Policy Report of the Names Council's
WHOIS Task Force

Accuracy and Bulk Access

November 30, 2002

Click here to submit a comment on this report.

Comments must be received by 9 January

Table of Contents

  1. Executive Summary
  2. Terms of Reference
  3. Recommendations
    1. Accuracy of WHOIS Data
    2. Marketing Use of WHOIS Data; Bulk Access Provisions
  4. Impact Analysis
  5. Constituency Impact Reviews
  6. Record of Outreach
    1. The WHOIS Survey
    2. Comments received in response to the Bucharest Report
    3. Telephone Conferences
    4. Comments received in response to the Interim Report
    5. Meeting with Registrars in Shanghai
  7. Minority Reports
  8. Supporting Arguments
  9. Risk/Cost Analysis
  10. Publication and Comment Period
  11. Further Recommendations for Additional Work
  12. Appendix

Consensus Policies in this Document

The present document contains consensus policy recommendations as well as advice and comment from the Task Force. For the reader's convenience, we provide links to those recommendations which are expected to be treated as consensus policies as defined in the applicable contracts:

  1. 3.1, section III.A: Registrants should be required to review and validate all WHOIS data upon renewal of a registration.

  2. 3.2, section IV: It is recommended that any marketing use of bulk WHOIS data should be forbidden by appropriately modifying the Registrar Accreditation Agreement's bulk access provisions.

1. Executive Summary

WHOIS is an important resource to users, ISPs, governmental users, intellectual property holders and the intellectual property community, and to registrars. Yet, and not surprisingly, some questions related to WHOIS are controversial. Several questions still deserve addressing. These include privacy issues; the cost of maintaining accurate data; who should have unlimited access; what uses are “legitimate”, and many more. Many of these are described in more detail in the various recommendations for further work contained in this report.

The Task Force is recommending significant changes which can lead to improvements in two key areas: accuracy and marketing uses of WHOIS data.

Other key questions remain open for further discussion and work: For instance, we do not present a comprehensive answer to the question what uses of WHOIS data (and bulk access to these data in particular) should be considered "legitimate". We do not present an answer to the question who should be able to access WHOIS data in what form and under what conditions.

Overall, throughout the work of the Task Force, it has been apparent that WHOIS is important to its users, and that it is a resource that is used throughout all kinds of groups of users of the global Internet.

Over the past year, the WHOIS Task Force has completed analysis of a survey, undertaken extensive further outreach, and developed an Interim Report which focused on four key issues. In the Interim Report, the Task Force proposed to the community that the focus of short term policy recommendations should be:

  1. Accuracy
  2. Protection of Data Subjects

The comments received during the comment period appeared to support this focus. Items 2 and 3 of the Interim Report, Uniformity and Better Searchabilty, were presented as longer term work items. The Task Force will, within the next few weeks, finalize a second report which will porvide guidance for further work on Uniformity and Enhanced Searchability. Comments received supported the Task Force's prioritization.

The present document focuses on those issues where the Task Force has identified consensus and support for a number of recommendations in the areas of  Accuracy and Bulk Access

In this report, ensuring accurate and reliable data in the WHOIS databases is identified by the WHOIS Task Force as a critical issue. The Task Force first addresses enforcement of existing RAA responsibilities, and then moves on to address consensus recommendations. The report also notes the need for further work in several areas related to accuracy.

This report also recommends against marketing uses of bulk access to WHOIS data. It addresses the concerns raised by the Internet community about privacy as needing further work, and recommends several processes to address increased understanding of the concerns, applicable law, and possible solutions.

The Task Force has taken extensive input, presented numerous updates and made many presentations.  This report presents and summarizes the input received and attempts to address the concerns raised, in particular by registrars concerned about the cost of implementing accuracy requirements, and by individuals who believe that privacy is not yet adequately addressed.

The Task Force acknowledges that the work is not completed on WHOIS. In fact, the Task Force envisions that WHOIS will be a topic of work and dialogue throughout 2003.

This Task Force, or another appropriate body, will need to address several key issues, including the question of “access” to WHOIS; whether differential access is a useful concept; how standards fit in; and what their ‘status’ is; what privacy issues are for individuals versus corporate or organizational representatives listed in WHOIS; how to develop acceptable processes with the agreement of the ccTLDs; what national laws may be determined to be applicable.

We recommend to the Names Council that this Task Force continue to address the issues which are being identified in the Task Force's reports.

The Task Force recommendations to the Names Council present several areas where the Names Council and the ICANN board have the ability to support significant improvements in WHOIS policy in the short term. Improved accuracy and better protection against marketing will help to address key concerns of the Internet community. These first steps are important. Improving how WHOIS serves the broad Internet community has been, and is our goal.

There is more to do. We have acknowledged that and even describe some of the work still needed. But we should not wait: We recommend that, in the short term, the Names Council endorse our recommendations on accuracy and marketing uses of WHOIS data.

Submittedon behalf of the WHOIS Task Force.

2. Terms of Reference

A paraphrased version of the initial terms of reference: "To consult with the community with regard to establishing whether a review of any questions related to ICANN’s WHOIS policy is due and if so to recommend a mechanism for such a review."

The Task Force was tasked by the ICANN Domain Name Supporting Organization (DNSO) Names Council to give advice on WHOIS Policy. The Task Force followed the work of a WHOIS Committee convened by ICANN staff to give advice on implementation of WHOIS for the .com/.net/.org domains as required under the Registrar agreement. This Committee addressed implementing questions related to WHOIS in these domains and concluded its work in April, 2001.  The implementation of the committee’s work included the establishment of a WHOIS Task Force on domain name system policy.  The Task Force was approved in the Names Council meeting of February 8, 2001.

In general, the purpose of the Task Force’s work is to consult with the community with regard to establishing whether a review of any questions related to ICANN’s WHOIS policy is due and is to recommend a mechanism for such a review. As the Task Force has worked, they have chosen to interpret their mandate broadly, and have shared that perspective with the Names Council on several occasions, as well as publishing this interpretation in the various public presentations that they have made.

3. Recommendations

The Task Force presents recommendations on two of the four key areas presented in the Interim Report. These recommendations include consensus policies, advice and commentary on the enforcement of existing policies, and priorities for further work within these areas.

  1. Accuracy of WHOIS Data
  2. Marketing Use of WHOIS Data; Bulk Access Provision

3.1 Accuracy of WHOIS Data

I. Enforcement of existing contractual obligations (in the Registrar Accreditation Agreement) regarding accuracy of WHOIS data

A. ICANN should work with all relevant parties to create a uniform, predictable, and verifiable mechanism for the enforcement of the WHOIS-related provisions of the present agreements.

  1. Adequate ICANN resources should be devoted to enforcement of the Whois-related provisions of these agreements.

  2. ICANN should ask registrars to identify, by a date certain, a reliable contact point to receive and act upon reports of false WHOIS data. ICANN should encourage registrars to (i) provide training for these contact points in the handling of such reports, and (ii) require re-sellers of registration services to identify and train similar contacts.

  3. ICANN should post registrar contact points on its web site (perhaps on the list of accredited registrars). It should also encourage registrars to take reasonable steps to make their own contact points publicly available, such as by posting this information on the registrar’s home page, including it on the page displayed in response to a query to the registrar’s Whois, and/or in other ways.

  4. ICANN should continue to maintain an optional and standardized complaint form on this issue in the internic.net site. Registrars, registries and re-sellers should be encouraged to provide a link to this site. In order to better ensure follow up, the complaint form should supply a "ticket number" for the complaint and should be designed so ICANN receives a copy of the registrars' response to the complaint (i.e., the form should incorporate a simple, automated mechanism for the registrar to report back to ICANN on the outcome of complaints).

B. ICANN should modify and supplement its May 10, 2002 registrar advisory as follows:

  1. ICANN should remind registrars that "willful provision of inaccurate or unreliable information" is a material breach of the registration agreement, without regard to any failure to respond to a registrar inquiry. A functional definition -- based on the actual usability of contact details -- should be used for “inaccurate or unreliable”.

  2. ICANN should clearly state to registrars that "accepting unverified 'corrected' data from a registrant that has already deliberately provided incorrect data is not [not "may not be," as the advisory now states] appropriate." Accordingly, where registrars send inquiries to registrants in this situation, they should require not only that registrants respond to inquiries within 15 days but that the response be accompanied by documentary proof of the accuracy of the "corrected" data submitted, and that a response lacking such documentation may be treated as a failure to respond. The specifics of acceptable documentation in this situation should be the subject of further discussions.

  3. There is not a consensus on the Task Force (taking into account comments received) that 15 days without a response is a sufficient time period to establish a material breach in all cases. ICANN should work with registrars, over the next 6 months, to monitor and collect more extensive data on the specific impact of the 15 days period in RAA, and its actual implementation by registrars, on good faith registrations, in particular from developing countries, that are subject to accuracy inquiries.

Dissenting opinion of Abel Wisman and Thomas Roessler (GA): In view of the postal delivery times outside the USA, the lengthened holidays in some countries across the world and the general difficulty in contacting people in certain parts of the world, it would be prudent for ICANN and the registrars to address leniency towards the 15 day period for cases which are not overtly fraudulent, while the task force continues its work on its recommendations regarding the accuracy of the whois data.

C. Additionally, the Task Force recommends.

  1. ICANN should encourage registrars to take steps to remind registrants of their obligations to submit and maintain complete and accurate contact data at appropriate points, including but not limited to the time of renewal of a registration.

  2. Registrars should also be responsible for ensuring that their agents provide such reminders.

  3. ICANN should also take steps to include information about this obligation on its websites at appropriate locations, and consider other ways to educate registrants on this issue.

  4. Registrars should be encouraged to develop, in consultation with other interested parties, “best practices” concerning the “reasonable efforts” which should be undertaken to investigate reported inaccuracies in contact data (RAA Section 3.7.8).

II. Further work.

The following interim recommendations for improved enforcement of Whois obligations require further discussion by this Task Force or another appropriate body. Item (A) would, and item (B) might, require the development of a new policy or specification under RAA 3.7.8.

A. Instructing registrars to use commonly available automated mechanisms to screen out obviously incorrect contact data.

B. Treating a complaint about false WHOIS data for one registration as a complaint about false WHOIS data for all registrations that contain identical contact data.

III. RAA changes

The following proposed changes to the registrar accreditation agreement to enhance Whois data accuracy are recommended as consensus policies:

A. Registrants should be required to review and validate all WHOIS data upon renewal of a registration. The specifics of required validation remain to be determined by this Task Force or another appropriate body.

B. When registrations are deleted on the basis of submission of false contact data or non-response to registrar inquiries, the redemption grace period -- once implemented -- should be applied. However, the redeemed domain name should not be included in the zone file until accurate and verified contact information is available. The details of this procedure are under investigation in the Names Council's deletes task force.

IV. The following proposed changes to the agreements need further discussion

A. Responses to the interim report indicate interest in placing registrations for which accurate or updated contact data has not been received in an appropriate hold status for some period of time prior to the eventual deletion of the registrations (see item III(B) above). Registrations in this hold status would be returned to operational status upon provision of accurate and verified contact information. Further research by this Task Force or an other appropriate body, in consultation with registrars and other interested parties, is needed to determine whether the benefits of adding this additional step outweigh the potential costs.

B. Adding a regime of graduated or intermediate sanctions for patterns of violations by a registrar of the WHOIS obligations of the agreements. (This would supplement the current sanction of revocation of accreditation.)

C. Requiring registrars to spot-check a sample of current registrations in order to validate the accuracy of submitted contact information, using semi-automated methods to the extent feasible.

V. Recommended priorities for further work

  1. Issues discussed in items I(B)(3), IV(A) (15-day period, hold period)

  2. Issues discussed in II(A), II(B), III(A) specifics, IV(C) (screening/spot checking mechanisms, provision for block complaints against registrations with identical Whois data, validation specifics)

  3. Issue discussed in IV(B) (intermediate sanctions)

3.2 Marketing Use of WHOIS Data; Bulk Access Provisions

Sections I and II below give a high-level overview of the Task Force's recommendations and their background.  Section III further elaborates on the reasoning behind the recommendations, and section IV contains detailed discussion and recommendations on the RAA's bulk access provisions.

I. Background

The current bulk access provisions in the Registrar Accreditation Agreement (the "RAA") contained in Section 3.3.6 allow for the sale of customer information contained in WHOIS databases to third parties under certain conditions, including but not limited to the following:

An overwhelming majority (89%) of survey respondents said that registrants should be asked to opt in for their information to be available for marketing purposes, or that there should be no use of the data for marketing at all, while a minority (11%) indicated that they did not object to use of the data for marketing generally or by virtue of an opt-out policy.

II. Summary of Recommendations

A. Based on the results of the survey and the feedback from the community on reports published and statements made by the Task Force, the Task Force makes the following recommendations:

  1. There is consensus that use of bulk access WHOIS data for marketing should not be permitted. The Task Force therefore recommends that the relevant provisions of the RAA be modified or deleted to eliminate the use of bulk access WHOIS data for marketing purposes. If this change is made, the provisions on registrant opt-out for marketing purposes could also be eliminated.

  2. To the extent that ICANN disagrees with the Task Force’s Recommendation 1, and marketing uses continue to be permitted under the RAA, certain modifications should be made to the relevant provisions to enhance protection of personally identifiable information and of abuses of such information.

  3. The Task Force notes that many provisions relating to the bulk access rules are not currently being enforced. It recommends that the changes that will be recommended at the end of the review process should be drafted with an eye toward enforceability and respect for applicable national laws, and that reasonable enforcement of the new rules be undertaken.

B. The Task Force makes additional medium- to longer-term recommendations:

  1. The Task Force’s proposed recommendations on marketing uses of bulk WHOIS data would be implemented as changes to the registrars’ bulk access agreements, as defined in of the RAA. To the extent that registrars make their part of the WHOIS database available in bulk to third parties without regard for the bulk access provisions, separate safeguards against marketing and other inappropriate uses should be considered.

  2. The Task Force should investigate the suggestion that there should be termination of licenses of licensees of bulk access WHOIS who breach a bulk access agreement and that such licensees should be ineligible from gaining access through a new agreement. The Task Force has not had adequate time to consider all of the issues surrounding such suggestion.

  3. The following five points should be evaluated in conjunction with one another:

    • In its further review, the Task Force should consider broadly whether bulk access can be justified or whether it should simply be eliminated.

    • Further review of the bulk access policy must take place in order to determine which uses of bulk access to WHOIS data, if any, should be considered "legitimate." In the context of such review, the Task Force should solicit feedback of current bulk access licensees.

    • After determining whether there exist legitimate uses of bulk access to WHOIS data, there should be a weighing of whether such uses outweigh the privacy interests of individuals in protecting their personally identifiable information.

    • The Task Force should learn about the applicability and impact of national privacy and other laws as they relate to bulk access provisions. In connection with this review, the Task Force should also examine current and existing laws that have been implemented to protect individuals against misuse of their personally identifiable information.

    • A review should be undertaken of actual experiences of registrars in providing bulk data. If it can be demonstrated that those who have accessed WHOIS through a bulk access license are those who have inappropriately used the resources, then there is a strong argument for elimination or drastic reform of bulk access.

  4. If marketing uses of bulk Whois data continue to be permitted and a required opt-out minimum standard for such marketing uses is implemented by ICANN, the effects of such policy should be monitored to determine whether a more stringent opt-in standard should be introduced.

III. Discussion/Consensus Process

Because the survey results and community feedback suggest vehement objection to the use of personal information contained in the WHOIS database for unsolicited marketing activities, it is clear that there must be a serious evaluation of the bulk access provisions in the RAA to determine how the policy can be changed, whether there are realistic limitations as to what the data can be used for, or whether it must simply be eliminated.

Without further research, we cannot say with certainty that the bulk access provisions should be eliminated, although such a possibility should not be dismissed. In making that determination, the benefits of third party bulk access should be weighed against the strength of the argument that registrant information should not be available in this form. In considering whether there is merit to the wholesale elimination of bulk access, a pertinent question is what legitimate purposes within the scope of ICANN's mission, if any, are furthered by the use of WHOIS data in bulk form by third parties? Currently, as we have stated, given that registrants strongly object to the use of their data for marketing, and since marketing is not a necessary feature of the DNS, the Task Force believes that there is no rationale for making such data available for marketing purposes.

We recognize that there may be legitimate uses being served by bulk access to WHOIS data (e.g., research, law/intellectual property enforcement, and registrant inquiry, etc.); however, the responses of the
participants merit an evaluation of these and other legitimate uses and whether or to what extent the bulk access policies should accommodate them. As stated, it is the intention of the Task Force to consult with the community to determine what those legitimate purposes are.

To ensure utility of any WHOIS database, it is crucial that information contained therein is accurate. It should be evaluated whether bulk access to registrant information impedes such accuracy, and whether, therefore, bulk access is deleterious to actual usage of WHOIS.

In addition to these concerns, it is imperative that any ICANN policy that is formulated with respect to bulk access take into account any national laws which are determined to be applicable to an ICANN contracting party (e.g., a registrar). As an example, to the extent any party who has entered into an agreement with ICANN is determined to be subject to certain national laws (e.g., privacy directives or laws), such national laws will have implications as to what information that party can and cannot provide.

It should be noted that while the Task Force recognizes that privacy issues are relevant to the discussion of WHOIS generally, and perhaps more specifically to bulk access WHOIS, respondents to the survey generally did not identify privacy as a primary concern. Nonetheless, subsequent feedback from the community made it clear that privacy issues are an integral part of the bulk access discussion, and the Task Force intends to address privacy issues in the medium- to longer-term. Inclusive in the review of these privacy issues, the Task Force will examine laws that currently exist to protect the privacy of individuals.

The Task Force has not ruled out elimination of the current bulk access provisions, which has been suggested by some of the comments received, and is being supported by a number of task force members. However, in this document we have focused on modifications of the current RAA provisions to enhance the protection of WHOIS data. Specifically, we have parsed through the various components of subsection 3.3.6, highlighting problems with the specific provision and making suggestions for an improved provision in light of enhancing protection of personally identifiable information and against marketing uses.

IV. Suggested Revisions to the RAA Bulk Access Provisions

The Task Force’s primary recommendation is to prohibit any marketing use of bulk data by effecting the revisions in subsection In addition, the Task Force recommends requiring third parties not to resell or redistribute data in accordance with our recommendation in subsection

If the ICANN Board does not agree with the Task Force’s recommendation relating to the elimination of marketing uses of bulk access data, then the Task Force recommends strengthening the protection of privacy of individuals by requiring a minimum opt-out policy in subsection, and giving registrars discretion to implement an opt-in policy.

Section 3.3.6 of the RAA is broken down into several components, on each of which detailed comments, and, where appropriate, recommendations are provided.

A. Registrar shall make a complete electronic copy of the data available at least one time per week for download by third parties who have entered into a bulk access agreement with Registrar."

This subsection indicates that the registrar must make available its WHOIS data to any "third parties who have entered into a bulk access agreement." There are no limitations as to the entities or individuals that can enter into this agreement, whether an unsolicited marketing agency, a legitimate third party WHOIS provider, or otherwise.

This subsection of the RAA should be modified to incorporate limitations on the third parties eligible to enter into a bulk access agreement, in particular those parties who are able to articulate a "legitimate" need for bulk access to WHOIS, as well as limitations on the uses of the data that are permitted. As stated, the survey results, together with community feedback, made very clear that "legitimate" uses of bulk access WHOIS do not include marketing.

As for the more general definition, the Task Force has not yet had an opportunity to make a determination as to what uses of bulk access WHOIS data, if any, should be considered "legitimate." The Task Force expects to arrive at a definition of "legitimate" by enlisting community feedback.

B. Registrar may charge an annual fee, not to exceed US$10,000, for such bulk access to the data.

The Task Force’s initial perception was that the US$10,000 might provide some registrars with a financial incentive to provide bulk access to data, while simultaneously deterring those third parties with a legitimate need from accessing the data in bulk. Feedback from the registrar community indicates that US$10,000 is not enough of a financial incentive to encourage registrars to actively market bulk access. In fact, it has been stated that many registrars are reticent to provide such access to users for fear of their competitors gaining access to information about their customers and using that information to their competitive advantage.

More important in this analysis is that to the extent a purpose is deemed "legitimate" use of bulk access WHOIS, such access should not be prohibitively expensive. In this context, there has been discussion of cost recovery versus production of revenue, and it has been argued that since registrars do not view bulk access as a revenue producer, perhaps a cost recovery structure should be implemented. However, because costs and resources vary across registrars and because the details of a registrar’s operations should not be the subject of an ICANN policy development process, the Task Force simply states here that to the extent that a searcher meets the "legitimate" purpose threshold, the fee for bulk access should not deter such a searcher from gaining such access, and therefore, the concept of a cap on such fee is a wise one.

Because of the lack of discussion as to what a reasonable fee structure should be, the Task Force therefore seeks further input from the community as to whether the current structure is adequate, and if not, what type of a fee structure should be implemented.

Dissenting opinion of Thomas Roessler and Abel Wisman (General Assembly): It is not clear why an ICANN-imposed cap on the bulk access fee should lead to fairer pricing than the approach of leaving such pricing to negotiations between data users and registrars. Also, it should be noticed that the "deterrent" argument made above has merit only as an argument against cost-based pricing, but not as an argument in favor of any kind of a cap.

C. Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than such third party's own existing customers.

This provision, by its own terms, allows registrars to sell rights to use their WHOIS databases for purposes of unsolicited, mass marketing. In addition, while third parties may not authorize others to use the data for this purpose, they can themselves use the data to for unsolicited marketing purposes. Other than limiting unsolicited marketing to the third party’s own customers, there are no limitations on the marketing use of the WHOIS data by the third party.

If ICANN Board agrees with the Task Force that bulk access WHOIS data should not be used for marketing purposes, then the provision should be changed to read as follows (changed language in italics):

"Registrar's access agreement shall require the third party to agree not to use the data to allow, enable, or otherwise support any marketing activities, regardless of the medium used. Such media include but are not limited to e-mail, telephone, facsimile, postal mail, sms, and wireless alerts."

If, however, ICANN continues to allow bulk access to WHOIS for marketing purposes, then this subsection is only acceptable if registrars are required to allow registrants, at a minimum, to opt out of these uses (see discussion at section F below). Based on the feedback from the survey and from the community in response to the Interim Report, it is clear that the community does not support the use of bulk access WHOIS for marketing purposes. As such, the Task Force recommends that this provision be revised as noted above. It has been noted that this provision may be difficult to enforce. For this reason, the Task Force recommends that the enforceability of the provision (as revised) would be the object of future monitoring and review efforts.

It should further be noted that registrars do not need bulk access to WHOIS data to market to their own customers.

D. Registrar's access agreement shall require the third party to agree not to use the data to enable high-volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar, except as reasonably necessary to register domain names or modify existing registrations.

This requirement is important to ensure that "legitimate" uses of bulk WHOIS data do not lead to automated processes which may unduly interfere with the regular operation of registrars' and registries' systems.

However, as has been pointed out, this provision is extremely difficult to enforce, and the Task Force intends to take steps to review its enforceability.

E. Registrar's access agreement may require the third party to agree not to sell or redistribute the data except insofar as it has been incorporated by the third party into a value-added product or service that does not permit the extraction of a substantial portion of the bulk data from the value-added product or service for use by other parties.

In this subsection, the term "value-added product or service" is not defined, and consensus does not exist on the Task Force as to whether this term relates solely to marketing or whether it encompasses a more narrow view that does not involve marketing. The Task Force hopes to suggest clarifications of this term in further review.

(i) If the term "value-added product or service" relates solely to marketing, the Task Force makes the following recommendation: If the ICANN board agrees with the Task Force that marketing is not a "legitimate" use of bulk access WHOIS data, this provision should be revised so that it simply reads (changed language in italics):

"Registrar's access agreement shall require the third party to agree not to sell or redistribute the data."

Under a bulk access policy where marketing is not considered a legitimate purpose, the option of incorporating value-added products or services solely in a marketing context by licensees of bulk access WHOIS should be disallowed. The general prohibition on sale or redistribution of bulk access Whois data should be maintained.

(ii) The Task Force understands, however, that the reference to "value-added product or service" may mean, for example, services that combine this data with other data with the resulting database made available to law enforcement, legal services, and others on a query basis for research purposes. In this case, the change proposed above should be struck, and only the change described in the following paragraph should be made.

As a general matter, making the prohibition on sale or redistribution of data by the third party an option ("access agreement may require") does not provide any protection of the WHOIS data. To protect the integrity of the WHOIS database, the Task Force notes that this provision would have to be changed so that a third party is "required" not to sell or redistribute the data except as part of a value-added product or service. Additionally, a provision could be added which explicitly forbids any use for purposes other than the ones stated in the bulk access agreement (i.e., marketing).

Thus, the Task Force recommends that the word "may" be changed to "shall" in the first sentence of this paragraph.

F. Registrar may enable Registered Name Holders who are individuals to elect not to have Personal Data concerning their registrations available for bulk access for marketing purposes based on Registrar's "Opt-Out" policy, and if Registrar has such a policy, Registrar shall require the third party to abide by the terms of that Opt-Out policy; provided, however, that Registrar may not use such data subject to opt-out for marketing purposes in its own value-added product or service.

This provision currently allows a registrar to make its own determination of whether to implement an opt-out policy. If it does not, a registrant’s information will be accessible via the bulk access procedure for any currently permissible use, including marketing.

If ICANN agrees with the Task Force that marketing is not a "legitimate" use of bulk access WHOIS data, this provision should be deleted in its entirety.

If, however, marketing continues to be a permitted use of bulk access WHOIS data, while the results of the survey indicate that respondents have concerns about either an opt-out or no policy at all, the Task Force recommends that this provision be changed to, at a minimum, to "require" a registrar to implement, at a minimum, an opt-out policy. Incorporating such a minimum requirement should not preclude any registrar from implementing a more stringent opt-in policy (in particular, if such a policy is required by national laws determined to be applicable to an ICANN contracting party, e.g., a registrar).

We believe that the concept of opt-out may have been overlooked by respondents who reacted viscerally to the general lack of any option as to whether their information is included in bulk access. In addition, we believe that immediately requiring the adoption of an opt-in policy may result in a significant deterioration of the information contained in the bulk access database, which would be detrimental to legitimate third parties making non-marketing uses of the data.

In either circumstance, the Task Force recognizes that requirement of a minimum opt-out policy or the alternative opt-in policy will require additional work (e.g., the writing of additional code by registrars). For example, both a minimum opt-out policy and an opt-in policy will require the registrar to take an action by clearly notifying the registrant that he or she has the option of not being included in the database for marketing purposes and acting upon a response from such registrant.

If, after adoption and evaluation of a minimum requirement for an opt-out policy, it is clear that improper marketing uses of bulk access data are continuing, and if it is still not possible to prohibit marketing uses, then a mandatory opt-in policy for any marketing uses should be implemented. It is crucial that opt-out policies implemented by registrars are simple and transparent and that the opt-out of the registrant is respected in practice. As has been noted, it is important that the options available to registrants should be clearly stated, separate from the core of the registration agreement so that it is absolutely clear to customers that they can register a domain name without making their information available for marketing purposes.

4. Impact Analysis

The Task Force believes that their recommendations can begin to contribute to both improved accuracy and to lessen the misuse of access to the WHOIS database for marketing purposes. It is difficult to quantify the “impact” on registrants, registrars, and registries. However, the recommendations were made with the expectations that quantifiable changes and improvements could be achieved.


Based on the comments received, some members of the registrar constituency expressed concerns about the cost impact on registrars to address accuracy, in particular. Very few expressions of concern were received about changes in marketing uses, or in bulk access.

It should, however, be noticed that the Task Forces alternative recommendation on bulk access -- mandating that at least an opt-out opportunity must be made available to registrants -- would have a cost impact on those registrars who currently do not implement the opt-out provision. This impact would not arise when the Task Force's primary recommendation is adopted.

The Task Force comments that it expects cost impacts to be recoverable by registrars through possible changes in fees.


There will be a significant impact on ICANN staff. Much more staff time is expected and will be required. Further, while little discussion took place about the qualifications of ICANN staff, the Task Force in general expected that a range of activities, which could range from senior staff to administrative support, would be required. This is expected to have an impact on ICANN budget and staffing.


The accuracy section of this report recommends systematic enforcement of existing policy. In the comments received by the Task Force, concerns have been raised that this enforcement may in fact have a harmful impact on good faith registrations. Concerns were, in particular, raised concerning the 15 day period defined in paragraph of the RAA: It has been argued that many registrants may, in practice, not be able to respond to an accuracy challenge within that amount of time. Some registrars apply even stricter time frames to their registrants. One member of the Task Force has reported about an incident in which a registrar, acting upon a fraudulent accuracy complaint, imposed a 7 day deadline for the verification of perfectly valid WHOIS data. Failure to respond to this challenge in time would have lead to the loss of a well-established domain name. The Task Force acknowledges these concerns, and has recommended monitoring of the impact of the 15 day period and its implementation.

The Task Force hopes that its recommendations on Bulk Access to WHOIS data may contribute to reduce inappropriate uses of these data.

Third Parties

The Task Force's recommendation on bulk access would make third party access to WHOIS data under the RAA's bulk access provisions unavailable for marketing uses of these data.

5. Constituency Impact Reviews

Constituencies who submitted comments as a constituency on the Interim report include the IPC and the gTLD Registry Constituency.

This document is open for comments for 8 days. Constituency impact reviews, received during this 8 day period, will be forwarded to the Names Council, as part of the final submission.

6. Record of Outreach

  1. The WHOIS Survey
  2. Comments received in response to the Bucharest Report
  3. Telephone Conferences
  4. Comments received in response to the Interim Report
  5. Meeting with Registrars in Shanghai

6.1 The WHOIS Survey

The Task Force prepared and published a web-based survey on ICANN's web site on June 10, 2001. The survey closed in August 2001. 3035 responses were received. Since respondents were self-selected, the survey was not statistically valid.

A preliminary evaluation of the survey results was presented at ICANN's Ghana meetings in March, 2002. The final evaluation of the results was presented at the Bucharest meetings in June 2002.

Based on the survey responses, the Task Force identified four areas for further work:

The Bucharest report also contained draft recommendations in each of these areas.

6.2 Comments received in response to the Bucharest Report

The Task Force's final evaluation of the survey results was presented at ICANN's meetings in Bucharest. Comments were received between June 18 and August 28, 2002.

I. Overview -- All Comments on the Bucharest Report

2002 Jun 18

[comments-whois] comments-whois mailing list is open DNSO Listadmin

2002 Jul 18

[comments-whois] Whois query Nainil Chheda - \[domains.eliteral.com\]
[comments-whois] Re: [registrars] Public comment period on WHOIS TF final report untill 14 August Tim Ruiz

2002 Jul 27

[comments-whois] Asleep at the wheel DannyYounger

2002 Aug 07

[comments-whois] Whois Final report Don Brown

2002 Aug 08

[comments-whois] WHOIS Information Opt-out for Individuals Gian A. Ameri

2002 Aug 12

[comments-whois] Whois used for marketing Glen Taylor

2002 Aug 13

[comments-whois] UNICE comments on DNSO WHOIS report Bonnaffous Marie-Laure - UNICE
[comments-whois] Whois is an important resource but is broken in its current state. todd glassey
[comments-whois] Updating your own whois information ... Registrant perspective Elisabeth Porteneuve

2002 Aug 14

[comments-whois] [Olivier.Guillard@nic.fr: Re: whois survey DNSO and IETF] Olivier Guillard
[comments-whois] Nominet UK's response to the Draft Final Report of the Names Council's WHOIS Task Force Lisa Benjamin

2002 Aug 16

[comments-whois] Publication of personal data in whois database m.laudahn

2002 Aug 20

[comments-whois] extraneous data in whois Johnwong001
[comments-whois] WHOIS Task Force Draft Final Report Purslow, Neil A.

2002 Aug 27

[comments-whois] Privacy rights DannyYounger
[comments-whois] Whois Comments Keng

2002 Aug 28

[comments-whois] My comments on the WHOIS Task Force Report Vittorio Bertola

II. Summary of Comments

The present summary is copied verbatim from the Task Force's Interim Report.

Jul. 18, 2002: Comments of Nainil Chheda

Wants a Whois query that shows only admin email, date of registration and expiry of domain. Does not want any other details to be displayed.

Jul. 18, 2002: Comments of Tim Ruiz of Go Daddy Software, Inc.

Wants a specific definition of what “accuracy” of Whois data means, a specific definition of what reasonable effort on Registrar’s part is required to ensure that accuracy, and what steps Registrar may take, without repercussions, when inaccuracies are found. Wants uniformity of data formats and elements across various TLDs and registrars, including ccTLDs. Wants this to be pursued as part of recommendation for gTLDs, believes ccTLDs can wait for a separate deliberation. Use of the Whois data for marketing purposes of any kind, should be prohibited, unless they have a verifiable EXISTING business relationship (perhaps within the last 12 months). By allowing a PRIOR business relationship, you give the largest Registrar, a prior monopoly, an unfair advantage. The registrant should not have to "opt-in" or "opt-out". The Whois data should never be viewed, used, or treated as a marketing list.

July 27, 2002: Comments of Danny Younger

Irritated with Task Force’s recommendation that there be a review of the current bulk access provisions of the Registrar Accreditation Agreement because the ICANN board already referred the matter to the Names Council (Jan. 22) and the Council voted to delegate to the Whois TF (Feb. 14). Wants the decision to be made, irritated that it’s taking as long as it is.

August 7, 2002: Comments of Don Brown, Internet Concepts, Inc.

Disagrees with TF’s findings with respect to accuracy of Whois database. First, cancellation of registration due to outdated information is too harsh. Where a registrant has moved, for example, there is no reasonable way for a registrar to update this information. Domain name shouldn’t be cancelled when registrar can’t contact registrant or registrant doesn’t reply. Sees this situation as similar to the proposed redemption grace period situation, where the community seems to see the importance of saving registrant’s domain names even when expiration/deletion is caused by the registrant’s own negligence. Secondly, wants to see definitions of what constitutes compliance and non-compliance with registrar’s requirements for accuracy. What is the reasonable and commercially practical protocol for verifying new registrations and re-verifying old registrations? Should the registrar telephone each new registrant? What if there is no answer? What if there is a typo in the telephone number field? What if the registrant has moved?

August 8, 2002: Comments of Gian A. Ameri

.Name domain names should be excluded from having to provide Whois data because the .name extensions are being used by individuals, not companies. ICANN’s current policy applies to companies and organizations, not individuals. "[I]ndividuals" registering a .name domain, unlike any other legal entity, should continue to be allowed, in compliance with the E.U. and U.K. Data Protection Act, to opt-out from the publishing of their personal data in WHOIS searches or for that matter in any other way, shape, or form.

August 12, 2002: Comments of Glen Taylor

Would like to see limits placed on registrar’s use of Whois for marketing purpose, citing as an example, Register.com’s practice of inserting “make on offer on this domain” into every Whois query.

August 13, 2002: Comments of Marie-Laure Bonnaffous, UNICE

UNICE is an independent organization representing European businesses vis-à-vis the institutions of the EU. Believes that the same requirements to provide accurate Whois data should be applied not only to accredited registrars but all ccTLD registrars as well. Sanctions, such as the possibility to suspend or cancel an inaccurate domain name should also be in place. Believes that data format for Whois information now applicable to gTLDs should be applied to ccTLDs. Phone and fax numbers of the registrant should only be available on an opt-in basis, as they are not considered to be essential for the purposes of businesses and IP interests. Believes a centralized database providing Whois for gTLDs and ccTLDs would be beneficial, but that it should not be ICANN’s responsibility to provide. Believes users should be able to search by all data fields. Suggests that while basic information should be available for free, a more detailed search could be paid for by users. UNICE doesn’t support the use of personal data in Whois databases for marketing purposes. An opt-in accepting use rather than an opt-out clause and restrictions on access to bulk data would assist in reducing opportunities for misuse of the data.

August 13, 2002: Comments of Todd Glassey

Highly critical of ICANN and Whois policy in general. Suggests major overhaul of Whois database, including “pruning” existing entries by determining whether or not they are valid. Suggests ICANN make a determination about what to do with dead entries in Whois.

August 13, 2002: Comments of Elisabeth Porteneuve

Comments of a registrant. Argues that updating her own information is too difficult to do. Wishes it were as easy as it use to be under the NIC-Handle format, where she could update the NIC-Handle once and all associated domain names were updated. Wants an easy and efficient way to update all registrant data.

August 14, 2002: Comments of Olivier Guillard, AFNIC

Concerned that “registrant” is being confused with the person who has rights to the domain name. Suggests that a new field be added to Whois information, “holder” indicating the entity that holds the rights to the domain name. Advocates searching by registrant name, allowing for limits on the number of results that may be pulled.

August 14, 2002: Comments of Lisa Benjamin, Nominet UK

Nominet requires a warranty by the registrant that the data provided is accurate and an indemnity should Nominet receive a claim based on inaccurate data. Nominet reserves the right to cancel or suspend a domain name if there is independent verification that the information is “grossly inaccurate, unreliable, or false.” Feels that it is the registrant’s responsibility to provide accurate data, and that expanded Whois should help the registrants identify whether the data is accurate or not. Suggests it would be very costly, a cost eventually passed on to the registrant, to require the registrar to verify the accuracy of registrant data. Believes that uniformity of formats between gTLDs and ccTLDs may be difficult due to national data protection laws. This concern is also extended to the issue of better searchability for Whois databases that might include ccTLDs. Nominet doesn’t support the use of the register for marketing purposes, and supports proposals to provide stronger privacy protection for registrants in this regard.

August 16, 2002: Comments of Michael Laudahn

Maintains a site that deals critically with adverse conditions in the world, worldimprover.net. Advocates keeping personal registrant data “secret” in order to make it more difficult for people in high places to pursue their evil course.

August 20, 2002: Comments of John Wong

Identified embedded auto-redirect html script tags in the Whois data, both web and Port 43. They are used to redirect browsers or html-aware telnet clients to some penny-per-click sites. Suggests that sections A-Accuracy of Data in Whois Database, or B-Uniformity of Data formats and Elements, be expanded to discourage the use of executable script tags, or the placement of promotional data into inappropriate fields in the Whois contact database. Also suggests as an alternative, creating new fields in the Whois contact database where this kind of promotional information can be entered. Suggests discouraging the use of html tags in Port 43 Whois data.

August 20, 2002: Comments of Reed Smith and Warner Cranston

Suggests that the proposed enforcement provisions related to data accuracy be themselves enforceable in the key jurisdictions and apply evenly to registered domain holders in different jurisdictions across the Community. Suggests that the Task Force consider the drafting of the model provisions in more detail and conduct a legal review of the enforceability of these measures in key jurisdictions.

August 27, 2002: Comments of Danny Younger

argues that if he can have an unlisted phone number, why not a domain name without Whois contact data? Suggests that there be a domain name registration equivalent to an unlisted telephone number and that registrars should be allowed to charge for that service.

August 27, 2002: Comments of Keng

Advocates free and easy Whois accessibility. Advocates Whois data uniformity across registrars. Does not think marketing of Whois information is inappropriate. Believes that the domain name owner should have the right to review the marketing materials before committing. It should be the domain owner’s choice.

August 28, 2002: Comments of Vittorio Bertola

This comment was not properly summarized in the Interim Report due to a clerical error. It was then re-submitted in response to that report. See below.

6.3 Telephone Conferences

In September 2002, the Task Force held a number of conference calls with different interest groups, in order to discuss possible recommendations.


September 3, 2002

During its conference call on September 3, 2002, the Task Force was joined by Ross Rader (Tucows) and Rick Wesson (Alice's registry; CTO of the regisrars' constituency).

No official minutes of this call are available. According to private (and incomplete) notes of a member of the task force, the discussion covered several of the areas of the Task Force's work. Topics discussed included options for improving WHOIS data quality, factors currently contributing to bad accuracy, and actual experiences with the current bulk access provisions.

September 24, 2002

Members of the Task Force joined a conference call organized by the registrars' constituency. The constituency has made available minutes of the call. Discussions covered all four areas of the Task Force's work.

ccTLD registry operators

September 9, 2002

On September 9, the Task Force was joined by Berny Turcott (.ca). Mr. Turcott in particular presented the Canadian registry's approach to improving WHOIS data accuracy. The telephone conference was recorded; minutes are available.

September 23, 2002

On September 23, the Task Force was joined by Sabine Dolderer (.de) and Patricio Poblete (.cl). The call was both recorded and transcribed. The Task Force was informed about the WHOIS services being made available by ccTLD operators who need to take into account national regulatory environments.

Center for Democracy and Technology

September 30, 2002

The Task Force was joined by Alan Davidson from the Center for Democracy and Technlogy (CDT), who gave a presentation on privacy issues with regards to WHOIS. A transcript of the call is available.

6.4 Comments received in response to the Interim Report

The Task Force's Interim Report was published on October 15, 2002. It was open for written comments were received between October 15 and November 8. In the present report, only those comments relevant to either the WHOIS accuracy or the bulk access topics are summarized.

I. Overview -- All Comments on the Interim Report

2002 Oct 11

[comments-whois] List for Comments on Whois TF Interim Report DNSO Secretariat
[comments-whois] comments DNSO Secretariat

2002 Oct 15

[comments-whois] Re: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT John Berryhill Ph.D. J.D.
[comments-whois] What Do They Mean By "Inaccurate Data" John Berryhill Ph.D. J.D.

2002 Oct 16

[comments-whois] Re: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT Vittorio Bertola
[comments-whois] "Role" Accounts - and a test of the whois reporting form John Berryhill Ph.D. J.D.
[comments-whois] Need clearnce Gena Saltikov

2002 Oct 17

[comments-whois] Re: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT Jeff Williams

2002 Oct 19

[comments-whois] Forwarding of comments to list Jefferson Nunn

2002 Oct 20

[comments-whois] RE: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT Cade,Marilyn S - LGA
[comments-whois] Re: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT Jeff Williams
[comments-whois] RE: [ga] WHOIS INTERIM REPORT OPEN for PUBLIC COMMENT Cade,Marilyn S - LGA

2002 Oct 23

[comments-whois] Michael Palage Comments to the Whois Task Force Michael D. Palage
[comments-whois] Re: [ga] Text Posting of Michael Palage's Comments on Whois Task Force Jeff Williams
[comments-whois] [fwd] [ga] FWD: Some comments on WHOIS (third world perspective) (from: michael@palage.com) Thomas Roessler
[comments-whois] [nc-whois] comments from Karl Auerbach posted to GA Kristy McKee

2002 Oct 25

[comments-whois] International Trademark Association Comments on Whois Report Michael Heltzer

2002 Oct 28

[comments-whois] Consumers need Protection from VeriSign Mindy Owes

2002 Oct 31

[comments-whois] Whois Data fields and contact information necessary. Jeff Williams

2002 Nov 05

[comments-whois] Textile.net Sandy
[comments-whois] Michael Palage's Proposed Recommendations Michael D. Palage
[comments-whois] Take II - Michael Palage's Proposed Recommendations Michael D. Palage

2002 Nov 06

[comments-whois] Re: ensuring that your voice and input is heard on open comment sites Jeff Williams
[comments-whois] RE: ensuring that your voice and input is heard on open comment sites Cade,Marilyn S - LGA
[comments-whois] Re: ensuring that your voice and input is heard on open comment sites Antonio Harris
[comments-whois] Whois task force recommendations Bhavin Turakhia
[comments-whois] Re: Whois Task Force Interim Report Bhavin Turakhia

2002 Nov 07

[comments-whois] Go Daddy's Comments on the Whois TF Interim Report Tim Ruiz
[comments-whois] NYIPLA Internet Law Committee Comments Regarding Interim Reportof the Names Council's WHOIS Task Force Jonathan Moskin
[comments-whois] Intellectual Property Constituency Comments on the Whois TFRepor t Djolakian, Laurence
[comments-whois] Followup to Shanghai Comments Ross Wm. Rader

2002 Nov 08

[comments-whois] Comments of Turner Broadcasting System, Inc. to Interim Report of the Names Council's Whois Task Force McMurtry, Rick
[comments-whois] gTLD Constituency Comments to the Whois Interim Report Karen Elizaga
[comments-whois] Comments in support of Interim Report of the Names Council Rebecca J. Richards
[comments-whois] Time Inc. Comments Scherer, Bob
[comments-whois] Comments of Warner Music Group Inc. Interim Report of the NamesC ouncil's Whois Task Force Hennessy, Erin
[comments-whois] MPAA Comments on the Whois Task Force Interim Report Dow, Troy
[comments-whois] Comments of Time4 Media, Inc. - Interim Report of the NamesCounc il's Whois Task Force Lee, Paul
[comments-whois] Specific Response to Task Force Inquiries Ross Wm. Rader
[comments-whois] Comments on the Interim Report of the Names Council's WHOIS Task Force Mark Bohannon

2002 Nov 09

[comments-whois] Response to Task Force Interm Report Rick Wesson
[comments-whois] Whois TF Interim Report: Comment Marc Schneiders
[comments-whois] Comments on Interim Report of the Names Council's WHOIS Task Force Michael Erdle
[comments-whois] Ironically mumbai is about to be affected Bhavin Turakhia
[comments-whois] WHOIS: Process and Substance Norbert Klein
[comments-whois] [Fwd: WHOIS: Process and Substance] - follow-up Norbert Klein

2002 Nov 15

[comments-whois] whois tf report comments Paul Stahura

II. Summary: Comments relevant to the Task Force's Accuracy Recommendations


John Berryhill points out that the TF's interim report does not define a standard for inaccurate contact data. As an example, he points to a UDRP case in which the complainant claims that a telephone number provided in the WHOIS is "inaccurate" because it is not listed for the respondent. He also points out that the requirement for an "accurate" telephone number implies the requirement for the domain name holder to have a telephone number.

Also, Dr. Berryhill raises the concern that "bad contact data" complaints can be raised systematically and in an abusive manner, in order to harass domain name holders.


John Berryhill points out that the current practice (and the task force's interim report) does not address the - common! - use of role accounts (like "Hostmaster Role Account") for WHOIS contact data.

In fact, the current RAA language requires that WHOIS contact data (as opposed to registrant data) contains the contact's "name."


This comment, received from Jefferson Nunn (CIO, Internet Solutions Group) elaborates on a number of privacy objections against any requirement that /valid/ telephone numbers of individuals be published in the WHOIS service.

(It is questionable whether this concern is indeed in the scope of considerations on data accuracy.)


This document contains personal comments from Michael D. Palage on a number of topics raised by the task force's interim report. In this message, only those concerning the WHOIS data accuracy portions of the report are summarized or quoted.

(1) Graduated sanctions and the possible application of automated filters when domain name registrations are placed. The comments hold that "imposing graduated fines and mandating business practices (filters) contradicts ICANN's role as a technical coordination body". Further, the comments point out that these "recommendations are not supported by any data to demonstrate the technical nor commercial viability of these automated mechanisms on small, medium and large-scale registrars. In fact these recommendations would appear to contradict established case law that has held filters place an unreasonable burden on registrars. See Worldsport Networks Limited v. Artinternet S.A. and Cedric Loison."

(2) Possible problems to honest domain name holders caused by a rigid enforcement of the present challenge-and-cancellation procedure for correcting inaccurate WHOIS data. It is suggested that, instead of completely deleting the domain name from the registration system, the domain name is only removed from the zone file.

(3) The inclusion of thick registries with the accuracy recommendations made in the task force's interim report. These comments are too extensive to be summarized in this document.

(4) Mr. Palage describes a possible abuse scenario of a policy which would mandate the deletion of all domain names associated with a specific set of bad contact data (I.A.4.d of the interim report). The problem occurs when registrant or contact information for a domain name has been wrongly replaced by contact information about an existing entity which is not related to this specific domain name, but may occur in the context of other registrations.


This comment from Srikanth Narra was forwarded to the comments site indirectly. The comment specifically provides a third world perspective on WHOIS accuracy, and points out that with registrants from developing countries, the only contact information which can be given in an accurate manner is often the postal address. However, postal service to the relevant regions may be extremely slow and unreliable, which makes verification of a postal address within 15 days impossible.


These comments from the International Trademark Association support the interim report's suggestions on WHOIS data accuracy.


This comment was submitted by Jeff Williams. He writes: "Further our [INEGroup] members decidedly believe that only an admin. E-Mail and phone number contact that is of that Admin.'s. choice that are working phone Number and E-Mail address."


This comment includes, as "recommendation 2", proposed language for a Names Council resolution on WHOIS accuracy issues. The resolution suggests the creation of a standardized "Whois Accuracy Inquiry Notice" which would be translated in as many languages as possible. After receiving a notification of potentially false or inaccurate whois data, registrars would be required to send this notice to registrants, "in the language(s) of the registration agreement, along with links to translations of the WAIN in other languages". As a change to current policy, a domain name would be put on hold indefinitely after a period of 30 days. (Current policy: Deletion after 15 days.) The registrar would not be allowed to either renew the domain name or remove it from hold status until the registrant has provided documented proof (supposedly on the accuracy of present or corrected WHOIS information; this is not clear). Additionally, third parties submitting WHOIS accuracy complaints would be required (1) to provide contact information so the registrant can possibly initiate legal action in cases of bad faith complaints, and to (2) state that the submission "is not intended to interfere with the lawful operations of the domain name registrant or registrar".

The proposed resolution then goes on to recommend a number of possible ways for implementing this suggestion.


This comment was submitted by Bhavin Turakhia on behalf of Directi, an accredited registrar. Several possible difficulties which may make it hard to reach a registrant within a 15 day time line in case of an accuracy complaint are listed. A 45 day time line is suggested as being far more appropriate. Also, it is suggested to place problematic domain names on registrar-hold instead of deleting them. Mr. Turakhia also points to the comments submitted by Mr. Palage (see the summary of msg000012.html above).


This comment, submitted by Tim Ruiz on behalf of GoDaddy Software, mostly focuses on the accuracy issue. Mr. Ruiz objects against the recommendation that registrars should use automated mechanisms to screen out incorrect contact data, on the basis that the task force report does not consider "the cost of these tools, and the problems associated with the accuracy of these tools themselves." Also, according to this comment, "pinging email domains, automating the dialing of phone numbers, etc. have another set of technical obstacles and costs that make them impractical to implement and unreliable." Mr. Ruiz objects against the current 15 day time frame, and suggests that a 45 day period may be more reasonable. He also requests that the terms "willful" and "blatant" (which are currently used in the task force's language on inaccurate whois data) be clearly defined, in order to avoid subjective judgments from entering into these considerations. "Such a vaguely defined policy will be difficult, if not impossible, to enforce," Mr. Ruiz writes. Finally, Mr. Ruiz articulates his belief that the "3 strikes policy" suggested by the task force is unnecessary: "The current RAA simply needs to be enforced, and ICANN has recently been working toward that goal."

In addition to these comments, Mr. Ruiz states his support for the comments submitted by Mr. Palage (see the summary of msg000012.html above).


This comment, submitted by Laurence Djolakian on behalf of the Intellectual Property Constituency, expresses that constituency's support for the interim report's recommendations on the accuracy of WHOIS data.


This extremely comprehensive 12-page comment was submitted by Ross Wm. Rader on behalf of Tucows. This summary attempts to identify the most important key points; I strongly recommend reading the full comments.

As far as the accuracy section of the interim report is concerned, Tucows suggests these questions for the task force's consideration:

What has the [task force] done to measure ICANN's recent enforcement activities as it relates to Whois and how much does this effect the problems that you are trying to deal with in the area of accuracy? Would it be safer to say that mandatory periodic re-validation of Whois data has been identified as one potential technique for improving data quality? Or, has the Task Force investigate the other options fully and discounted them? If so, what options were investigated and why were they discounted?

Additionally, the submission includes comments on the individual recommendations contained in the interim report. As far as the enforcement of current policies (I.A) is concerned, most of these comments concern specific questions around the impact of a possible implementation of the interim report's requirements. Concerning A4b, a distinction between "willful submission" and "blatant disregard" is highlighted. Concerning A4c, the submission asks for specific standards concerning documentary proof of accuracy of data provided.

There are also concerns on the graduated sanctions system suggested in the task force's report: It is asked whether the interim report's recommendations intent to shift the primary responsibility for WHOIS data accuracy from the registrant to the registrar. Concerning B4C1b (collecting the fine from funds deposited by registrars with registries), the feasibility and desirability of this particular approach is questioned.


As a follow-up to the previous submission by Tucows, this comment contains specific comments on the questions asked in the interim report. Tucows argues that (1) it is not clear that the mechanisms proposed in the interim report actually lead to the desired results, and that (2) it is not demonstrated that "failures in the enforcement mechanism require a more structured approach complete with fines and sanctions". On the basis of these observations, it is concluded that an implementation of the structure described in the interim report would be "unreasonable." The task force is urged "to recommend that the community determine first if enforcement of the current contractual provisions will lead to an improvement of Whois data accuracy. "

In response to the task force's specific questions, the comment takes issue with a number of the recommendations: With respect to the inclusion of thick registry operators with the proposed recommendations, Tucows points out that thick registries are custodians of data provided by registrars, and do not have contractual relationships with the registrants themselves. An argument is made that recommendations 1-3 (improvements to the complaint mechanism) will not help to increase data quality "in the majority of records", based on the large number of registrations, and an estimate that the number of complaints actually received will be several orders of magnitude smaller. Tucows is not aware of any "technically competent means" to implement recommendation 4a (screening for obviously bad data), and doubts that - even if such a technology exists - it would actually achieve the requirements behind the recommendation. Additionally, Tucows notes that such screening may drive bad-faith registrants further underground, making enforcement even more difficult; further discussion of this is recommended. The comment also cautions that recommendations 4b-d should not be pursued unless "appropriate and affordable technology has been demonstrated to solve the problems described." A policy that registries, registrars and/or resellers periodically remind registrants of their accuracy obligations is considered an appropriate recommendation; however, specific implementations should not be recommended. Tucows recommends that the task forces explores the idea "that Registrants should be required to verify the accuracy of the data that they have provided prior to allowing the Registrant to undertake significant modifications or actions with their domain name." "Further, ICANN should support the development of cross-registry/registrar contact object management standard."

The comments objects against the proposed sanctions program, and argues that only "a proactive program geared toward ensuring that Registrants uphold their obligations can ultimately achieve the goals of the Task Force."

The comments further express support for recommendation C1 of the accuracy chapter. Tucows has not evaluated the cost of implementing this, but expects it to be moderate.

C2 and C3 are rejected as being technically and economically unpractical, and would "require the implementation of manual and automated systems that have not yet been developed. ... We strongly believe that implementation of these recommendations would have a significant impact on the capability of our organization to compete and prosper."


This extensive comment was posted by Karen Elizaga on behalf of the gTLD registries constituency. doc00004.doc contains a useful summary of these comments, followed by a number of individual contributions. Within the scope of the present document, I can only try to identify a number of key points; reading the full comments is highly recommended.

Concerning the accuracy complaint process, it is suggested that complainants should themselves provide accurate contact information, i.e., there should be no possibility for anonymous complaints. It is suggested that a quick loss of names should be limited to the "worst" cases, and that small mistakes (like a one-digit mistake in a zip code) should correspond to longer response periods. Registries should not be subject to the proposed 3-strike policy since they don't have a direct contractual relationship with the registrant. A4a is characterized as being virtually impossible due to the cost and complications (including a slow-down of SRS transactions) which would be caused by an implementation of the automated filtering suggestions. A comment contributed by Chuck Gomes generally questions whether accuracy of WHOIS information can be enforced on a global basis.

Concerning A4e, the abuse scenario introduced by Mr. Palage is mentioned. The practical applicability of the proposed sanctions program to intermediaries is questioned, due to the lack of a direct contractual relationship with ICANN. More details are provided in mark-up of the text, contained in doc00005.doc. In this mark-up, the gTLD registry constituency in particular takes up a couple of points mentioned in other comments: The risk of bad faith complaints (see Berryhill, above); possibly replacing cancellation of registrations in case of inaccurate data by registry hold.


This comment, submitted by Rebecca J. Richards on behalf of TRUSTe, emphasizes the importance of accurate and available WHOIS information for TRUSTe, and expresses support for the accuracy recommendations in the task force's interim report. This comment literally copies some parts of the IPC comment.


These comments, submitted Rick D. McMurtry on behalf of Turner Broadcasting System, by Bob Scherer on behalf of Time Inc., by Erin Hennessy on behalf of Warner Music Group, and by Lee Paul on behalf of Time4 Media, Inc., emphasize the importance of access to WHOIS data and their accuracy for various parts of the AOL Time Warner group (occasionally using precisely same wording throughout several of the submissions, occasionally providing specific anecdotal evidence of problems encountered in the past), and generally support the accuracy recommendations contained in the interim report.


This comment was submitted by Troy Dow on behalf of the Motion Picture Association of America. The statement expresses the MPAA's support for the accuracy recommendations contained in the interim report.


This comment was submitted by Mark Bohannon on behalf of the Software & Information Industry Association. The comment emphasizes the importance of legitimate uses of WHOIS data in language which closely follows (or even copies) the IPC and TRUSTe comments, and expresses support for the task force's accuracy recommendations.


This comment was submitted by Rick Wesson (Alice's Registry). Mr. Wesson hopes to publish statistically significant research in the future in order to prove the hypothesis that the vast majority of domain registrations don't have accuracy issues. Concerning the graduated sanctions program, it is noted that "at the time the document was authored, there existed no methodology to test the assertion that graduated sanctions could improve the accuracy of the data published in the whois."


This comment from Marc Schneiders specifically addresses the interim report's accuracy recommendations, which are called consumer and registrar unfriendly. Issues pointed out include: The potential for abuse of the complaint process in order to harass registrars or registrants; the possible use of "role account" type names (like xyz domain manager) for the registrant information, coupled with accurate addressing information; challenges with actually implementing accuracy requirements on a worldwide basis. The 15 day correction period is identified as too short, on the basis that registrants may, for instance, be on vacation for such a time period.


This comment was submitted by Michael Erdle on behalf of the Internet Committee of the Intellectual Property Institute of Canada. The comment is not an official position of the IPIC.

The five-page attachment to the message contains elaborate comments on the accuracy recommendations in the interim report, and answers to the specific questions asked by the task force. Within the scope of this document, I'll try to identify a number of key points; reading the full comments is strongly recommended.

Conceptually, the comment splits data accuracy into two distinct sets of concerns: A need to improve overall data quality, and a need for corrective measures in specific cases of inaccurate data.

Concerning the measures suggested to improve overall data quality (like using existing technical measures for screening registrant information), the comment calls for a careful evaluation of the "limitations, efficacy and appropriate scope of use" of these tools, before any implementation of the recommendations. It is warned that, due to the danger that automated tools may inevitably contain errors themselves, and that errors may happen outside the scope of responsibility of the registrant, no domain name should automatically be canceled exclusively based on automatic screening. The comment observes that the terms "obviously incorrect" and "blatantly false" are not defined in the report, "and arguably cannot be defined with any precision." Similarly, the question is raised who should make the judgment whether incorrect information has been "deliberately" submitted by the registrant.

Periodic e-mail reminders are identified as a good idea "to attempt to prevent inaccuracies, however, if a registrar is notified of false information, it will have to take active steps to contact the registrant by whatever means possible to verify the information."

The comment warns that, given a significant number of domain name registrations with outdated WHOIS data, the measures suggested in the interim report may create a potential for abuse against bona fide registrations.

Concerning the graduated sanctions program, the comment asks who would be responsible for actually identifying patterns of non-compliance. Provided that ICANN would document complaints, identify patterns, and take action, the recommendations "appear to be of use," if combined with appropriate safeguards.

Concerning the steps suggested in C (items for possible re-negotiation of the RAA), only step 1 is found to be beneficial (re-validation of WHOIS data upon renewal).


This comment contains an additional note from Bhavin Turakhia, pointing out that changes to telephone numbering schemes (like one currently taking place in Bombay) may lead to inaccurate data on a large scale without bad faith on the registrants' side, leaving postal mail as the most reliable mechanism for contacting registrants. In the Bombay example, however, Mr. Turakhia notes that no back and forth communication through postal mail would be possible within 15 days.


This comment, submitted by Paul Stahura from eNom on November 14, argues that "requiring whois data to be verified at time of renewal will require development and extra cost." He doubts that this will lead to an improvement, but on the other hand believes that a periodic reminder to update whois data may be a good idea.

Mr. Stahura also points to a possible interaction between better searchability and accuracy: Better searchability of the WHOIS database, he argues, would increase the motivation of good faith registrants to provide bad data.

He also asks for definitions of "incorrect" or "inaccurate" WHOIS data.

The comments on the graduated sanctions proposal are based on the understanding that the fines suggested would be $ 1,000 per domain name found to have incorrect data.

III. Summary: Comments relevant to the Task Force's Bulk Access Recommendations


This comment from Vittorio Bertola was originally posted during the Task Force's first comment period in August, but effectively lost in the interim report due to a clerical error. Mr. Bertola observes that "registrants have to be provided with options to opt in or out from any kind of usage, distribution and processing of their data that is not strictly necessary to supply the DNS service; these options must be clearly stated, separated from the core of the domain registration agreement, and it must be absolutely clear to customers that they can register the domain name even if they do not accept to provide their personal information for these additional uses." Mr. Bertola explicitly applies this principle to bulk access, even if not aimed at marketing purposes.


In this comment, Michael Palage remarks: "Despite several comments from participants regarding privacy rights it appears that the Whois Task Force did not provide a very detailed analysis of the European Data Privacy Directive, or other national laws. Any potential ICANN policy that is implemented must take into account national law and local stakeholder perspectives, particularly when an ICANN contracting party is subject to the jurisdiction of these laws."


In this further comment, Michael Palage writes that the current WHOIS system fails to "adequately meet the needs and concerns of governments, intellectual property owners, domain name registration authorities, as well as consumer and privacy advocacy groups." He then suggests to dissolve the Task Force, and initiate a "blue ribbon panel" in order to perform "a comprehensive bottoms-up [sic!] review and overhaul."


This comment from Karl Auerbach remarks that the interim report does not answer the "primary question why personally identifiable information must be published to the public at all." Mr. Auerbach then elaborates on a number of privacy protection mechanisms, in particular including the requirement that those examining the WHOIS reports first identify themselves, and that the "time, date, and identity of every inquiry be recorded and made available to the data subjects.


In this comment from the NYIPLA Internet Law Committee, an argument based on U.S. law is given which leads to the view of the Committee that domain name registrations are public records. A dissenting opinion by Wendy Seltzer, included with the comment, argues in favor of the use of anonymous or pseudonymous contacts, baesd on the observation that "in the United States, anonymous speech is a constitutionally protected right."


This message (including attachments) contains the comments from the gTLD registry constituency. With respect to the interim recommendations on bulk access and marketing, it is observed that the "biggest problem with bulk access is the inability to enforce requirements. If conditions are virtually unenforceable, then nothing is gained by making changes except possibly creating a false sense of accomplishment and increasing costs." It is asked who should decide what constitutes "legitimate" use of bulk data. The idea of cost-based bulk access to WHOIS data is called "socialistic" and "terrible". It is requested that the notes about RAA be clarified as dealing specifically with registrars making WHOIS databases available to third parties for marketing purposes. Further, is called "meaningless" unless it's enforceable; re, it is asked how a registrar should determine that Whois data is being used for improper marketing purposes, and it is doubted that this is feasible at all.


This comment, submitted by Rebecca J. Richards on behalf of TRUSTe, "strongly supports the review of the bulk access provisions of the RAA." It is suggested that by "following the fair information practices of notice, choice, access and security, the WHOIS database can balance the safety of the public at-large with the privacy of Web site owners." TRUSTe supports making an opportunity to opt-out of third party marketing uses of WHOIS available to all registrants.

"Providing the database information to mass marketers without providing those in the database even the courtesy of allowing them to opt-out does not create a trusting, transparent and accountable system," the comment continues.

It is also noticed that "the WHOIS database has been an important tool for consumer safety and, in our experience, has been an irreplaceable means of ensuring the validity of the privacy promises that companies make."


This comment was submitted by Troy Dow on behalf of the MPAA. The comments on bulk access and privacy are too concise to benefit from being summarized, so I quote them completely: "The Whois Survey clearly indicates both privacy concerns over bulk access to Whois data for marketing purposes and strong support for the continued public availability of Whois data for legitimate purposes. As the Interim Report recognizes, there are a number of legitimate non-marketing purposes for bulk access. In fact, much of the functionality supported by the survey respondents might be realized through third-party services enabled by bulk access to reliable Whois data. MPAA would support efforts to protect against the use of bulk access to Whois data for unwanted and unsolicited marketing purposes. In fact, such efforts may in fact contribute to better, more accurate Whois data for legitimate uses. Care can and should be taken, however, to address such privacy concerns in a way that continues to accommodate bulk access by responsible parties in furtherance of legitimate uses of Whois data."


This extensive comment was submitted by Ross Wm. Rader on behalf of Tucows. Tucows notes that limitations of the types of third parties eligible to enter into a bulk access agreement would require subjective determinations by registrars whether some definitions are satisfied. Tucows believes that this would require the installation of some kind of an appeals process, and proposes that such an approach "would likely be unwieldy."

Tucows takes the position that access to bulk data should be determined by registrars themselves, and feels that the bulk access requirement is inappropriate. Practical experience is cited as having demonstrated "that those that most desire access to these customer lists are those that are most likely to inappropriate use these resources." It is argued that the market-based approach advocated would enable registrants to choose registrars based on privacy policies, thereby increasing competition.

Regarding practical experiences with the current bulk access regime, Tucows quotes "inappropriate marketing (slamming, deceptive notices), misappropriation of intellectual property under the terms of the license and other wholly inappropriate activities."

The idea of restricting the fee for bulk data is rejected. Instead, market-based pricing is suggested.

The proposed modification of section 3.3.6 of the RAA is rejected.

The approach of imposing a number of minimal safeguards on bulk access provided by registrars on a voluntary basis seems to be acceptable to the commenter; it is suggested that the "restrictions on a registrars capability to impose new or differing requirements on bulk whois users" should be modified.

Tucows observes that registrars typically do make the condition in mandatory even with the current language. In order to support business models which may not implement such a requirement, Tucows suggests that "it would seem prudent to continue to allow the flexibility in implementation as specified in the current contracts."

Under the assumption that the current contractual requirements are continued, a provision which explicitly forbids any use for purposes other than those stated in the bulk access agreement is supported by Tucows. In the event of a change to the requirements, the question should be re-evaluated.

With respect to the opt-out provision, Tucows notes customer demand for an opt-in policy, and suggests that registrars should have the choice between opt-out and opt-in policies.

Tucows' response to the task force's question about different policies and different sets of bulk data for marketing and non-marketing uses is slightly confusing; I have asked Ross Rader for clarification, and will forward this to the Task Force. The response in Tucows' own words: "Not under the regulated approach advocated by the Task Force. Each of these approaches possesses significant social and economic costs for Registrants and Registrars that would be more appropriately dealt with through a market-based approach to the issue of Bulk Whois data access."


This comment was submitted by Rick Wesson (Alice's Registry). It emphasizes that privacy is the "single most talked about topic with WHOIS", and that it impacts each of the areas of the report. "The fact remains that the largest use of whois is for marketing purposes, the task-force MUST address this issue in its final report."


This comment, submitted by Michael Erdle on behalf of the Domain Names and Trade-marks on the Internet Committee of the Intellectual Property Institute of Canada. The Committee "notes that searching and marketing of WHOIS data must comply with applicable privacy laws. For example, in Canada, registrars must obtain consent to the collection and use of the data. In many situations, implied consent and "opt-out" procedures are not sufficient." It is noted that explicit consent to both collection and use of data may be required, in particular when the use is "not directly necessary for hte maintenance of the registry."


In this comment, Norbert Klein (Open Forum of Cambodia) articulates surprise that, after the long process the Task Force has gone through, the bulk access recommendations do not answer the question what use is to be considered "legitimate."


In this comment, Paul Stahura from Enom points to the possible interaction between overly broad access to and use of WHOIS data and accuracy of these data. With respect to bulk access to these data, Mr. Stahura recommends that "the $10k cap should be eliminated for anyone who is not authorized somehow by ICANN to get the bulk data." There should be small set of entities granted the ability to access bulk data at a relatively low price, which would (1) be policed by ICANN, and (2) could compete to offer services. No opt-out of this "authorized" bulk access would be allowed. Mr. Stahura apparently envisions these services as a replacement for (some features of) registrars' port 43 and web interfaces.

6.5 Meeting with Registrars in Shanghai

On October 27, 2002, members of the WHOIS Task Force met with a number of registrars at ICANN's Shanghai meetings. Much of the discussion was focused on the interim report's accuracy recommendations. No official minutes of this meeting are known to be available. However, several members of the WHOIS Task Force shared their recollection of the meeting during a telephone conference of the task force on November 13, 2002, which has been transcribed.

7. Minority Reports

To date, while two dissenting statements about a particular recommendation are included in the report, actual minority reports have not been received. Should any be received, they will be forwarded to the Names Council.

8. Supporting Arguments

The importance of WHOIS data accuracy was first established through the survey the Task Force conducted. Support has been articulated in numerous comments received from various parts of the intellectual property community, and other submissions.

The Task Force's recommendations on limiting bulk access for marketing uses are based on concerns articulated in many responses to the WHOIS Survey, as well as many submissions in the comments received. In addition, it has also been pointed out by commenters that marketing use of WHOIS data would be a disincentive for registrants to provide accurate data. Comments received indicated that removing bulk access for marketing uses could therefore contribute to an improvement of WHOIS data accuracy.

Several statements have been received which would support the stronger recommendation of completely removing the RAA's bulk access provisions. Some members of the Task Force have presented counter arguments, noting that there are "legitimate" users of bulk access who, in particular, use the data obtained to develop third party services not related to any marketing activities.

The Task Force has recommended that this isue should be investigated in detail in the near term.

A more detailed collection of arguments and deliberations can be found both in the explanations to the Task Force's actual recommendations, and in the outreach summary.

9. Risk / Cost Analysis

The Task Force has not been able to undertake extensive cost analysis at this point of its recommendations at this point.

In fact, feedback from the Task Force to the Names Council would include a recommendation that this area be seriously evaluated for development of alternative approaches to develop a cost analysis be undertaken. Once ICANN staff ae available to support policy development, such a requirement will make more sense. For now, this Task Force notes that such an analysis is extremely difficult to undertake during the policy develoment process itself. It clearly needs to be further defined and developed overall.

We recommend that this analysis be undertaken during the implementation phase.

However, the Task Force notes that policy may be required, even if it represents significant costs or changes in existing processes. For instance, the impact of purposely inaccurate WHOIS data when fraud is involved is serious. Taking steps to address how to change purposely fraudulent data may be an expensive endeavor. Yet, an essential one.

The Task Force has discussed the areas of cost to the extent possible and offers the following guidance.

In the areas of enforcement of existing requirements for accuracy, there will certainly be a need for increased ICANN staff resources. Experience of the existing staff in dealing with this problem today will be able to provide some guidance on the additional time and resources

which may be required and which should be included in the ICANN staffing plan/budget.

Additional “risks” areas: Several comments have been received from members of the Task Force that given the concerns of governments regarding accuracy of data, that the community should address this issue proactively, or risk more directive involvement of multiple governments who may have different views on how best to address accuracy. Such an approach could result in a “patchwork” of requirements which represents a “risk” which must be taken into account and could result in significant administrative burdens on registrars, and on registrants who register with registrars located in different countries. Clearly, developing a solution which can be accepted broadly is a better approach.

Inaccuracy in WHOIS data also impacts registrars who rely on WHOIS data to notify registrants of problems, renewal notices, validation of transfer requests, etc.

For the most part, the enforcement of existing recommendations for accuracy should have widely distributed, but low direct costs to the registrars. However, it must be acknowledged that there will be some additional staffing costs to deal with improved accuracy, and as/if systems are redesigned, there will be some costs to the registrars.

While the Task Force acknowledges that there are costs associated with the recommended changes in programming of systems inherent in many of the recommendations and possibly in additional staff time, the costs implications of specific changes have not been completely explored. The Task Force recommends that this topic can be addressed as part of the implementation process. A working group of Registrars, ICANN staff, and TF representatives could quickly explore this issue in more detail.

The Task Force discussed the concern which registrars have regarding adding in new requirements and the additional costs which that may bring. [Note: This Task Force did not discuss pricing, fully recognizing that is out of scope for a policy Task Force. ] However, the Task Force members acknowledged that consensus policy may require additional investments, in resources, or systems. Within the Task Force, there is no expectation that the Registrars should bear additional costs without the ability to pass that along to the registration process. For instance, as an example only, but not presented as a recommendation, one TF member has suggested that if paper notification is required to fulfill the notification about data accuracy, that the contract between the registrar and registrant could provide for recovery of such costs from the registrant. The registrar may or may not chose to exercise a charge back. The Task Force makes no comment on their choice.

In the initial stages of implementation in accuracy, the Task Force believes that the single most definable cost segment will be the increase in ICANN staffing necessary to undertake improved enforcement, and to work with the registrars to implement the recommendations. It should be acknowledged that broad registrar participation in developing implementation of the recommendations will be essential to ensure that the full range of interests of registrars, given their diversity, are taken into account. Certainly, registrars time to participate may be viewed by many as an additional burden, yet their participation is essential.

In short, the Task Force acknowledges the need for a separate work activity to address further the issue of costs and will provide liaison participation to such an effort, which should take place as part of an implementation process, directed by ICANN staff.

Marketing uses of Bulk Access and WHOIS Data: The Task Force largely heard only objections from Survey respondents, from business users, privacy advocates, and from Registrars regarding the provision of bulk access to third parties. The recommendations of the Task Force would limit marketing uses of bulk access data. In addition, the Task Force recommended further work on any marketing uses of WHOIS data. The Task force is also recommending a change in registrar agreements to require a minimum “opt out” and allow Registrars to implement “opt in”.

The Task Force acknowledges that these changes may require software programming changes by registrars; probably changes in marketing materials, postings on web sites, re-education of existing staff, etc. The analysis of such costs were not undertaken by the Task Force.

The Task Force did discuss the need for registrars to be able to include costs into their business models, but did not discuss pricing, which is clearly out of the scope of a policy Task Force.

The Task Force recommends a separate work effort involving ICANN staff, technical resources, Registrars, and other relevant parties to undertake discussion of implementation issues, including any needed identification of costs issues.

Note: The Task Force itself has recommended that it, or another similar body continue further work related to these areas. This should be taken into account in the implementation processes.

10. Publication and Comment Period

The present document was published on November 30, 2002. Public comments are being accepted until December 8, 2002.

11. Further Recommendations for Additional Work

The Task Force has given considerable thought to the issues of WHOIS, and acknowledged in the Report Executive Summary that the work related to WHOIS is not complete. The Task Force envisions that WHOIS will be a topic of work and further learning and dialogue, not just within ICANN’s gTLD supporting organization but also with the new Country Code Supporting Organization, and with the GAC. For some time now, the GAC members have been making their interests and concerns about WHOIS known within the GAC itself. Recently, the Task Force co-chairs have discussed with several country members, and with the chair, the interests of the Task Force in discussing their interests, views, and concerns. A proposal for an approach is provided under this section as a “Recommendation for a WHOIS Workshop”

Upon acceptance by the Names Council of the recommendations contained in this Policy Report on Accuracy and Bulk Access, the Task Force envisions that the process of implementation discussions can begin. Task Force members will be available to consult or advise, during this process, as needed.

However, the priority of the Task Force, while this is happening, will be to continue its work in the sections in the report which are clearly noted for “further work” related to accuracy and bulk access and marketing uses of WHOIS data.

These work areas may result in further changes to the RAA, in some areas. The Task Force therefore recommends that it undertake concluding such work within a reasonable time frame, taking into account that there is a worldwide holiday season during the last month of the calendar 2002.

In addition, the WHOIS Task Force’s present report addresses only two of the four issues it identified in its Interim Report. Work has been undertaken by two additional working groups on consistency of data elements and enhanced searchability; this work continues and is expected to be completed shortly. At this point, a preliminary view of the the recommendations indicates that they will provide for mid to longer term working initiatives; the further work related to concluding these two areas we believe, should be completed by this Task Force. However, some of the recommendations may be in the form of “recommending monitoring” by ICANN staff with periodic reports back to the Names Council/its replacement. Such recommendations would not necessarily require a standing WHOIS Task Force involvement.

However, one shorter term recommendation which developed during the outreach on consistency of data elements and searchability was the importance of further dialogue with ccTLD managers. The Task Force was able to hear from a few managers regarding their practices, national requirements, and the challenges they face. Of strong interest by the Task Force is a more extensive dialogue with ccTLD managers regarding how they deal with issues of data accuracy, marketing uses, as well as consistency and searchability.

As noted in the opening paragraph, the GAC itself has also indicated a strong interest in further examination of WHOIS issues.

Therefore, the Task Force recommends and has begun to develop plans to work with interested parties, including the GAC, to develop a WHOIS Workshop where further exploration of the key issues will be undertaken. This workshop will be an informational format, and should include several panels, where issues are presented, and discussed in a format which results in white papers and presentations which can be included in the further work of the Names Council WHOIS Task Force.

Such a workshop is expected to include invitational presentations from ccTLDs; privacy advocates, governmental representatives, as well as registrars, business users, intellectual property representatives. The Task Force recommends that such a Workshop be hosted at the upcoming March ICANN meeting, and that all constituencies and the At Large Organization, as well as other Supporting organizatins be invited to attend and participate. It is expected by the Task Force that multi-national organizations, such as WIPO, OECD, ITU, and the EC, as well as individual countries who are members of the GAC will have an interest and the Task Force recommends to the Names Council that

The Task Force would welcome the involvement and support of the ICANN staff in undertaking and planning such a workshop. The Task Force would expect to launch a planning process immediately following the Amsterdam meeting and to quickly assess the feasibility of holding the Workshop in Rio, given time factors.

12. Appendix

Members of the Task Force

Non-Commercial Domain Name Holders' Constituency

Sarah Andrews
Gilbert Estillore Lumantao
Hakikur Rahman

In the past, the Non-Commerdial Domain Name Holders' Constituency has been represented by Y. J. Park.

gTLD registries constituency

Fran Coleman
Karen Elizaga
Ram Mohan

Miriam Sapiro served on the Task Force until Summer 2002.

Karen is about to leave the Task Force, and is being replaced by Fran.

Internet Service Providers and Connectivity Providers

Tony Harris

Tony serves as one of the Task Force's co-chairs.

country-code TLD registries

Oscar A. Robles Garay

Business Constituency

Marilyn S. Cade
Troy Dow
Bret Fausett

Theresa Swinehart used to serve on the Task Force on behalf of the Business Constituency.

Marilyn serves as one of the Task Force's co-chairs.

Intellectual Property Constituency

Laurence Djolakian
Steve Metalitz

In the past, the Intellectual Property Constituency has also been represented by Axel aus der Mühlen.

Registrars' Constituency

Tim Denton
Philipp Grabensee
Ken Stubbs

The registrars' constituency has originally been represented on the Task Force by Paul Kane, who also served as the Task Force's initial chairman.

General Assembly

Kristy McKee
Thomas Roessler
Abel Wisman

The General Assembly has originally been represented on the Task Force by Danny Younger, then the GA's chairman.