment consistent with an individual's privacy
and the Registrant must explicitly permit any secondary or third party
use of this data"

Unfortunately, the Final Report of the Task Force is silent on the issue
of Registrant privacy, when in fact, this is the central policy that
must be dealt with in relation to Whois.

It is simply not enough to present "issue reports" with the hope that
they will serve as the basis for further policy development. As has been
noted throughout the GNSO, dealing with the secondary policy issues
before dealing with Registrant privacy will only serve to further erode
the rights of individuals and Registrants and provide additional
unnecessary concessions to the trademark, copyright and patent lobbies. 

We therefore respectfully request that this report not be approved by
the GNSO Council until such time that the central policy issue that most
concerns the community is dealt with in an effective and appropriate
manner.

In addition to the fundamental problem that we have noted, we would also
like to take this opportunity to provide the Task Force with further
commentary regarding the work that they have undertaken concerning the
various secondary issues. These additional comments follow below.

On behalf of Tucows Inc.,


Ross Wm. Rader
Director, Innovation & Research
Tucows Inc.



Additional Comments:


Positive aspects of the report:

I.1.B - The Whois Task Force recommends further solidifying the current
limitations on the redistribution of bulk Whois data by third parties.
We appreciate this tentative step, but would note that this is an area
where we believe that there is community support for restrictions
stronger than those put forward by the task force. Specifically, we
propose that 3.3.6.5 be amended to simply state "Registrar's access
agreement must require the third party to agree not to sell or
redistribute the data without the explicit permission of the
Registrant."

II.B.1 This is a desirable amendment and we wholeheartedly endorse this
seemingly small modification to the prior reports. Specifically, this
amendment now provides Registrars with a needed tool to separate
appropriate complaints from inappropriate complaints.

Negative aspects of the report:

In various passages, the report recommends imposing obligations upon
"resellers". The document neither defines who belongs to this group nor
does it consider whether or not it is within ICANN's capability to
impose these obligations. While we certainly have our opinion on these
two questions, we do not believe that it would be appropriate for ICANN
to consider these impositions until such time that these two questions
were appropriately answered by the community. In the meantime, all such
references should be stricken from the report.

We also find the recommendations included in section II.D.2 to be
inconsistent with the revised tenor of this report. Throughout the
report, the Task Force has reinforced and stepped up the Registrar's
obligation to act upon complaints of inaccuracy in order to maintain the
integrity of the Whois dataset. Elsewhere, the Task Force further
solidifies the Registrant's obligation to maintain accurate information
within the Whois database. Given that there are any number of situations
where it would be appropriate for a Registrar ".to deliberately accept
unverified data from a Registrant that has already deliberately provided
incorrect data", the Task Force should not be requesting that ICANN
restate its prior policy advisories on the subject. The seemingly minor
change that the Task Force recommends has the net effect of setting a
precedent that simply, but drastically, states that Registrars are
wholly responsible for the accuracy of the database. Today, this
responsibility lies with Registrants and until such time that the
community has had an informed and thorough discussion of the issues
surrounding this change, then we must take care not to set inadvertent
precedents. Therefore, we recommend that this statement be entirely
stricken from the recommendations of the Task Force.

Questionable aspects of the report:

II.B.2 describes a process by which all contacts associated with a
record receive an email when a complaint about the accuracy of the
domain name record is legitimately questioned by a third party. This is
inconsistent with the task force affirmation that the Registrant is
responsible for the accuracy of the record. Further, depending on how a
Registrar has implemented their service, this may cause further
confusion than it would solve. For instance, some Registrars only permit
a Registrant to modify a record. Requiring this Registrar to notify
contacts that cannot correct the problem does not appear to be
productive. We would appreciate further clarification on this point and
an indication of whether or not the language as drafted actually
reflects the intent of the Task Force. We would prefer that this clause
simply be reworded in a simplified manner that maintains the intent of
the recommendation. For example: "If a complaint appears to be
justified, then a Registrar should, at a minimum, send an email to all
relevant contact points available in the WHOIS record for that domain
name."

In one passage, the Task Force discusses the use of "REGISTRAR_HOLD".
While we believe this to be a reference to an RRP facility, we would
appreciate additional clarity on this point, especially given the
divergent Registry and Registrar models that exist within the sector.

Finally, in section II.B.3, the Task Force includes an example of an
application that might satisfy the validation requirements of the policy
recommendations. As part of this recommendation, the Task Force then
makes a specific recommendation as to how this application could be
implemented. While the illustration is appreciated, we are not sure
whether or not the example forms part of the obligations that will
ultimately be derived from this document. If the example is not a
specific policy recommendation, we would propose that the entire phrase
(everything after e.g.) be deleted from the final document.