Domain Name Supporting Organization

 

Draft Final Report

 

of the Names Council’s

 

WHOIS Task Force

 

to be presented at

 

The ICANN Meeting In Romania (Bucharest)

June 24-28, 2002

 

NOTE: THIS VERSION OF THE DOCUMENT IS A WORKING FINAL DRAFT AND IS SUBJECT TO FURTHER EDITORIAL CHANGES.

 

 

 

Table of Contents

 

Table of Contents................................................................................................................................................ 2

I             Introduction............................................................................................................................................. 3

A       Preface........................................................................................................................................................... 3

B        History and Mission.............................................................................................................................. 6

C        Participation in the Survey.............................................................................................................. 9

D        Statistical Considerations........................................................................................................... 18

E        Method of Evaluation of Free-Form Questions................................................................ 19

II            User Expectation and Experience (qq. 5-10)......................................................................... 21

A       Questions Asked..................................................................................................................................... 21

B        Methodology of Evaluation......................................................................................................... 25

C        Results of Evaluation....................................................................................................................... 26

III            Uniformity and Centralization (qq. 11-15)......................................................................... 40

A       Summary..................................................................................................................................................... 40

B        Questions Asked..................................................................................................................................... 41

C        Results of Evaluation....................................................................................................................... 42

D        Findings and Discussion of Results........................................................................................... 49

E       Some individual Responses............................................................................................................... 50

IV            Resale/Marketing and Bulk Access (qq. 16, 17)................................................................ 52

A       Summary..................................................................................................................................................... 52

B        Questions Asked..................................................................................................................................... 52

C        Method of Evaluation...................................................................................................................... 55

D        Results of Evaluation....................................................................................................................... 57

E        Some Individual Responses.............................................................................................................. 63

F        Findings and Discussion of Results........................................................................................... 69

V            Third Party Services (qq. 18, 19).................................................................................................. 71

A       Summary..................................................................................................................................................... 71

B        Questions Asked..................................................................................................................................... 71

C        Results of Evaluation....................................................................................................................... 72

D        Findings........................................................................................................................................................ 74

VI            Other Comments (q. 20)..................................................................................................................... 76

A       Questions Asked..................................................................................................................................... 76

B        Method of Evaluation...................................................................................................................... 77

C        How the Information is Presented in the Report............................................................. 78

VII          Final Conclusions.............................................................................................................................. 79

VIII         Request for Discussion: Possible WHOIS Recommendations................................ 81

A       Accuracy of data contained in the WHOIS database................................................. 82

B        Uniformity of data formats and elements across various TLDs and registrars, including ccTLDs.           82

C        Better searchability of WHOIS databases.......................................................................... 84

D        Marketing use of WHOIS data; bulk access provisions............................................... 85

IX            Task Force Members; Contact................................................................................................... 87

A       Authors of This Report..................................................................................................................... 87

B        Archives and Contact....................................................................................................................... 88

C        Members of the Task Force............................................................................................................. 88

I               Introduction

 

By Marilyn Cade, Tony Harris, Tim Denton

(Business, ISP, Registrars)

 

A               Preface

 

The WHOIS Task Force (WHOIS TF) announces our final draft report on the Survey findings and presents our preliminary recommendations regarding  whether ICANN should seek to modify the WHOIS policy. We are posting the report for community feedback and comment prior to finalization and submission to the ICANN board of directors.  We anticipate our report being open for public comment for a period of three weeks following the Bucharest meeting.  Following the public comment period, the final report will be presented to the DNSO Names Council for approval. 

In March, 2002, we presented our preliminary report which provided a status report and update on the work of the WHOIS Task Force of the Domain Name Supporting Organization (DNSO).    The purpose of that report was to provide initial information to the community on the analysis of the statistical responses to the  WHOIS Survey and some very  preliminary findings of the Task Force,  Our report in March was primarily focused on the quantitative responses; we announced then that our further analysis would address  the narrative responses, and whether they signify disparities with the quantitative responses, and that we would undertake an analysis of question 20’s narrative responses.  .

Our final DRAFT report takes into account the initial statistical analysis, the narrative analysis, and other submissions which have been submitted to the TF.  Consideration of WHOIS policy is a significant issue and we acknowledge that we have been focused on the survey results as a primary input. However, we note  that this is only part of our work to understand and advise fully on WHOIS policy.

Our final draft report is being forwarded to the ASO and PSO for their comment as well. 

 

It is important to remember that the WHOIS Survey is one work product of the WHOIS Task Force, and while it has been the primary focus for the past several months, the TF has also tried to examine other relevant inputs, including submissions, and recent testimony related to WHOIS accuracy.  Our Recommendations Document reflects these additional inputs in a preliminary manner. During the Public Comment period, the Task Force also plans to consult with other interested parties regarding our recommendations. These inputs will also be reflected in our final report..

 

Task Force Mission:  to be filled in… Tony/Marilyn

 

Limitations of the Survey

It is important to ensure that there is clarity on what the survey was intended to accomplish  and to acknowledge its limitations.  The survey was intended to get as much input as possible from users, providers and other groups who use WHOIS and who would respond to a web based survey. In no way should this survey be considered statistically valid; and that was not its intent.   The data presented in the survey is now several months old, and that, too, much be taken into account. However, as the Task Force has analyzed the responses, and taken other inputs into account, we see no reason to believe that the survey inputs would have significantly changed over the past few months.

 

The original members of the TF worked hard to develop a broad survey; they did not employ the assistance of a professional survey team for a variety of reasons, including the purpose of the outreach. The survey was intended as a "snapshot" in time which could be used as input along with other mechanisms for input and consultation which the TF may undertake, in order to provide guidance on what further steps should be taken in the development of policy recommendations related to WHOIS.

In hindsight, with the benefit from weeks of reading hundreds of narrative responses to surveys, and examining whether the narrative responses are consistent with the quantitative responses, and searching for trends, anomalies, and other useful observations, it is evident that some of the questions and choices for answers contained in the survey could have been designed better. For example, question 5 asks about the purposes of WHOIS, but fails to offer "technical problems" as a possible option in the response.  That was clearly an oversight in the questionnaire design.

The TF acknowledges the limitations of the questionnaire; however,  we ask our readers to focus on the findings, input, recommendations, and perspectives which are clearly supported.

 

And, at least at this point, although the narrative responses were interesting to read and examine, there is no significant change reflected between the narrative responses and the statistical responses.  In other words, providing narrative options does not seem to have added significant value. On the other hand, Question 20 did provide an opportunity for people to write in free form, any further thoughts or considerations.  We have taken the approach of looking for unusual suggestions or items as illustrations. That is explained further later.

This survey was conducted prior to the launch of the seven new TLDs, and as a result some of the user responses may be different from when the survey was conducted.

Status of the Analysis

The Task Force undertook the analytic analysis of the over 3000 responses, and published those in the preliminary report in March. That report is available on our archives.  Much of its findings are incorporated in this final report, which  builds on the statistical analysis and adds to it, based on the narrative responses.  A more detailed description of the analysis process is provided in the Statistical Analysis Section.

In addition to its original mission, the Task Force  received an additional work referral from the Names Council related to the Verio appeal involving marketing uses of WHOIS data.  In undertaking a further discussion regarding this referral, the Task Force discussed the applicability of the survey responses, and agreed that questions 16, and 17 are directly applicable to this referral.[1]

We continue to remind our readers that this is not a statistically valid survey.   One can take any piece of a puzzle and forecast an outcome; if the only puzzle pieces one is looking at are images of trees, the assumption might be that the puzzle is about a forest. If on the other hand, the pieces include parts of a castle, a forest, and a field, then one might realize that one is beholding a landscape.  In short, the total picture, when the puzzle is assembled might look very different.  Nevertheless, pieces of the puzzle are critically important in considering the whole.

Acknowledgements:

We express our appreciation to the initial chair of the Task Force, Paul Kane, who shouldered a significant leadership role in launching the Task Force and it’s initial work.  We offer our thanks to several members whose "terms" have expired with the NC or GA, and therefore have moved on, to be replaced with new representatives of their respective entities.   We also thank the ICANN staff for their administrative support and counsel during this process.  

And, we note that the work of the Task Force has been significantly enhanced through the volunteer leadership of the GA members of the Task Force, and a special word of appreciation is due to Thomas Roessler, Kristy McKee, and Abel Wisman. In this later stage of our work, in particular, we note that the contributions of  Thomas Roessler and Kristy McKee have made the final stages of the work of the TF comprehensible, organized, and productive. Without their contributions, we would not have been able to conclude the analysis of the data and the production of this final draft report. 

Most of all, we thank those in the community who completed the survey.

 

We are pleased to present our final draft report on the survey’s findings  to the community, and welcome your questions and comments.  We look forward to receiving your comments on this  Report.   We expect to have our report open to comment for three weeks following Bucharest meeting,  and to publish our final report within a two week period following that period of open comment,  in order to take account of community response and further planned outreach by the Task Force..

 

B               History and Mission

 

The WHOIS Task Force of the DNSO grew out of the initial work of the .com/.net/.org WHOIS Committee convened by the ICANN staff to give advice on the implementation of WHOIS service for the .com/.net/.org domains as required under the Registrar agreement.  The committee addressed implementing questions. The committee’s work was concluded in April, 2001.  The implementation of the committee’s work included the establishment of a WHOIS Committee on domain-name-system policy, chaired by Paul Kane.  This  report does not address the history of the creation of the TF further, since the archives include relevant postings which led to the establishment of the TF by the DNSO.

 

The Task Force was approved in the DNSO Names Council meeting, February 8, 2001[2].  In summary, Paul Kane proposed that the DNSO set up a Task force to consider the policy issues arising from the ICANN WHOIS report.  The Terms of Reference for the TF are provided in the archival materials posted at the DNSO web site.[3] The Terms of Reference have subsequently been modified to incorporate further consideration of “NEXT STEPS” RELATED TO WHOIS.

 

A paraphrased version of the initial terms of reference : "To consult with the community with regard to establishing whether a review of any questions related to ICANN’s WHOIS policy is due and if so to recommend a mechanism for such a review."

During the time it took for the ICANN staff to publish their report, initial members were also being identified by the Constituencies. The initial members of the TF were:

Paul Kane, Registrars, Chair

Y.J. Park, Non Commercial

Axel aus der Muhlen, IPC

Theresa Swinehart, BC

Oscar Robles-Garay, ccTLD*

Antonio Harris, ISPCP*

Miriam Sapiro, Registry

Danny Younger, GA Chair

* REMAIN AS MEMBERS OF TF

Over time, the membership of the task force has changed, for various reasons.   A list of all  task force members  and their terms of representation, including current members can be found in the appendix section of this document.

 

From the beginning, to support their broad mission, the TF members were committed to gaining an understanding of how WHOIS affects users, and how the community is using it today, rather than relying on the perspectives and views of the members of the TF. They quickly came up with the concept of a survey, which was web based, and therefore, while not statistically valid, would provide a systematic "snapshot" of what those who chose to respond, cared about, who they were, and what their concerns and issues were.

 

The survey was developed and published in June, 2001, with one extension in responses. The survey closed in August, 2001.[4] 3035 responses were received. 

 

SUMMARY OF REPORT APPROACH AND FINDINGS:

Our report summarizes the details of the statistical  responses, with an analysis of the narrative responses and whether they represent significant departure from the statistical responses. For the most part, there is no deviation. However, the TF also undertook analysis of Question 20 to determine whether there were ‘gems’ embedded in those responses.


“Gems” can be defined as those unique statements which cause one to pause and think, because they  represent input on a separate question which asked for narrative input. The TF does not evaluate the value of  “gems” but notes them in each relevant chapter, and suggests that they offer additional learning, but that they do not change the findings.  

 

The following chapters examine in detail the survey responses by categories of questions, both statistically, and via the narrative responses. The “Gems” sections should be treated as the least statistically valid, but are offered to you as a reader, to provide illustrations of those submissions in Q.20 which generated some special interest from the TF.  It is important to note that the narrative questions were, in general, answered by about one third of the respondents to the survey and that only one third of the respondents completed any part of  Question 20. Many did not respond to all the optional segments of Question 20. Yet, the TF thought you might find the ‘gems’  of interest. 

 

The report concludes with the findings of the Survey. A separate document on TF Recommendations related to WHOIS is underway, taking into account the survey findings and other inputs.

C               Participation in the Survey

 

By Kristy McKee, Thomas Roessler, and Abel Wisman

(General Assembly)

 

Question 1 - Categories of Respondents

In the very first question, participants were asked to classify themselves into one of several categories:

 

1. Which of the following terms best describes your status as a respondent to this survey?

o             Commercial business user
o             Non-commercial organization user
o             Governmental organization user
o             Individual or household user
o             Domain name registrar and/or registry
o             Internet access provider or network operator
o             Other:

 

Respondents were also asked (where applicable) what size their organization is.  An overview over the categories of respondents can be found in the table below.  The data is also represented  in the pie chart below.

Category	#	%
Commercial business user	1063	35%
Non-commercial organization user	208	7%
Governmental organization user	35	1%
Individual or household user	1021	34%
Domain name registrar and/or registry	130	4%
Internet access provider or network operator	234	8%
Other:	222	7%
(No Response)	122	4%
Total Responses:	3035	100%

Clearly, commercial and individual/household users dominated the population of respondents to the survey. 

 

Question 2 - Participation of Domain Name Holders

 

The second question of the survey asked whether participants "have registered any domain names".  This wording is unfortunate:  With some registrars/registries, ISPs, and certain kinds of commercial respondents, the question may be interpreted to refer to domain names registered on behalf of customers, while other respondents may rather be thinking about domain names they have registered for their own use.

 

2. Have you registered any domain names?    o yes   o no

If "yes":

a. How many ccTLD domain names have you registered:  

b. How many gTLD domain names have you registered:  

 

What was the general purpose of your registration:

a. commercial

b. governmental

c. personal

d. noncommercial organization

e. other

 

Question 2 – Have you registered any domain names:

 

Question 2	yes	no	No Response	Total	% yes	% no
Commercial	973	81	9	1063	92%	8%
Governmental	20	14	1	35	57%	40%
Individual	730	279	12	1021	71%	27%
Isp	207	22	5	234	88%	9%
non-commercial	177	29	2	208	85%	14%
not stated	20	4	98	122	16%	3%
Other	156	59	7	222	70%	27%
registrar-registry	114	14	2	130	88%	11%

 

Results vary strongly across categories of respondents:  While, for instance, 92% of commercial respondents have registered domain names, only 71% of individual respondents, and 57% of governmental respondents have registered any domain names.  It is also interesting to note that 17% of those who answered the questionnaire did not register any domain names.

 

 

Question 2 – How many County Code Top Level Domains:

 

ccTLD	0	1 to 9	10 to 99	100 to 999	1000 to 9999	10000	Not Stated	Total (stated)
Commercial	179	356	188	71	12	4	253	810
Governmental	3	14	1				17	18
Individual	188	343	33	2			455	566
Isp	35	42	40	42	14	5	56	178
non-commercial	35	81	17				75	133
not stated	3	8		2		1	108	14
Other	45	47	24	5		1	100	122
registrar-registry	12	29	15	16	20	5	33	97

 

:

 

Question 2 – How many Generic Top Level Domains:

 

GTLD	0	1 to 9	10 to 99	100 to 999	1000 to 9999	10000	Not Stated	Total (stated)
Commercial	66	316	205	107	32	4	333	730
Governmental	3	9	1				22	13
Individual	74	403	53	4	1		486	535
Isp	8	45	57	42	20	5	57	177
non-commercial	19	87	28	1			73	135
not stated		9	4	2	1		106	16
Other	16	53	35	14	4		100	122
registrar-registry	11	25	18	16	12	7	41	89

 

 

The qualitative result is clear:  ISPs and registrars/registries are most likely to have the large domain name portfolios (possibly on behalf of their clients), governmental, individual, and non-commercial respondents have the smaller ones, and commercial respondents are somewhere in between. 

For most categories the largest group of respondents register 1-10 domain names, with a sharp decrease  for higher numbers of registrations.   The ISP and registrar-registry respondents differ, in these cases either decreasing considerably less quickly, or even remaining constant over some orders of magnitude (as with the ccTLD registrations of registrars and registries).

 

Question 2 – General Purpose for domain name registrations:

	commercial	governmental	non-commercial	other	personal	Total (stated)
Commercial	920		18	18	37	993
Governmental		16	4	1	2	23
Individual	119	2	63	24	569	777
Isp	169		12	11	25	217
non-commercial	11		145	7	19	182
not stated	11	1	4	2	4	22
Other	98		17	34	23	172
registrar-registry	78	1	12	6	27	124

 

The results are not unexpected: Commercial entities (including ISPs, registries/registrars) mostly registered domain names for commercial purposes, governmental entities register for governmental purposes, non-commercials for non-commercial purposes, and individuals for personal purposes.

 

Question 3 - Frequency of Use of WHOIS

Question 3 asked participants how frequently they use the WHOIS service themselves:

 

3. How often do you use the Whois service on average?
o             never
 o             occasionally
 o             weekly
 o             once or twice a day
 o             many times a day

 

Question 3	hourly	daily	weekly	occasionally	never	not stated	Grand Total
Commercial	183	184	290	374	31	1	1063
Governmental	4	3	7	18	3		35
Individual	72	131	260	509	45	4	1021
Isp	109	58	42	22	3		234
non-commercial	32	32	66	69	7	2	208
not stated	1	4	5	13		99	122
Other	40	27	82	58	13	2	222
registrar-registry	45	18	23	34	8	2	130
Grand Total	486	457	775	1097	110	110	3035

 

 

Question 3 (%)	% hourly	% daily		% weekly	% occ.	% never	% not stated
Commercial	17%		17%	27%	35%	3%	0%
Governmental	11%		9%	20%	51%	9%	0%
Individual	7%		13%	25%	50%	4%	0%
Isp	47%		25%	18%	9%	1%	0%
non-commercial	15%		15%	32%	33%	3%	1%
not stated	1%		3%	4%	11%	0%	81%
other	18%		12%	37%	26%	6%	1%
registrar-registry	35%		14%	18%	26%	6%	2%
Total	16%		15%	26%	36%	4%	4%

 

It should be noted that results of this question once again vary strongly across categories of respondents.  Clearly, among the participants of this survey, ISPs are the heaviest WHOIS users, followed by registrar/registry users, while governmental and individual respondents use WHOIS the least. Also, 31% of the respondents use whois one or several times per day, and 26% use it on a weekly basis, while 40% of them indicated they use WHOIS occasionally or never.

 

Question 4 - Use of WHOIS

Question 4 asked about respondents’ use of the WHOIS system:

 

4. Which of the following most accurately describes the use of WHOIS that is most important to you or your organization:

o             To determine if a specific domain name is unregistered/
                available?

o             To find out the identity of a person or organization who
                is responsible for a domain name or web site I have
                encountered while using the Internet
o             To support technical operations of ISPs or network
                administrators, including tracing sources of spam or
                denial of service attacks

o             To identify the owner of a domain name for consumer          protection or intellectual property protection purposes

o             To gather names and contact information for marketing
                purposes

o             To support government law enforcement activities
                (other than intellectual property)
o             Other (please briefly describe)

 

Multiple responses to this question were accepted.

 

Question 4	availability	responsibility	technical	IP[5]	marketing	law[6]	other	# respondents
Commercial	482	574	352	389	28	30	66	1063
governmental	26	16	19	6		7	4	35
Individual	513	626	322	136	18	23	71	1021
Isp	97	142	167	36	5	20	23	234
non-commercial	125	107	75	53	3	13	12	208
not stated	109	14	7	9	1	2	1	122
Other	140	97	49	117	8	12	31	222
Registrar-registry	48	73	50	34	5	7	11	130
Grand Total	1540	1649	1041	780	68	114	219	3035

 

The percentages in the following table use the total population of respondents for any given category as the 100% reference totality.  Since multiple responses were accepted, percentages will generally add up to more than 100%.  In each row, the dominant use of WHOIS is marked in boldface.

 

Question 4 (percentages)	availability	responsibility	technical	IP	marketing	law	other	Grand total
Commercial	45%	54%	33%	37%	3%	3%	6%	180.71%
governmental	74%	46%	54%	17%	0%	20%	11%	222.86%
Individual	50%	61%	32%	13%	2%	2%	7%	167.38%
Isp	41%	61%	71%	15%	2%	9%	10%	209.40%
non-commercial	60%	51%	36%	25%	1%	6%	6%	186.54%
not stated	89%	11%	6%	7%	1%	2%	1%	117.21%
Other	63%	44%	22%	53%	4%	5%	14%	204.50%
Registrar-registry	37%	56%	38%	26%	4%	5%	8%	175.38%
Average	51%	54%	34%	26%	2%	4%	7%	178.29%

 

The dominant use of the WHOIS system among respondents is, in the commercial, individual, and registrar-registry categories, “to find out the identity of a person or organization who is responsible for a domain name or web site”.  Governmental respondents generally mention WHOIS as a means to find out about the availability of a domain, as do non-commercial, “not stated”, and “other” respondents.  ISP respondents mostly use WHOIS “to support technical operations of ISPs or network administrators”.

It’s worth noting that non-IP law enforcement use is most frequently mentioned by governmental respondents (20%), followed by ISPs (9%) and non-commercials (6%).  Also, almost 90% of respondents which did not assign any category to themselves mention “availability” as their most important use of WHOIS.

D               Statistical Considerations

 

By Thomas Roessler

(General Assembly)

 

 

The multiple choice questions were evaluated for the full set of 3035 submitted responses.  This analysis is also broken down by respondent’s category (as given in question 1).

The number of participant per category of respondent (question 1) is, in particular, important since they give a rough indication of the precision of the numbers in this report.  In the table below, we give standard deviations (σ ) to be expected for various results, when derived from various categories of respondents.[7]

From a (possibly simplistic) statistical point of view, the best results can be expected from the commercial business user and individual user categories where we have standard deviations between 1% and 2%. Statistical significance is worst within the governmental users category. We shall occasionally mention error margins explicitly where they are important in order to correctly interpret the result of a particular question.

 

Category	#	10%	20%	30%	40%	50%
Commercial business user	1063	1%	1%	1%	2%	2%
Non-commercial organization user	208	2%	3%	3%	3%	3%
Governmental organization user	35	5%	7%	8%	8%	8%
Individual or household user	1021	1%	1%	1%	2%	2%
Domain name registrar and/or registry	130	3%	4%	4%	4%	4%
Internet access provider or network operator	234	2%	3%	3%	3%	3%
Other	222	2%	3%	3%	3%	3%
(No Response)	122	3%	4%	4%	4%	5%

 

 

Approximating the binomial distribution by a Gaussian normal distribution, it can be assumed that a result has a probability of about 68.3% to lie within a +1σ margin around the real value, and with a probability of 95% it can be assumed that a result lies within a +1.96σ  margin around the true value.

 

It should also be noted that, unless stated otherwise, percentages given refer only to those who elected to answer a particular question, but not to the entire set of respondents from any given category.

Besides error margins inherent to any survey, it should also be mentioned that some additional error was introduced by duplicate submissions; some isolated cases of these were found by the task force’s members when analyzing free-form responses.  Since these duplications were extremely rare, we have simply neglected them.

 

Another (we believe, minor) problem is introduced by an inconsistence between statistics generated by ICANN staff and by the task force itself: There were 10 questionnaires where respondents actually gave an "other" response to question 1 (the "category" of the respondent), but apparently did not check the associated button on the survey’s web form.  As a result, these questionnaires were assigned to the "not stated" category of respondents in ICANN-prepared statistics.  However, these questionnaires are assigned to the "other" category of respondents in statistics prepared by the Task Force, that is, in all evaluations of free-form responses.  The inconsistency was noticed so late in the preparation of this report that we decided not to fix it.

 

E               Method of Evaluation of Free-Form Questions

 

By Thomas Roessler

(General Assembly)

 

The Task Force undertook an attempt to analyze as many answers given to free-form questions as possible.  For all free-form questions except question 20, the approach taken was similar to the one used for the preliminary report:  Based on the pseudo-random set of 303 responses used for the preliminary report[8], categories (called “baskets”) were designed in order to derive quantitative results from the free-form questions.  Task Force members were then assigned slices of questions for basketing.  Due to lack of time and resources, about half to one third of the free-form responses given were analyzed in this first pass.  Two members of the Task Force[9] then specifically looked at those responses which could not be assigned to any baskets in the first pass, and added any additional categories necessary.  Using that revised set of baskets, a second pass of categorization was undertaken:  Task Force members who had not participated in the first pass concluded part of their assignment; others specifically undertook an analysis of the questionnaires received from governmental, non-commercial, ISP, and registry-registrar respondents:  In these categories, the number of responses received is dangerously low, and significant improvement of results could be expected by giving priority to the completion of these categories of responses.   (It should be noted that the number of commercial and individual responses reviewed during the first pass of this work alone surpassed the total number of responses received in the smaller categories.) 

This approach to the Task Force’s work implies that - as far as free-form answers are concerned - statistics based on the totality of all respondents cannot be generated by simply adding absolute numbers across categories:  That would mean to give too much weight to the small groups of respondents.  Instead, numbers must be weighted according to the portion of baskets actually investigated. This information is contained in the tables in which the results from basketing are presented in individual sections.

It should also be noted that the task force members’ understanding or misunderstanding of “baskets” and of free-form answers received may lead to additional errors in the statistics presented.

Question 20 was not analyzed statistically:  Instead, some members of the task force reviewed the free-form answers given on about 2400 out of the 3035 questionnaires received and produced, based on their personal judgement, a list of answers believed to be particularly interesting or thoughtful.  These answers were then categorized by the chapter of this report to which they were believed to be relevant.  Further analysis was left to the authors of the respective chapters.
User Expectation and Experience (qq. 5-10)

 

By Steve Metalitz,  Laurence Djolakian, and Ken Stubbs, Hakikur Rahman

(Intellectual Property, Registrars, and Non Commercial)

 

 

A               Questions Asked

 

5. What should be the purpose of the Whois service? (place in order 1-7 where 1 is most important):

Rank:                       to identify the availability of a particular name in
                                which someone is interested

Rank:                       to determine if there are similar names already in use

Rank:                       to identify and verify online merchants

Rank:                       to identify online infringes for enforcement of
                                intellectual property rights

Rank:                       to source unsolicited email

Rank:                       to identify contacts in the investigation of illegal
                                activity

Rank:                       other (specify):

 

6. Which of the following best describes your attitude towards access to the data contained in the Whois service?

o             I am most concerned about protecting the privacy of domain
                name registrants

o             I am most concerned about effective identification of who is
                behind a specific domain for consumer protection or
                intellectual property protection purposes

o             I am most concerned about ensuring that Whois supports
                the resolution of technical problems on the Internet

o             No opinion

o             Other

 

7. Have you ever been harmed or inconvenienced because the Whois data you received was inaccurate, incomplete, or out of date?

o             Yes, I have experienced inaccurate data.

o             No, the data has been accurate

What percentage of the Whois records you relied on proved to be inaccurate, incomplete, or out of date on average:

o             Less than 5 percent

o             5 - 25 percent

o             25 - 50 percent

o             More than 50 percent

 

If appropriate, please describe the harm or inconvenience caused by the inaccurate data:

 

How do you think an improvement can best be achieved?

 

 

8. Currently, Whois records in .com, .net, and .org are composed of the following data elements:

A. The name of the second-level domain being registered and the top-level domain it is under;
B. The IP addresses of the primary and secondary name servers for the registered domain;
C. The host names of the name servers;
D. The identity of Registrar;
E. The date of the original registration;
F. The expiration date of the registration;
G. The name and postal address of the registrant;
H. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the SLD; and
I. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the SLD.

 

Would you describe these data elements as

                o             Adequate for your purposes
                o             Inadequate for your purposes
                o             necessary for your purposes

 

8.1 If you answered "Inadequate," what other data elements would you like to see included to promote public confidence in Internet activities?

 

8.2 If you answered "Unnecessary," what other data elements would you like to see suppressed from public disclosure?

 

9. Please indicate which of the data elements listed in A-I above are, in your view, of valueless, essential, or desirable:

 

A. The name of the second-level domain being registered and the top-level domain it is under;

o  essential               o  desirable               o  valueless

 

B. The IP address of the primary and secondary name servers for the registered domain;

o  essential               o  desirable               o  valueless

 

C. The domain names of the name servers;

o  essential               o  desirable               o  valueless

 

D. The identity of Registrar;

o  essential               o  desirable               o  valueless

 

E. The date of the original registration;

o  essential               o  desirable               o  valueless

 

F. The expiration date of the registration;

o  essential               o  desirable               o  valueless

 

G. The name and postal address of the registrant;

o  essential               o  desirable               o  valueless

 

H. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the SLD; and

o  essential               o  desirable               o  valueless

 

I. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the SLD.

o  essential               o  desirable               o  valueless

 

 

Searchability

10. Should the publicly accessible WHOIS database allow for searches on data elements other than domain name?

o             Yes
o             No

 

If yes, please specify from fields A-I above that you think should be usable as search keys.

o  A         o  B         o  C         o  D         o  E          o  F          o  G         o  H
o  I

 

Should other enhancements to searchability (e.g., Boolean searching on character strings) be provided?

o             Yes
o             No

If "Yes", how should the cost associated with such enhancements be paid for?

 

B               Methodology of Evaluation

 

Question 5

Question 5 asked respondents to assign ranks to various possible uses of WHOIS.  The raw tabulation data received from ICANN staff was presented in the preliminary report, and is reproduced below. Some analysis of free text responses has been added.

Question 6

Our analysis consists primarily of statistical data with some observations of free text responses.

Question 7

This question invited free text responses, but the Task Force was not successful in categorizing these as to the nature of harm or inconvenience experienced as a result of inaccurate, incomplete or outdated Whois data. It was slightly more successful in categorizing suggestions for ways to improve the situation.

Question 8

Besides statistical tabulations, the Task Force attempted to categorize the free-text responses of the small minorities that found existing data elements either inadequate or unnecessary.  These efforts were not very successful but we have included some observations below.

Question 9

Question 9 called for no free text responses, so the statistical data contained in the preliminary report is reproduced below.

Question 10

Among the responses reviewed, the Task Force was generally successful in classifying free-text responses for who should pay for searchability enhancements into the following baskets:

v      no answer

v      registrar or registry

v      registrant

v      searcher

v      donation

v      governmental funding

v      ICANN

Note that there is a well-defined mapping from the baskets defined here onto the choices given to respondents in question 15, which also deals with funding issues.

 

C               Results of Evaluation

 

By-category analysis of multiple-choice questions

 

Question 5

 

Summary of rankings of availability of a domain name as the purpose of WHOIS:

Question 5.a	1	2	3	4	5	6	7	Total	Avg
commercial	487	165	106	63	70	82	35	1008	2.4544
governmental	3	5	5	3	3	4	3	26	3.8462
individual	452	127	106	71	95	67	43	961	2.5869
Isp	102	35	22	24	22	11	12	228	2.6053
Non-commercial	76	19	27	24	28	9	7	190	2.8105
not stated	13	7	1	1	1	1	2	26	2.2692
other	80	29	26	26	17	17	8	203	2.7734
registrar-registry	71	13	9	12	5	3	7	120	2.2

 

 

 

Summary of rankings of finding out if similar domain names are already in use:

Question 5.b	1	2	3	4	5	6	7	Total	Avg
commercial	70	286	207	157	130	105	35	990	3.4505
governmental	2	4	3	4	7	4	3	27	4.2593
individual	66	284	149	119	145	146	40	949	3.6228
Isp	15	54	40	36	30	32	15	222	3.7568
Non-commercial	11	41	27	31	33	30	9	182	3.8791
Not stated	4	9	5		3	3	2	26	3.2308
other	12	47	42	29	30	26	7	193	3.6425
registrar-registry	9	47	15	13	13	12	7	116	3.3276

 

 

Summary of rankings of identification and verification of online merchants:

Question 5.c	1	2	3	4	5	6	7	Total	Avg
commercial	76	107	171	205	190	157	47	953	4.0336
governmental	1		8	8	7	2	4	30	4.4
individual	102	105	203	193	156	123	42	924	3.7933
Isp	17	28	29	35	40	41	24	214	4.271
Non-commercial	15	21	31	28	26	28	27	176	4.2557
not stated	2	1	5	4	7	5		24	4.1667
other	19	17	39	32	43	28	7	185	3.9459
registrar-registry	8	13	26	17	11	18	15	108	4.1481

 

 

Summary of rankings of identifying online infringers for enforcement of intellectual property rights:

Question 5.d	1	2	3	4	5	6	7	Total	Avg
commercial	186	137	166	184	150	92	42	957	3.4378
governmental	6	5	7	2	3	3	5	31	3.6452
individual	63	91	152	204	163	149	81	903	4.2004
ISP	14	27	38	42	40	26	26	213	4.169
non-commercial	22	35	23	30	24	23	19	176	3.8182
not stated	3		8	7	2	1	5	26	4.0769
other	61	32	21	31	24	10	12	191	3.0157
registrar-registry	13	12	24	24	17	13	10	113	3.8761

 

 

 

Summary of rankings of sourcing unsolicited e-mail:

Question 5.e	1	2	3	4	5	6	7	Total	Avg
commercial	83	104	135	129	160	192	128	931	4.3609
governmental	6	7	2	5	4	3	5	32	3.7188
individual	143	183	162	105	102	101	130	926	3.716
ISP	37	29	52	28	29	21	22	218	3.6147
non-commercial	27	30	44	23	19	19	19	181	3.6077
not stated	1	3	5	6	3	6	2	26	4.2692
other	22	19	25	18	32	46	18	180	4.2722
registrar-registry	8	7	11	15	23	19	25	108	4.8056

 

 

Summary of rankings of identifying contacts in the investigation of illegal activity:

Question 5.f	1	2	3	4	5	6	7	Total	Avg
commercial	137	155	157	158	136	152	56	951	3.7161
governmental	11	5	5	3		4	3	31	3
individual	145	135	134	143	139	168	48	912	3.7588
ISP	46	41	28	30	28	33	11	217	3.4424
non-commercial	40	24	22	22	27	34	10	179	3.6369
not stated	3	4	4	5	3	6	1	26	3.8846
other	28	48	22	43	19	18	11	189	3.3968
registrar-registry	13	19	11	17	22	20	10	112	4.0357

 

 

Summary of rankings of other purposes:

Question 5.g	1	2	3	4	5	6	7	Total	Avg
commercial	110	34	26	17	16	32	167	402	4.3905
governmental	6	2	1				4	13	3.1538
individual	88	28	14	18	29	42	199	418	4.8995
ISP	38	13	4	4	2	8	29	98	3.602
non-commercial	33	11	8	4	6	4	20	86	3.3605
not stated	3	1			1		7	12	4.9167
other	28	7	13	1	3	8	46	106	4.434
registrar-registry	17	5	6	2	4	3	16	53	3.8302

 

 

 

The respondents were asked what the purpose of the « WHOIS » should be.  It clearly appears that for all categories of respondents (except possibly for governments) the most important purpose should be to check whether a domain name is available, closely followed by the search for similar domain names. Individuals particularly support the need to identify on-line merchants and to source unsolicited commercial communications. In addition, many respondents amongst all categories (not only commercial and governments but also non-commercials, and “others”) stated that the purpose should also be to identify on-line intellectual property infringements. In the free text responses, the majority of respondents underlined the following elements: the need to know with whom they are dealing with, the ability to access technical contacts, to know the names owned by a company, to deter irresponsible behavior and track spammers, to identify suspicious IP addresses.  In “others”, most respondents noted the need to identify names which relate to suspicious activities, and to make investigations, to trace back in case of security violations, to identify ISPs hosting spam, and to identify the source of technical problems.

 

Free text responses were only solicited from those who checked “other” purposes.  Only 1188 respondents did so, and fully half of these (585) ranked their purpose as 6^th or 7^th in importance out of  7.

 

Question 6

In contrast to the preceding questions, question 6 asked respondents to choose among three statements in identifying the issue about which they were “most concerned” with respect to Whois data.

 

Question 6	Privacy	Intellectual Property	Technical	No opinion	Other	Total
commercial	165	543	258	34	52	1052
governmental	4	13	13	1	4	35
individual	295	347	250	58	59	1009
ISP	27	49	140	7	9	232
non-commercial	33	89	68	11	5	206
not stated	5	16	1	2	2	26
other	15	136	29	11	26	217
registrar-registry	32	42	34	11	8	127
Total	576	1235	793	135	165	2904

 

 

 

Question 6 (%)	Privacy	Intellectual Property	Technical	No opinion	Other
commercial	16%	52%	25%	3%	5%
governmental	11%	37%	37%	3%	11%
individual	29%	34%	25%	6%	6%
ISP	12%	21%	60%	3%	4%
non-commercial	16%	43%	33%	5%	2%
not stated	19%	62%	4%	8%	8%
other	7%	63%	13%	5%	12%
registrar-registry	25%	33%	27%	9%	6%
Min	7%	21%	4%	3%	2%
Max	29%	63%	60%	9%	12%

 

A plurality of respondents (43% of the total) agreed that they were “most concerned about effective identification of who is behind a specific domain for consumer protection or intellectual property protection purposes.”  This was the leading choice among all categories of respondents, except among ISPs, 60% of whom felt that “ensuring that Whois supports the resolution of technical problems on the Internet” was the most important concern, and among governmental respondents, for whom the technical problems response tied with the effective identification response.  “Protecting the privacy of domain name registrants” was not identified as the main concern of any group of respondents, and was chosen less often than “effective identification” by every group, although among respondents who identified themselves as individuals the privacy concern (29%) placed a close second to effective identification (34%).  Overall, about 6% of respondents rejected the three choices and identified an “other” “main concern” regarding Whois data; these responses have not yet been comprehensively reviewed.  Some of these  respondents reiterated concerns about the fact that a domain name registrant must be accurately represented (need for effective identification). Some also noted the need to see whether a domain has been moved or abandoned.  Others cited consumer protection.

 

 

Question 7

 

Question 7 asked whether respondents had been harmed or inconvenienced by inaccurate, incomplete, or out of date Whois data.  44% of respondents said they had experienced this and 56% had not.

 

Question 7	yes	no	Total	% yes	% no
commercial	513	516	1029	50%	50%
governmental	12	18	30	40%	60%
individual	317	674	991	32%	68%
ISP	134	98	232	58%	42%
non-commercial	94	108	202	47%	53%
not stated	12	15	27	44%	56%
other	118	93	211	56%	44%
registrar-registry	67	59	126	53%	47%
Min				32%	42%
Max				58%	68%
Total	1267	1581	2848	44%	56%

 

Question 7	# < 5%	# [5%, 25%]	# [25%, 50%]	# > 50%	Total
commercial	529	262	82	53	926
governmental	14	7	1	1	23
individual	553	166	54	44	817
ISP	128	71	15	5	219
non-commercial	100	58	13	6	177
not stated	15	5	3	3	26
other	99	68	21	11	199
registrar-registry	57	33	13	10	113
Total	1495	670	202	133	2500

 

Question 7 (%)	% < 5%	% [5%, 25%]	% [25%, 50%]	% > 50%
commercial	57%	28%	9%	6%
governmental	61%	30%	4%	4%
individual	68%	20%	7%	5%
ISP	58%	32%	7%	2%
non-commercial	56%	33%	7%	3%
not stated	58%	19%	12%	12%
other	50%	34%	11%	6%
registrar-registry	50%	29%	12%	9%
Min	50%	19%	4%	2%
Max	68%	34%	12%	12%
Total	60%	27%	8%	5%

 

Similarly, more than half of the respondents thought that less than 5% of the Whois records they had relied upon had been inaccurate, while 27% estimated inaccurate records to be in the 5-25% range, and about 8% thought that more than one-quarter of the records were inaccurate.  Individual respondents were most likely to report very low estimates (68% in this category chose "under 5%"), while registrars/registries were most likely to report the highest estimates (21% of these respondents thought that 25% or more of the records were inaccurate).   In the free text responses, respondents were asked to describe the harm or inconvenience caused by the inaccurate data and to state how they thought an improvement in accuracy might best be achieved.  

 

Description of harm:  respondents underlined they had been harmed by the inability to contact the registrants and the service provider of a web site (and to send complaints), the difficulty to trace spammers or the operator of a pornographic site. More generally they stressed the difficulty to trace infringers.  They also noted the difficulty to update records, and the time  and cost required to find the right company and to conduct investigations. 

How to improve:  Many respondents underlined that registrars should make efforts to correct and update data regularly or more often (periodic update, update on an annual basis…). Among the categories identified in our analysis, this was the single most common suggestion from every category of respondent.   Other respondents  underlined the need to standardize and centralize the information.  They also proposed to provide an online form to facilitate updates or to check data via automated tools.  Some respondents proposed to cancel the domain name if the data registered is inaccurate, or to suspend the domain name information until it is accurate. One respondent specifically referred to the need to enforce the RAA. Few noted that registrants check the accuracy of their contact on the “whois” list. 

 

 

Question 8

 

Question 8	Adequate	Inadequate	Unnec.	Total	%adequate	%inadeq.	%unnec.
commercial	770	146	129	1045	74%	14%	12%
governmental	27	5	3	35	77%	14%	9%
individual	663	74	254	991	67%	7%	26%
ISP	196	19	18	233	84%	8%	8%
non-commercial	142	32	28	202	70%	16%	14%
not stated	24	3		27	89%	11%	0%
other	155	38	22	215	72%	18%	10%
registrar-registry	99	11	18	128	77%	9%	14%
Min					67%	7%	0%
Max					89%	18%	26%
Total	2076	328	472	2876	72%	11%	16%

 

This question listed the data elements currently provided by Whois with regard to registrations in .com, .net and .org, and asked whether respondents considered these adequate, inadequate, or unnecessary for their purposes.  A strong majority of respondents in every category (ranging from 67% to 89%) stated that the current list of data elements is adequate.  Overall, about 11% of respondents thought that additional data elements should be provided in Whois, while approximately 16% considered some of the elements unnecessary.   This data strongly suggests an overall high level of satisfaction among these respondents that Whois in the original gTLD environment collects and makes available the right kinds of data.  The level of satisfaction did vary somewhat across categories, however, with 16% of non-commercial respondents believing that more data elements should be included, while 26% of individual respondents thought some data elements were unnecessary.

 

Questions 8.1 and 8.2 invited respondents to identify specific data elements they would like to see added to, or subtracted from, those currently made available to the public in Whois.    Not surprisingly, most of those who responded in these free text responses noted the need for phone number, fax number, email address, some combination of these elements or all of those elements.  Some noted the need to access contact information for reporting unlawful activities, and to obtain information on the last active contact with the registrar.  Few asked information on for sale availability of domain name.  Among those who wanted existing data elements suppressed, the largest number in most categories of respondents cited telephone and fax number and postal address. 

 

 

Question 9

 

Building on the general attitudes expressed in response to question 8, this question sought to elicit more specific answers about the perceived value of each specific data element within the com/net/org Whois. Respondents were asked to label each data element as essential, desirable, or valueless.

 

 

 

 

 

 

Question 9A
Name of the SLD	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	211	773	50	1034	20%	75%	5%
governmental	8	26		34	24%	76%	0%
individual	258	696	40	994	26%	70%	4%
ISP	25	203	5	233	11%	87%	2%
non-commercial	44	149	9	202	22%	74%	4%
not stated	5	22	1	28	18%	79%	4%
other	50	154	7	211	24%	73%	3%
registrar-registry	21	101	4	126	17%	80%	3%
Min					11%	70%	0%
Max					26%	87%	5%

 

 

Question 9B
Nameserver addr.	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	331	628	76	1035	32%	61%	7%
governmental	8	25	2	35	23%	71%	6%
individual	284	614	90	988	29%	62%	9%
ISP	43	179	12	234	18%	76%	5%
non-commercial	53	134	14	201	26%	67%	7%
not stated	9	19		28	32%	68%	0%
other	80	117	17	214	37%	55%	8%
registrar-registry	29	87	12	128	23%	68%	9%
Min					18%	55%	0%
Max					37%	76%	9%

 

 

Question 9C
Dom.names of NS	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	400	559	80	1039	38%	54%	8%
governmental	12	20	2	34	35%	59%	6%
individual	384	514	92	990	39%	52%	9%
ISP	78	144	12	234	33%	62%	5%
non-commercial	79	113	9	201	39%	56%	4%
not stated	4	22	1	27	15%	81%	4%
other	80	115	19	214	37%	54%	9%
registrar-registry	34	87	7	128	27%	68%	5%
Min					15%	52%	4%
Max					39%	81%	9%

 

Question 9D
Registrar	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	197	768	72	1037	19%	74%	7%
governmental	6	27	2	35	17%	77%	6%
individual	285	593	118	996	29%	60%	12%
ISP	43	172	18	233	18%	74%	8%
non-commercial	50	139	12	201	25%	69%	6%
not stated	5	22		27	19%	81%	0%
other	41	165	7	213	19%	77%	3%
registrar-registry	28	93	7	128	22%	73%	5%
Min					17%	60%	0%
Max					29%	81%	12%

 

 

Question 9E
Date of registration	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	340	619	77	1036	33%	60%	7%
governmental	16	15	4	35	46%	43%	11%
individual	476	390	123	989	48%	39%	12%
ISP	92	117	23	232	40%	50%	10%
non-commercial	90	96	16	202	45%	48%	8%
not stated	6	21	1	28	21%	75%	4%
other	74	128	12	214	35%	60%	6%
registrar-registry	44	71	12	127	35%	56%	9%
Min					21%	39%	4%
Max					48%	75%	12%

 

 

Question 9F
Date of expiration	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	267	680	87	1034	26%	66%	8%
governmental	16	14	5	35	46%	40%	14%
individual	388	470	135	993	39%	47%	14%
ISP	77	134	21	232	33%	58%	9%
non-commercial	76	103	23	202	38%	51%	11%
not stated	10	17	1	28	36%	61%	4%
other	74	121	19	214	35%	57%	9%
registrar-registry	33	82	13	128	26%	64%	10%
Min					26%	40%	4%
Max					46%	66%	14%

 

Question 9G
Registrant	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	219	700	116	1035	21%	68%	11%
governmental	10	23	2	35	29%	66%	6%
individual	275	455	266	996	28%	46%	27%
ISP	71	144	18	233	30%	62%	8%
non-commercial	43	134	26	203	21%	66%	13%
not stated	4	21	3	28	14%	75%	11%
other	36	160	18	214	17%	75%	8%
registrar-registry	31	77	18	126	25%	61%	14%
Min					14%	46%	6%
Max					30%	75%	27%

 

Question 9H
Tech-C	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	286	623	123	1032	28%	60%	12%
governmental	7	25	3	35	20%	71%	9%
individual	327	488	181	996	33%	49%	18%
ISP	43	174	14	231	19%	75%	6%
non-commercial	56	124	24	204	27%	61%	12%
not stated	8	17	3	28	29%	61%	11%
other	67	131	14	212	32%	62%	7%
registrar-registry	43	71	12	126	34%	56%	10%
Min					19%	49%	6%
Max					34%	75%	18%

 

Question 9I
Adm-C	desirable	essential	valueless	Total	% des.	% ess.	% val.-less
commercial	283	621	125	1029	28%	60%	12%
governmental	11	21	3	35	31%	60%	9%
individual	336	433	222	991	34%	44%	22%
ISP	60	149	23	232	26%	64%	10%
non-commercial	68	112	24	204	33%	55%	12%
not stated	11	17	1	29	38%	59%	3%
other	61	141	12	214	29%	66%	6%
registrar-registry	32	78	17	127	25%	61%	13%
Min					25%	44%	3%
Max					38%	66%	22%

 

Not surprisingly in the light of the responses to question 8, more than half of the respondents found each individual data element  now in the com/net/org whois to be essential.  Across all categories and data elements, more than 70% of respondents  selected either "essential" or "desirable".  The largest portion  of "valueless" responses to any part of this question was 27%, by  individual respondents with regards to the registrant’s name and  address.  22% of individual respondents also found the  administrative contact’s name and address "valueless", 18% gave this answer with respect to the technical contact’s name and  address. The clear trend of satisfaction among respondents with the information currently provided to the public by Whois is evident in the responses to question 9 as well as 8.

 

Question 10

 

The first question was whether “WHOIS” databases should allow the search of data elements other than domain names.  It should be noted that most respondents in every category (between 53 and 76%) wish to  conduct searches on data elements other than domain names.

 

Respondents were also asked to select fields which should be usable as search keys. Multiple fields could be checked by respondents.  In the first table below, we list the number of respondents from each category who checked a particular search key.

 

Question 10	yes	no	Total	% yes	% no
commercial	712	322	1034	69%	31%
governmental	23	11	34	68%	32%
individual	530	462	992	53%	47%
ISP	147	85	232	63%	37%
non-commercial	134	65	199	67%	33%
not stated	17	10	27	63%	37%
other	163	52	215	76%	24%
registrar-registry	72	56	128	56%	44%
Min				53%	24%
Max				76%	47%
Total	1798	1063	2861	63%	37%

 

 

 

 

Question 10 (keys)	A	B	C	D	E	F	G	H	I	# respondents
Commercial	470	432	381	397	274	284	492	415	414	1063
governmental	19	20	16	17	7	7	17	13	13	35
Individual	344	342	307	292	180	198	304	256	257	1021
Isp	111	99	98	83	39	47	82	77	73	234
non-commercial	89	90	80	57	35	36	86	79	67	208
not stated	8	6	10	7	6	7	11	9	5	122
Other	105	94	87	85	62	64	122	101	103	222
Registrar-registry	43	41	36	36	17	18	37	30	32	130

 

For the percentages, note that the total number of respondents in each category is used as the 100% totality.  Since multiple fields could be selected, percentages will generally add up to more than 100%.

 

Question 10 (keys; %)	A	B	C	D	E	F	G	H	I	Grand total
Commercial	44%	41%	36%	37%	26%	27%	46%	39%	39%	257%
governmental	54%	57%	46%	49%	20%	20%	49%	37%	37%	294%
Individual	34%	33%	30%	29%	18%	19%	30%	25%	25%	193%
Isp	47%	42%	42%	35%	17%	20%	35%	33%	31%	239%
non-commercial	43%	43%	38%	27%	17%	17%	41%	38%	32%	227%
not stated	7%	5%	8%	6%	5%	6%	9%	7%	4%	45%
Other	47%	42%	39%	38%	28%	29%	55%	45%	46%	279%
Registrar-registry	33%	32%	28%	28%	13%	14%	28%	23%	25%	175%

 

A plurality (commercial respondents but also governmental, non- commercial and “others”) underlined that the name, postal address of the registrants should also be used as search keys.  Governmental and individual respondents underlined the need to search information on the registered domain by using the IP addresses of the primary and secondary name servers; ISPs, non commercial and registrars/registries underlined their will to use as search keys the name of the second level domain registered.

 

Respondents’ answers when asked whether other enhancements to searchability (such as Boolean searches)  should be provided can be found in the table below.  Responses were roughly split equally, but in no major category of respondents did a desire for other enhancements to searchability (beyond searching on multiple data elements) command an absolute majority.

 

 

Question 10 (Boolean)	yes	no	Total	% yes	% no
commercial	464	506	970	48%	52%
governmental	14	20	34	41%	59%
individual	338	603	941	36%	64%
ISP	96	126	222	43%	57%
non-commercial	83	102	185	45%	55%
not stated	16	11	27	59%	41%
other	116	91	207	56%	44%
registrar-registry	37	81	118	31%	69%
Min				31%	41%
Max				59%	69%
Total	1164	1540	2704	43%	57%

 

Those who sought further enhancements for searchability were invited to suggest (in free text) who should pay for this.  Among most categories of respondents, the most common single suggestion was that the registrant should pay, presumably meaning that the cost of providing such enhancements should be incorporated in the registration fee.  Among two categories of respondents, ISPs and non-commercials, the most common response was that the registrar or registry should pay for the enhancements.  Among commercial, government, and non-commercial respondents who made suggestions, the idea of requiring Whois searchers to pay for these enhancements had some support, but less than one or both of the other alternatives noted above.

III      Uniformity and Centralization (qq. 11-15)

 

By Karen Elizaga and Ram Mohan

(gTLD registry constituency)

 

A               Summary

 

Questions 11 through 15 generally cover the concept of providing Whois information in a uniform manner so that the data elements within any Whois database generally would correspond with the data elements in another, as well as the concept of universal or centralized access to Whois data, obviating the need for a data requestor to seek Whois data from several different sources.  In particular, some of the questions address the conformity of information within the ccTLD WHOIS databases  to  gTLD WHOIS databases, in particular .com, .net and .org.   The survey also asks what kind of centralized access to WHOIS databases would be supported by respondents, and who should pay for the implementation for this different type of access to Whois.

 

The survey results indicate that a majority of respondents support the idea of Uniformity of data formats across various TLDs.  An ambiguous question regarding WHOIS services resulted in an unclear set of responses.    The survey shows strong support for a centralized WHOIS system across gTLDs and ccTLDs.  The survey in general indicates that costs for providing these new services ought to be borne by primarily by registrants, with a minority view that registrars should offer such services in the public interest.  It should be noted that this survey was conducted prior to the launch of the seven new TLDs (.info, .name, .biz, .museum, .coop, .aero, .pro) and the results therefore do not take into account new marketplace realities brought by the introduction of these TLDs which, in general, provide centralized WHOIS data, in a standardized (EPP) format.

 

 

 

B               Questions Asked

 

For reference, the survey included the following questions 11 through 15:

 

11. Do you use WHOIS in ccTLDs?

o             Yes
o             No

 

12. Do you think that the data elements used in .com, .net, and .org should be available uniformly in country code top-level domains?

o             Yes
o             No

Why or why not?

 

Uniform data format to WHOIS

13. Do you support the concept of uniformity of WHOIS data format and services?                         

o             Yes
o             No

 

What, in your view, is the best way to achieve uniformity both in format and search capability across Whois services?

 

Centralized portal access to WHOIS

14. Do you support the concept of centralized public access to WHOIS - e.g., a "one-stop" point of WHOIS to access information:

o             Yes
o             No

 

a. Across .com/.net/.org?

o             Yes

o             No

 

b. Across all gTLDs (i.e., including the new TLDs)?

o             Yes

o             No

 

c. Across all TLDs? (i.e., including country code TLDs)?

o             Yes

o             No

 

If appropriate, what, in your view, is the best way to achieve the level of centralized public access that you support?                

 

15. Who should bear the cost burden of implementing centralized public access?

o             Those who use the service should pay for it.

o             It should be paid for by ICANN.

o             Registrars should support it as a public service

o             Should be part of the domain registration fee as it is today.

o             Other.

 

 

C               Results of Evaluation

 

To the extent that responses were provided, the Task Force evaluated the entire set of 3,035 responses, with the analysis being broken down by respondent category, as specified in Question 1.

 

 

Question 11

 

Question 11	yes	no	Total	% yes	% no
commercial	588	406	994	59%	41%
governmental	17	15	32	53%	47%
individual	385	554	939	41%	59%
ISP	172	54	226	76%	24%
non-commercial	110	83	193	57%	43%
not stated	17	9	26	65%	35%
other	115	93	208	55%	45%
registrar-registry	80	45	125	64%	36%
Min				41%	24%
Max				76%	59%
Total	1484	1259	2743	54%	46%

 

With a total of 2,743 respondents answering Question 11, roughly 54% of these respondents indicated that they have used Whois within ccTLDs.  Roughly 70% of these respondents were commercial or individual respondents.  Almost 60% of commercial respondents indicated that they had used ccTLD WHOIS databases, in contrast with only 41% of individual respondents.  It is clear that notwithstanding the low number of ISP respondents, ISPs indicated the highest use of ccTLD Whois databases, while individuals form the largest percentage of those who do not use ccTLD Whois (59%).  Although the number of respondents in the registrar-registry category was low in comparison to the number of the other respondents, a majority of that category indicated use of the ccTLD Whois databases. It is also interesting to note that only about half of governmental respondents use ccTLD WHOIS databases, but it is unclear on behalf of which governments these respondents were answering.  It is possible that these results from governmental respondents may indicate that such respondents to the survey come from countries where gTLD domain names are much more popular than ccTLD domain names (for example, the United States).  In addition, the very low response rate from governmental respondents (32 responses) do not provide sufficient basis to draw many conclusions.

 

Question 12

 

Do you think that the data elements used in .com, .net, and .org should be available uniformly in country code top-level domains?

 

Question 12	yes	no	Total	% yes	% no
commercial	895	105	1000	90%	11%
governmental	30	4	34	88%	12%
individual	769	158	927	83%	17%
ISP	205	25	230	89%	11%
non-commercial	162	32	194	84%	16%
not stated	26	2	28	93%	7%
other	190	16	206	92%	8%
registrar-registry	98	25	123	80%	20%
Min				80%	7%
Max				93%	20%
Total	2375	367	2742	87%	13%

 

Roughly 87% of the respondents to question 12 (2,742) indicated that the Whois data elements in .com, .net and .org also should be available uniformly in ccTLDs.

Across all categories, the vast majority of respondents within each category indicated that uniformity should exist across the data elements used in .com, .net, and .org and ccTLDs, with percentages ranging from 80% to 93%, with an overall average of 87%.   It is interesting to note that among all respondents, the (relatively) weakest support for data-element uniformity was from the registrar-registry respondents, while commercial respondents were the only identified set of respondents who indicated a 90% support for the question.  This may reflect the fact that the task of implementing uniformity may fall upon registrars-registries, while non-uniformity significantly affects commercial respondents.

In total, there were just over 700 free-text answers.   These free-form answers to Question 12 indicate that the reasons users want uniformity of data in Whois are largely because: 

·         the rationale for Whois for ccTLDs is the same as the rationale for Whois for gTLDs (i.e., intellectual property enforcement, etc.);

·         uniformity would make scripting and use of Whois easier.  For the handful of respondents who did not support uniformity, they were concerned with issues particular to different countries and abuse of Whois because of easier ability to create automated programs to mine the information in the WHOIS and use for a variety of purposes, including spam.

Notwithstanding the overwhelming response for uniformity, one respondent indicated that gTLDs should be held to the highest standards possible because they operate internationally, but that registrations on ccTLDs would likely affect only the country from which a particular ccTLD emanates.

Question 13

 

Do you support the concept of uniformity of WHOIS data format and services?

 

Question 13	yes	no	Total	% yes	% no
commercial	946	71	1017	93%	7%
governmental	31	2	33	94%	6%
individual	881	79	960	92%	8%
ISP	219	15	234	94%	6%
non-commercial	177	19	196	90%	10%
not stated	25	2	27	93%	7%
other	200	9	209	96%	4%
registrar-registry	111	14	125	89%	11%
Min				89%	4%
Max				96%	11%
Total	2590	211	2801	92%	8%

 

Responses to question 13 indicate a general desire for uniformity in Whois data format and services, with 92% of 2,801 respondents answering yes to the concept.  Across all categories, the responses were overwhelmingly in favor of uniformity, with most categories reaching the 90% threshold or higher.  This question is somewhat ambiguous as to what "data format and services" are meant to be.   The terms could have been interpreted broadly, for example, to include all data within Whois, or to exclude all personal information. 

The free-form answer  that the Task Force encountered the most related to the implementation of a uniform Whois database by standardization of Whois.  Respondents indicated that technical standardization would probably achieve uniformity, with some recommending the issuance of a protocol to be distributed, and others recommending uniformity achieved by enforcement of the universal standard.  Another suggestion of some import was simply to centralize Whois databases, which the Task Force believes is an answer to another issue – the centralization (as opposed to the uniformity) of Whois data.  Centralization speaks to access to data, while uniformity speaks to consistency of data.  Centralization will be addressed under Question 15 below.

Respondents overwhelmingly expressed support for this idea, and provided numerous suggestions on methods of achieving uniformity of data formats.  Some respondents pointed to existing free meta-WHOIS services, which search across multiple WHOIS databases across gTLDs and ccTLDs as a successful model to follow (http://www.geektools.com/cgi-bin/proxy.cgi).

 

Question 14

 

Do you support the concept of centralized public access to WHOIS - e.g., a "one-stop" point of WHOIS to access information:

 

Question 14	yes	no	Total	% yes	% no
commercial	895	126	1021	88%	12%
governmental	26	7	33	79%	21%
individual	831	148	979	85%	15%
ISP	185	47	232	80%	20%
non-commercial	171	30	201	85%	15%
not stated	23	5	28	82%	18%
other	195	19	214	91%	9%
registrar-registry	97	27	124	78%	22%
Min				78%	9%
Max				91%	22%
Total	2423	409	2832	86%	14%

 

For question 14, a majority of the 2,832 respondents (86%) indicated that they supported centralizing access to the Whois databases, which would obviate the need for data requesters to search Whois databases within various registrars or across TLD registries (including both gTLDs and ccTLDs).  The categories of respondents in which the largest minority rejected centralized access  were the governmental, ISP and registrar-registry respondents, with 21%, 20% and 22%, respectively, answering that they did not support such a concept.

 

 

 

 

 

 

Question 14.a	yes	no	Total	% yes	% no
commercial	910	86	996	91%	9%
governmental	27	4	31	87%	13%
individual	836	103	939	89%	11%
ISP	190	33	223	85%	15%
non-commercial	162	21	183	89%	11%
not stated	23	3	26	88%	12%
other	194	14	208	93%	7%
registrar-registry	105	14	119	88%	12%
Min				85%	7%
Max				93%	15%
Total	2447	278	2725	90%	10%

 

Responses to question 14(a), addressing the idea of centralized public access across .com, .net and .org, elicited more support, with almost 90% of 2,725 respondents indicating their support.  There was not much variation in responses as between the respondent categories.  This may be due to the fact that many registrars already provide single-point responses to WHOIS queries across .com, .net and .org in spite of the data being held across multiple registrars.

 

Question 14.b	yes	no	Total	% yes	% no
commercial	875	105	980	89%	11%
governmental	23	7	30	77%	23%
individual	791	131	922	86%	14%
ISP	189	32	221	86%	14%
non-commercial	160	25	185	86%	14%
not stated	19	4	23	83%	17%
other	190	15	205	93%	7%
registrar-registry	97	23	120	81%	19%
Min				77%	7%
Max				93%	23%
Total	2344	342	2686	87%	13%

 

The responses to question 14(b), inquiring about support for centralized access to Whois across all gTLDs indicated that roughly 87% of the 2,686 respondents replied yes.  This concept garnered the least support from the governmental category, with 23% of those respondents objecting to such centralized access.

Some of the free-text responses indicated specialized information in ccTLD databases that are not present in gTLD databases, as well as issues concerning centralization and multi-lingual problems.

 

Question 14.c	yes	no	Total	% yes	% no
commercial	849	135	984	86%	14%
governmental	23	8	31	74%	26%
individual	755	167	922	82%	18%
ISP	175	48	223	78%	22%
non-commercial	157	29	186	84%	16%
not stated	20	4	24	83%	17%
other	188	17	205	92%	8%
registrar-registry	86	35	121	71%	29%
Min				71%	8%
Max				92%	29%
Total	2253	443	2696	84%	16%

 

The question 14(c) regarding centralized access to WHOIS databases across all TLDs, including ccTLDs, generated a majority response in support of such a concept, with roughly 84% of the 2,696 responses indicating support for centralized access.  The strongest opposition of centralized access reaching across all TLDs came from the governmental and registrar-registry categories, with 26% and 29% of those respondents answering no.

As far as actual implementation of a centralized database, respondents to Question 14 indicated that the best way to achieve centralized access to Whois data was some form of centralization or standardization, with some citing the DNS as an example of a distributed database that works.  One respondent indicated that every TLD should be required to run a Whois server using a standard protocol and data format – preferably in a way that names and addresses can be retrieved by automated tools.

Another interesting concept was the idea that users of the centralized database would be required to make a request so that the database operator could record the identity of the person making the request so that if such person used the information for an unauthorized reason, it would be possible to identify them and block their ongoing access.

 

 

Question 15

 

Who should bear the cost burden of implementing centralized public access?

 

Question 15	Users	ICANN	Registrars	Registrants	Other	Total
commercial	96	96	246	552	28	1018
governmental	1		7	24	2	34
individual	66	84	251	526	38	965
Isp	9	22	67	124	6	228
non-commercial	13	15	35	122	11	196
not stated		5	8	13		26
Other	13	14	49	120	16	212
Registrar-registry	17	13	24	59	10	123
Total	215	249	687	1540	111	2802

 

 

Question 15 (percentages)	Users	ICANN	Registrars	Registrants	Other
commercial	9%	9%	24%	54%	3%
governmental	3%	0%	21%	71%	6%
individual	7%	9%	26%	55%	4%
Isp	4%	10%	29%	54%	3%
non-commercial	7%	8%	18%	62%	6%
not stated	0%	19%	31%	50%	0%
Other	6%	7%	23%	57%	8%
Registrar-registry	14%	11%	20%	48%	8%
Min	0%	0%	18%	48%	0%
Max	14%	19%	31%	71%	8%
Total	8%	9%	25%	55%	4%

 

When asked who should bear the cost burden of implementing centralized access to Whois databases, the majority of respondents (just under 80%) indicated that either the cost should be incorporated into the domain registration fee (roughly 55%), or that the registrars should support it as a public service (around 25%).  Just under 8% of the respondents thought that Whois requestors should pay for such a service.

 

D               Findings and Discussion of Results

 

It is clear from the responses to the answers to Questions 11 through 15 that there is support for a uniform standard of Whois data, provided in a centralized manner across ccTLDs and gTLDs.  However, as this survey was distributed prior to the launch of the new gTLDs such as .info, .name, .biz, .coop, etc. it is unclear whether this universal support for uniformity and centralization would be the same.  The Task Force believes that this survey might have elicited different results given the new landscape of gTLDs, including different answers from individual respondents who are the primary target audience for the .name TLD.

The responses overwhelmingly provide support for a centralized, worldwide WHOIS system that encompasses information from the .com, .net and .org gTLDs and ccTLDs, with access provided in a uniform manner.

 The issue of who undertakes the cost of a new WHOIS system shows consensus towards having registrants bear the extra expense of a centralized and uniform WHOIS system.  The task of determining ways of collecting the moneys expended seems to be left to registrars and registries.

 

E               Some individual Responses

 

“It would be nice to have Boolean search capabilities across all TLDs so that I could find infringing domains. It is imperative that I be able to find contact information on infringing websites.”

 

“ICANN also has no right to enforce standards on ccTLDs. Certainly within Europe we have a greater right to privacy than the US. Attempting to push EU WHOIS information to display addresses would be a massive backwards step, and hopefully would end up in ICANN being severely slapped by the ccTLDs (face it, you’re not popular over here), the users, and most importantly the EU Data Protection registrar”

 

 “If there was a central database accessed for whois requests it could record the identity of the person making the request so that if they used the information for an unauthorized reason it would be possible to identify them and block their ongoing access. ”

 

“We need to absolutely require functional contact information. We also need to squelch companies which use registration information for marketing, because if they didn’t do this, people would be less shy of entering their personal data correctly.”

“The whois database must be seen, not as property of some lying bunch of incompetents like network solutions, but as a natural quality of the internet. Administrators for it should be guardians, not "owners".

 

“Using Whois data for marketing should result in immediate termination of any and all domain and network services.”

“All of the data should be available for anyone to use in any way that contributes to the usability of the internet. (For instance, services like geektools, which collect and refine searches, should be allowed and encouraged.)”

 

“ICANN has no business attempting to regulate or control the practises of ccTLDregistrars. As a result, I do not support any activities by ICANN that will result in such regulation.”

 

“An accurate single global Whois database would vastly improve demographic analysis of server log files. By being able to see which pages are of most interest to people in particular countries cmpanies may be able to modify marketing and advertising strategies approriately. At present trying to resolove the true origin of visitors to a web site involves analysis of imperfect data in two differing formats from RIPE, ARIN and APNIC”

 

“In my opinion:* Every TLD should be required to run a WHOIS server, using a standard protocol and data format. * The names/addresses of these servers should be available from a central location, preferably in such a way that they can be retrieved by automated tools; e.g. by being stored in the DNS record for the TLD.”

 

“The Whois databases are the modern equivilant of vehicle registration and driver licence databases. From a law enforcement/information security perspective, they are usually the only means to assist in identifing sources of malicious internet traffic. They should be totally managed by government.”
Resale/Marketing and Bulk Access (qq. 16, 17)

 

By Sarah Andrews; Kristy McKee, Thomas Roessler, Abel Wisman

(Non Commercial Domain Name Holders’ Constituency; General Assembly)

 

A               Summary

 

Based on preliminary analysis, the Task Force believes that cross-category consensus among respondents can be identified with respect to the following points:

v      When asked whether registrars should be allowed to engage in resale or marketing use of WHOIS data, respondents appear to favor opt-in policies, or not allowing such use at all, over opt-out policies or unconditionally allowing such use.

v      Respondents appear to agree that current bulk access provisions should be maintained in the gTLD environment, and that they should be extended to apply to other TLDs.

As opposed to these clear, but contradictory signals, there is a  strong signal of indecision when respondents were asked whether or not to change the bulk access provisions.  Free-form responses of those who suggested a change mirror the results from the "resale and marketing" question.

Since there is at least some clear evidence (in the responses to question 16) that the kind of third party data access policy favored by respondents appears to be different from the one currently implemented in the Registrar Accreditation Agreement, a review of that policy which keeps the survey’s results in mind may be in order.

 

B               Questions Asked

 

The bulk access issue was covered by questions 16 and 17 of the survey.  For your reference, we include the questions’ text:

 

Sale and marketing of customer data

16. Should registrars be allowed to engage in resale or marketing use of the registration contact information?

o             Yes
o              Yes, but only with the express permission of the registrant (opt-in)
o             Yes, but only after the registrant had the opportunity to      opt-out.
o             No

 

Bulk access/mandatory sale of customer data/manipulation and adding value to customer data

The current provisions with regard to the mandatory sale of Whois data, and uses that can be made of the data obtained through bulk access, are contained in the Registrar Accreditation Agreement at sections 3.3.6 and following[10], Third Party Bulk Access to Data.

These provide for the mandatory sale of customer data on certain specific conditions.  These conditions are discussed in terms of a contract between the registrar and a third party seeking access to the data.  The data may not be used for mass unsolicited emailing, but can by inference be used for mass mailing (3.3.6.3), "other than such third party’s own existing customers".  In addition, the "Registrar’s access agreement shall require the third party to agree not to use the data to enable high-volume automated electronic processes that send queries or data to the systems of any Registry Operator or ICANN accredited registrar, except as reasonably necessary to register domain names or modify existing registrations". (3.3.6.4)

The agreement says that the registrar "... may enable Registered Name Holders who are individuals to elect not to have Personal Data concerning their registration available for bulk access for marketing purposes based on Registrar’s ‘‘Opt-Out’ policy, and if Registrar has such a policy Registrar shall require the third party to abide by the terms of that Opt-Out policy; provided, however, that Registrar may not use such data subject to opt-out for marketing purposes in its own value-added product or service." (3.3.6.6)

The text allows the Registrar discretion

v       to prohibit, or

v       to permit under conditions he chooses,

the use of the registrants’ data

v       to condition the subsequent use of the data (3.3.6.5), and

v       to have a privacy policy, or not, (3.3.6.6)

but unless the registrar takes positive steps to have a privacy policy different from the Registration Agreement, the registrant’s personal data is available as the Agreement prescribes. "Personal data" refers exclusively to data about natural persons.

 

17. Do you think that:

a. These provisions should be maintained in the gTLD environment?

o             Yes
o             No

 

b. These provisions should be extended to apply to other TLDs (subject to any comments in 12)?[11]

o             Yes
o             No

 

c.  As a user would you welcome information from your chosen service provider introducing you to the additional services they may be able to provide?

o             Yes
o             No

 

d. These provisions should be changed?

o             Yes
o             No

 

If so, how?

 

C               Method of Evaluation

 

The multiple choice questions were evaluated for the full set of 3035 submitted responses.  This analysis is also broken down by respondent’s category (as given in question 1).

 

The free-form part of question 17.d was evaluated manually on a subset of the responses, as explained in the introductory chapter to this report.  The number of questionnaires actually investigated in individual categories of respondents can be found in the table below.  Note that the numbers of questionnaires looked at also includes those where respondents did not actually gave an answer to question 17.d.

 

Category	possible	looked at	factor
Commercial	1063	570	1.86
Government	35	35	1.00
Individual	1021	452	2.26
ISP	234	197	1.19
non-commercial	208	79	2.63
not stated	112	65	1.72
Other	232	141	1.65
registrar/registry	130	130	1.00

 

 

In order to derive results from the free-form answer to question 17.d the following set of "baskets" was agreed upon by the members of the task force:

·          

v      No answer                                                                                                                                             0

v      No bulk access or sale of data                                                                                                           1

v      No bulk access for marketing                                                                                                             2

v      Opt-in before any sale or bulk access                                                                                              3

v      Opt-in before any sale or bulk access for marketing purposes                                                    4

v      Improve opt-out                                                                                                                                   5

v      Better privacy protection                                                                                                                    6

v      Relax current restrictions                                                                                                                    7

v      Respondent did not understand question, or answered a different question                           8

v      Price of bulk access should be more reasonable                                                                            9

v      Differentiate between Commercial & Non-Commercial users                                                       A

v      The registrant should have absolute control of their data                                                            B

v      Thick WHOIS maintained by the Registry                                                                                      C

 

Note that the five last “baskets” listed above were not present in the preliminary report, and were ultimately found to apply to a very low number of responses received.  For this reason, we have made the following changes to the categorization used for the results’’ presentation in this report, in order to simplify our analysis and make it more readable:

•Category 8 was merged with category 0 (no answer).

•Categories 9-C were merged with the old “other” category, into a new category D.

Also, the reader may notice that the “not stated” category of respondents is missing from many of the tables concerning question 17.d.  This is due to the fact that only two responses from respondents belonging to this category were found, as opposed to 63 empty responses; we decided to ignore that set of responses for the purposes of this analysis (in particular, the resulting 50% maximum values in some of the tables would have been quite misleading). Since a total of 112 responses[12] belongs to the “not stated” category, this means that the total number of questionnaires used for the statistics concerning the free-form part of question 17.d is 2923. In addition to percentages relative to the total number of questionnaires considered, we also give percentages relative to the number of responses received - in this case, empty responses are not part of the 100% set.

D               Results of Evaluation

 

By-category analysis of multiple-choice questions

By-category numbers of the answers given to multiple-choice questions:

 

Question 16

 

Question 16	yes	opt-out	opt-in	no	Total
commercial	28	79	389	540	1036
governmental	3	3	12	17	35
individual	23	59	374	535	991
ISP	7	15	69	142	233
non-commercial	4	36	64	96	200
not stated	1	2	11	11	25
other	7	25	97	85	214
registrar-registry	10	17	38	62	127
Min
Max
Total	83	236	1054	1488	2861

 

 

Question 16	% yes	% opt-out	% opt-in	% no
commercial	3%	8%	38%	52%
governmental	9%	9%	34%	49%
individual	2%	6%	38%	54%
ISP	3%	6%	30%	61%
non-commercial	2%	18%	32%	48%
not stated	4%	8%	44%	44%
other	3%	12%	45%	40%
registrar-registry	8%	13%	30%	49%
Min	2%	6%	30%	40%
Max	9%	18%	45%	61%
Total	3%	8%	37%	52%

 

 

Question 16	% opt-in/no	% opt-out/yes
commercial	90%	10%
governmental	83%	17%
individual	92%	8%
ISP	91%	9%
non-commercial	80%	20%
not stated	88%	12%
other	85%	15%
registrar-registry	79%	21%
Min	79%	8%
Max	92%	21%
Total	89%	11%

 

For question 16, a by-category tabulation shows that individuals participating in the survey had the strongest demand for opt-in or stricter protection of their data (answers "opt-in" or "no"), with 92%.  This desire was lowest in the non-commercial category of survey participants, where 80% demanded such protection. Opt-out approaches were most popular with non-commercial respondents (18%), and most unpopular with individual and ISP participants in the survey (6%).  Permitting marketing and sales (the "yes" answer to this question) was most popular among governmental participants (9%), and most unpopular among non-commercial and individual participants.

 

Question 17.a

 

Question 17.a	yes	no	Total	% yes	% no
commercial	600	290	890	67%	33%
governmental	19	8	27	70%	30%
individual	564	305	869	65%	35%
ISP	144	79	223	65%	35%
non-commercial	122	61	183	67%	33%
not stated	13	8	21	62%	38%
other	118	68	186	63%	37%
registrar-registry	85	31	116	73%	27%
Min				62%	27%
Max				73%	38%
Total	1665	850	2515	66%	34%

 

Between 62% and 73% of respondents suggest that bulk access provisions should be maintained in the gTLD environment.  This demand is strongest in the registrar-registry communities, and weakest with participants from the “not stated” category.

Question 17.b

 

Question 17.b	yes	no	Total	% yes	% no
commercial	580	298	878	66%	34%
governmental	17	9	26	65%	35%
individual	550	307	857	64%	36%
ISP	138	79	217	64%	36%
non-commercial	112	69	181	62%	38%
not stated	14	7	21	67%	33%
other	120	61	181	66%	34%
registrar-registry	80	32	112	71%	29%
Min				62%	29%
Max				71%	38%
Total	1611	862	2473	65%	35%

 

Between 62% and 71% of respondents suggest that bulk access provisions should be extended to apply to other TLDs.  This demand is strongest with the registrar-registry communities, and weakest with the non-commercials.

Question 17.c

 

Question 17.c	yes	no	Total	% yes	% no
commercial	376	526	902	42%	58%
governmental	9	21	30	30%	70%
individual	359	543	902	40%	60%
ISP	80	142	222	36%	64%
non-commercial	83	102	185	45%	55%
not stated	13	9	22	59%	41%
other	91	102	193	47%	53%
registrar-registry	68	44	112	61%	39%
Min				30%	39%
Max				61%	70%
Total	1079	1489	2568	42%	58%

 

Distribution of responses varies more than usual with this question:  The registrar-registry group of respondents states with a statistically significant majority of approximately 60% that they would welcome information from the chosen service provider.  Commercial respondents have a significant majority against receiving such material, as do governmental, individual, and ISP users.  The statistical value of the majority in the non-commercial group is questionable.

Question 17.d

 

Question 17.d	yes	no	Total	% yes	% no
commercial	415	415	830	50%	50%
governmental	11	16	27	41%	59%
individual	395	451	846	47%	53%
ISP	104	110	214	49%	51%
non-commercial	90	87	177	51%	49%
not stated	9	10	19	47%	53%
other	100	76	176	57%	43%
registrar-registry	49	58	107	46%	54%
Min				41%	43%
Max				57%	59%
Total	1173	1223	2396	49%	51%

 

It does not seem possible to derive any results with strong validity from these  numbers.  Basically, all we can say is that half of the respondents suggest a change of bulk access provisions and half of the respondents don’’t.

 

Analysis of free-form responses to question 17.d

 

q17d	1	2	3	4	5	6	7	D
commercial	26.11%	12.74%	42.04%	2.55%	3.82%	7.01%	3.18%	2.55%
governmental	30.00%	10.00%	40.00%	0.00%	0.00%	0.00%	10.00%	10.00%
individual	19.58%	7.69%	42.66%	4.90%	6.29%	12.59%	0.70%	2.10%
ISP	23.75%	8.75%	36.25%	6.25%	5.00%	7.50%	0.00%	10.00%
non-commercial	32.26%	9.68%	19.35%	6.45%	9.68%	19.35%	0.00%	3.23%
other	14.58%	8.33%	43.75%	8.33%	2.08%	14.58%	2.08%	6.25%
registrar-registry	21.88%	6.25%	37.50%	0.00%	3.13%	15.63%	0.00%	3.13%
minimum	14.58%	7.69%	19.35%	0.00%	0.00%	0.00%	0.00%	2.10%
maximum	32.26%	12.74%	43.75%	8.33%	9.68%	19.35%	10.00%	10.00%

 

The higher number of responses were found in those represented above.  We used these for our pie chart.

 

Accumulation

 

Q17d	1.-4.: No access or opt-in.	5.Improve OptOut	6.Better Privacy	7.Relax Restrictions	D.9-C/other
Commercial	83.44%	3.82%	7.01%	3.18%	2.55%
Governmental	80.00%	0.00%	0.00%	10.00%	10.00%
Individual	74.13%	6.29%	12.59%	0.70%	2.10%
Isp	75.00%	5.00%	7.50%	0.00%	10.00%
non-commercial	67.74%	9.68%	19.35%	0.00%	3.23%
Other	75.00%	2.08%	14.58%	2.08%	6.25%
registrar-registry	65.63%	3.13%	15.63%	0.00%	3.13%
Minimum	65.63%	0.00%	0.00%	0.00%	2.10%
Maximum	83.44%	9.68%	19.35%	10.00%	10.00%

 

The free-form part of question 17.d asked those who had demanded a change in the existing bulk access provisions (about half of all respondents) to elaborate on the kind of change they desire.  Across all categories of respondents, between 66% and 83% of the answers reviewed asked for opt-in or stricter approaches to the commercial or marketing use of WHOIS data (“baskets” 1-4).  Between 8% and 13% of  the responses reviewed specifically mentioned that marketing use of WHOIS data should be forbidden (category 2), and less than 9% of respondents specifically suggested an opt-in approach to marketing use of their data (category 4; it should be noted that the numbers of responses are so small that a further analysis by category of respondent does not make much sense).  Improved opt-out mechanisms (cat. 5) were also suggested by less than 10% of responses.   Generally stricter privacy protection was suggested by up to 19% of respondents (in the non-commercials category), but by  no governmental respondents, and only 7% of commercial respondents. Relaxing the privacy provisions applicable to bulk access was suggested by a single governmental respondent (out of a total of 10 such responses given to this question); there was also some support for this with less than 4% of commercial and individual responses.

The remaining “baskets” were only found in extremely low numbers of responses; for the sake of this analysis, these are “other” responses.  They only play a significant role in the governmental and ISP categories of respondents:   In the governmental category, there is a single response calling for a differentiated policy (see the next section for details on this); with ISPs, there is a particularly large portion of responses which could not be classified using the task force’s scheme.

 

Extrapolation

 

q17d	0.No Answer	1.No Bulk/Sale	2.No Mkting	3. Opt In	4.Opt In Marketing	5.Improve OptOut	6.Better Privacy	7.Relax Restrict’s	D.9-C/other
Commercial	770	76	37	123	7	11	21	9	7
Governmental	25	3	1	4	0	0	0	1	1
Individual	698	63	25	138	16	20	41	2	7
Isp	139	23	8	34	6	5	7	0	10
non-commercial	126	26	8	16	5	8	16	0	3
Other	153	12	7	35	7	2	12	2	5
registrar-registry	98	7	2	12	0	1	5	0	1
SUM	2010	210	88	362	41	47	101	14	33
%	68.75%	7.19%	3.01%	12.37%	1.40%	1.60%	3.44%	0.49%	1.14%
% (resp.)[13]		23.00%	9.63%	39.59%	4.49%	5.13%	11.02%	1.56%	3.65%

 

 

Accumulation and Extrapolation

 

q17d	0.No Answer	1.-4.: No access or opt-in.	5.Improve OptOut	6.Better Privacy	7.Relax Restrictions	D.9-C/other
Commercial	770	244	11	21	9	7
Governmental	25	8	0	0	1	1
Individual	698	239	20	41	2	7
Isp	139	71	5	7	0	10
non-commercial	126	55	8	16	0	3
Other	153	59	2	12	2	5
Registrar-registry	98	21	1	5	0	1
SUM	2010	699	47	101	14	33
%	68.75%	23.90%	1.60%	3.44%	0.49%	1.14%
% (resp.)[14]		76.47%	5.13%	11.02%	1.56%	3.65%

 

In order to make this result comparable to the preliminary report’s results, we finally also present an extrapolation of the results found to the total set of questionnaires[15]: Using all non-empty responses to this question as our hypothetical 100% set, 76% of responses ask for opt-in or stricter policy; of these, 13% specifically mention marketing (9% want no data access for marketing, 4% mention opt-in).

 

E               Some Individual Responses

 

While members of the task force tried to classify the free-form responses received to question 17.d, several questionnaires were found particularly interesting.  Note that these questionnaires are not representative. In this section, we try to give some impression of what people have been telling us in these free-form responses.  Where appropriate and relevant, we also include comments made in response to question 20 (“final comments”). In all cases, we identify the submissions we quote from in a footnote.  Excerpts from respondents’ “final comments” are also identified in footnotes.

 

1. Marketing use by registrar. One of the free-form comments[16] (from a respondent characterizing him- or herself as a “both commercial and household” user) specifically addressed the survey’s methodology, and noted that “resale” and “marketing use” of domain name registrant data should be treated in a separate way.  This respondent suggested that registrars should be allowed to market to their customers, but that resale of customer data should not be allowed.

 

An ISP[17] respondent, on the other hand, stressed that there should be “no solicitation made into this data by anyone.  If someone is paying for a service that service does not include being harassed by the provider of that service.”

 

2. Marketing abuse by third parties. There were several elaborate comments which focused on marketing abuse of registrant data.  Of these, one commercial respondent[18] suggested that "regulation and interference in the free market should be kept to a minimum, provided that users have the technical ability to block unsolicited e-mail from appearing repeatedly."  An ISP respondent[19] suggested that "a registrar should be liable for allowing whois data to be distributed in a bulk fashion when there is any chance it will be used for bulk email  (UCE)."  "Perhaps all requesting bodies should need to submit data for background checks, be able to post a bond for damages and have a waiting period before getting the data," this respondent wrote.

 

Two individual respondents specifically commented on registration data’s importance for technical purposes.  One of these[20] suggested that “any use not required for the functioning of the worldwide DNS system should be prohibited.”  The other one[21] argued that “personal data serves a vital technical function,” but that marketing use of personal data would be detrimental to accuracy:  “The more marketing is permitted, the less truthful registrants will be when registering.  It’s a foolish and counter-productive way to raise revenue and shouldn’’t be permitted.”  In his answer to the “general comments” question (20), this respondent reiterated that topic, stating:  “The whois database won’’t be very useful to law enforcement if the data is so well-publicized that everyone is forced to falsify their personal data. The interests of marketers ... are therefore antithetical to those of everyone else and we should all be aware of that.”

 

On a related topic, a commercial respondent[22] stated that “bulk access should be eliminated. It has absolutely no value to network operators.” In his general comments (question 20), this respondent elaborated that “the argument that DNS ‘whois’ information is useful for ‘internet stability’ is laughable. Those of us who actually run the net rarely use DNS whois and instead use the whois associated with IP address and registration.”  Another commercial respondent[23] expressed a similar view, arguing that WHOIS is not a useful tool for consumer protection or law enforcement and therefore there is no justification for publishing personally identifiable information.

 

3. General privacy risks from WHOIS data. Some respondents believe that personally identifiable information should not be accessible to the public at all, quoting various reasons. For instance, a commercial respondent[24] who argued that whois information “should not be sold under any circumstances” (and suggested that “the whois database is not of technical concern, and therefore should not be mandated by ICANN in any manner whatsoever” in his response question 20) quoted personal harassment as the harm caused to him by accurate whois data: “The only harm caused to me was from accurate data that was used to stalk me.  My company is in my home.  The whois database was used to get my home address and telephone number from which I was harassed.” Another commercial respondent[25] felt “set up as a target” due to whois data.  This respondent writes: “Though I do not have many domains, I do run a site that services a 150.000 users community. And I simply run it from home. Luckily, among that crowd there is just a handful of idiots. Yet these people can simply look up my home address and home phone number. There is even a service site, that provides a map with a target dish on my address! I’ve been threatened and harassed many times, ...”  He concludes: “Either nobody gets on line anonymously, or we all do.” One respondent identifying himself as registrar/registry[26] and acknowledging that there are “valid reasons for the data to be accessible in WHOIS” frankly admitted that he had “personally altered my WHOIS records, filling them instead with incorrect data.” The story behind this:  “I have done this in response to a specific incident where a malicious user was trying to gain intimate information about me. I don’t imagine my experience was an isolated incident.”

 

An individual respondent[27] took issue with the protection of minors’ data: “I have seen many personal web site run by children and young adults and their personal address are available through whois.”

 

Another individual[28] stated that he “would like to start a website for political commentary, but can’t because I fear restricted employment opportunities and threats because of WHOIS.”

 

4. The case for a differentiated policy. A governmental respondent[29] also drew particular attention:  This (institutional, we suppose) respondent noted "having access to accurate information regarding the registration of business domain names" as its primary concern, and quotes the inability of checking beneficial owners of web sites for tax law compliance as the specific damage caused by inaccurate whois data.  With respect to bulk access provisions, this respondent calls for differentiation:  "The policy needs to differentiate between individuals engaged in commercial and non-commercial activities."

 

A commercial respondent[30] also called for a more differentiated approach to privacy of whois data: "Processes and procedures should be put in place to allow escalation in the event of illegal criminal or civil use, or technical issues relating to a domain which would allow privacy protections to be progressively voided in a minimal yet reasonable way."  Similarly, a non-commercial respondent[31] argued: "I wouldn’t mind if a court order or written request were required to access personal (not corporate or technical) contact information from the WHOIS database." Arguing in a similar way, a commercial respondent[32], recommended a more specific restriction whereby access would only be granted upon a showing of some proper justification - "I do not believe that much of the whois data that is published for DNS registrations should be available to the public without a prior showing, involving specific and credible evidence, that there is a probable violation of some law."

 

5. Incomprehensible wording of policy. Some individual respondents  criticized that the current policy was hard to understand.  One of these[33] writes:  "Legalese is the universal language of the dumb. Learn to write provisions in actual English so that people actually understand what their protections are! I read those terms 3 times and still am not sure of exactly every nuance. In case you’re wondering, just knowing how smart I am would give you a headache, unless by some very strange quark of cross-dimensional inversion you happen to be Prof. Hawking in which case I sincerely apologize sir :P.".  Another individual[34]  estimates that "five different lawyers will give you five different interpretations of the current rules."

 

The requirement for an extremely simple policy, at least with respect to unsolicited messages, is fulfilled by the comment of one commercial respondent[35]: "If I want extra information sent to me in any form, I will ask for it."

 

6. The case for availability. Respondents to the free-form questions also talked about reasons why whois data should be publicly available.  One individual respondent[36], for instance, wrote: "Privacy is often used as an excuse to develop procedures that allow misrepresentation to consumers. Protection of consumers is more important than protection of registrants in the database."  A respondent giving "other / Law firm" as its category[37] simply argued that "It should be and is a public database - there is therefore no privacy issue. IP  issues are also issues concerning public/consumer interests."

 

A (commercial) respondent[38] tried to differentiate privacy interests which may be different when individuals act on the Internet in different roles.   He writes: "As an internet user, I am sensitive to the issues of privacy while surfing the internet. I do not believe that the names & destinations of internet users should be publicly available, for resale or purposes of demographic studies without the consent of the individual user. I do believe, however, that the names and contact information for domain name registrants should be publicly available. As a user of the internet, I believe I have a right to know who’s domain I am entering. I believe I have a right to know who may be infringing on my intellectual property rights." The respondent then goes on to make the analogy between a shopper (who may remain anonymous when entering an establishment), and the establishment’s proprietor who has to disclose who he is.

 

7. Bulk access provisions, from a data user perspective. Some criticism in bulk access provisions and their enforcement was also raised from the data user’s perspective.  For instance, a non-commercial respondent[39] who mentioned the resolution of technical concerns as his primary concern suggested that "The price of bulk access should be fixed to a reasonable level by ICANN."

 

A commercial respondent[40] who gave "consumer or IP protection" as the primary concern (in response to question 6) criticized insufficient enforcement of bulk access provisions.  The respondent suggested (in response to question 14) that bulk XML files should be made available in a central repository, so that organizations could implement their own search interfaces.  In his answer to question 17.d, the respondent then describes his own experiences with the current bulk access provisions: "The current provisions provide no mechanism for enforcement of the agreement. There needs to be a clause specifying a uniform URL where a Registrar Bulk Access Agreement and pricing info is available. There also needs to be some mechanism to file a complaint to ICANN or some other enforcement agency.  The complain mechanism would have some standard policy that would be followed, including acknowledgement of the complaints. I have written several Registrar for information concerning their Bulk Access Agreement.  Many claim the data is unavailable.  Others simply ignore the request.  Correspondence with ICANN has gone unanswered.  Any agreement is virtually pointless if neither party is interested in compliance."

 

Issues  identified.  We summarize some possibly important issues identified by users:

·         Abuse vs. accuracy: One respondent identified marketing abuse of whois data as an incentive for registrants to give inaccurate data.  A different respondent admitted that he had falsified his whois data, based on an incident in which "a malicious user was trying to gain intimate information." This may point to a possible conflict between broad availability and use of whois data on the one hand, and accuracy of the same data on the other hand.

·         Privacy:  Various respondents specifically concentrated on the privacy risks with respect to individual respondents (including, possibly, minors).  Several of these respondents looked for mechanisms which would protect individuals’ privacy, while leaving information about businesses available and preserving the possibility to track down infringers. 

·          Access: Various respondents stressed the need for continued public access to whois data, and for enforcement of current bulk access provisions.

Respondents criticized ununderstandable policy.  In situations in which users are confronted with a choice between different registrars’ privacy policies, it is crucially important that these policies are understandable for users - otherwise, users are unable to make an informed choice of registrar.

 

F               Findings and Discussion of Results

 

Question 16

With the exception of the "other" and "not stated" categories of respondents, prohibiting resale or marketing use is preferred over an opt-in approach to that use.  Across all categories, opt-in is in turn preferred over opt-out and a plain allowance for registrars to engage in such use.

Across categories, those who suggest opt-in or stricter protection represent between 79% and 92% of those who responded to this question.

 

Question 17.a

Question 17.a suggests that there is consensus across categories of respondents that bulk access provisions should be maintained in the gTLD environment.

During task force discussions, doubts were raised about how the question should be interpreted: One member understood it to mean that some kind of bulk access provisions should be maintained, while another member suggested that the question referred to the specific bulk access provisions described on the questionnaire.  However, the latter interpretation may lead to a contradiction with question 17.d. Also, it was questioned whether the analysis of the responses to this question is consistent with the results from question 16.

 

Question 17.b

It appears that there is consensus across categories of respondents that, whatever bulk access provisions are agreed, if any, these should be extended to other TLDs.  The same caveats as with question 17.a apply.

 

Question 17.c

As a preliminary finding, it can be stated that majorities of the registrar-registry (and "not-stated") groups of respondents have a tendency to welcome advertising from the chosen service provider.  On the other hand, majorities of governmental, commercial, individual, and ISP respondents stated that they would not welcome such advertising.  While there is certainly no consensus across categories, it is worth noting that majorities of most of those groups of respondents who would receive the advertising material would not welcome it, while majorities of those groups who would send out the material say that they would indeed welcome it "as a user".

 

 

Question 17.d

Taking inevitable error margins into account, the yes-no part of this question leads to an undecided result or to very thin majorities in some of the categories: Half of the respondents suggest that the bulk access provisions should be changed, half suggest they shouldn’t.

 

The result of the evaluation of the  free-form responses which were given by those who do suggest a change of bulk access provisions look very similar to the results from question 16: Between 66% and 83% (or a mean value of 76% across all categories) of  these respondents call for opt-in policies or no access to data for resale or marketing purposes; additionally, some responses more generally ask for  stricter privacy protection.  There was very little support for improving the present opt-out mechanisms (< 10%), and close to no support for a more relaxed privacy policy among those who demanded a change to the existing bulk access provisions and answered the free-form part of the question.

 

 

V           Third Party Services (qq. 18, 19)

 

By Troy Dow, Bret Fausett, and Oscar Robles-Garay, and Sarah Andrews

(Business and ccTLD Constituencies, Non Commercial)

 

A               Summary

 

Question 18 sought to identify the extent to which third party services – defined as services to limit disclosure of registrant contact data by allowing the use of the name and address of a third party with whom the Domain Registrant has an agreement, as provided for in the ICANN Registrar Accreditation Agreement – are being offered by registrars, Internet service providers, and hosting companies.  Question 19 sought to identify the extent to which there exists interest among respondents in utilizing such services.

 

The survey results indicate that such services are currently being offered by more than half of the registrars and/or registries who responded, as well as by close to half of the ISP respondents and those in the “other” category who responded to this portion of the survey.  The survey also shows a similar level of demand for such services, with slightly less than half of those responding indicating an interest in third party services as a means of protecting their privacy, and with half of individual respondents indicated an interest in such services.

B               Questions Asked

 

Question for registrars, ISPs, and hosting companies

18. Where non-disclosure of the name and address is requested by the Domain Registrant, the ICANN Accreditation Agreement allows for a name and address of a third party to be used where the third party has an agreement with the Registrant, does your company offer this service to its customers?

o             Yes

o             No

 

Question for the public

19. To protect your privacy if you were offered the opportunity to use the name and address of a third party to act as your agent, would you register domains in the name of the third party rather than your own name.

o             Yes

o             No

 

 

C               Results of Evaluation

 

Question 18

 

Question 18	yes	no	Total	% yes	% no
Commercial	115	248	363	32%	68%
governmental	2	9	11	18%	82%
Individual	63	155	218	29%	71%
Isp	88	128	216	41%	59%
non-commercial	14	50	64	22%	78%
not stated	3	7	10	30%	70%
Other	32	38	70	46%	54%
registrar-registry	45	42	87	52%	48%
Min				18%	48%
Max				52%	82%
Total	362	677	1039	35%	65%

 

 

 

 

 

Question 19

 

Question 19	yes	no	Total	% yes	% no
commercial	361	574	935	39%	61%
governmental	21	12	33	64%	36%
individual	455	463	918	50%	50%
ISP	85	131	216	39%	61%
non-commercial	67	118	185	36%	64%
not stated	14	15	29	48%	52%
other	93	90	183	51%	49%
registrar-registry	46	62	108	43%	57%
Min				36%	36%
Max				64%	64%
Total	1142	1465	2607	44%	56%

 

Question 18 was addressed to a limited subset of respondents – specifically registrars, ISPs, and hosting companies – although any respondent who wished to could respond.  216 of the 234 respondents who identified themselves as Internet access providers or network operators responded to this question (a 92.3 percent response rate among this group).  87 of the 130 respondents who identified themselves as domain name registrars and/or registries responded to this question (a 66.9 percent response rate).  Overall 1,039 (34.2 percent) of the overall respondents answered this question.

 

Question 19 was addressed to all respondents.  85.9 percent (2,607) of the overall respondents answered this question, including:  935 of the 1,063 respondents who identified themselves as commercial business users (88 percent); 185 of the 208 respondents who identified themselves as non-commercial organization users (88.9 percent); 33 of the 35 respondents who identified themselves as governmental organization users (94.3 percent); 918 of the 1,021 respondents who identified themselves as individual or household users (89.9 percent); 108 of the 130 respondents who identified themselves as domain name registrars and/or registries (83 percent); 216 of the 234 respondents who identified themselves as Internet access providers or network operators (92.3 percent), and 183 of the 222 respondents who identified themselves in the “other” category (82.4 percent).

 

In response to Question 18, more than half (52 percent) of those respondents who identified themselves as domain name registrars and/or registries indicated that their company currently offers third party services providing for non-disclosure of the name and address of a Domain Registrant, where requested, through an agreement with a third party as allowed under the ICANN Registrar Accreditation Agreement.  41 percent of those respondents who identified themselves as Internet access providers or network operators provide such a service, as do 46 percent of those who identified themselves in the “other” category.  Roughly one third (32 percent and 30 percent, respectively) of those who identified themselves as commercial business users and those who failed to state a category (30 percent), also provide such services.

 

Of  those responding to Question 19, less than half of all respondents (46 percent) said they would register domains in the name and address of a third party if offered the opportunity to do so in order to protect their privacy.  Among the various categories of respondents, non-commercial organization users were least likely to use such services (36 percent said they would use such a service if offered to them), while governmental organization users were most likely to use them (64 percent).  One half of the individual respondents (50 percent) said they would use such services if offered to them.  Similarly, roughly half (51%) of those who identified themselves in the “other” category said they were interested in such services, as did 48 percent of those who did not specify a category.

 

D              Findings

 

The survey results in this area tend to suggest two things.  First, the survey results indicate that there is a stated interest among respondents in third party services that provide for the non-disclosure of the name and address of a Domain Registrant through an agreement with a third party, as provided for in the ICANN Registrar Accreditation Agreement.  Slightly less than half (44 percent) of all those responding indicated an interest in third party services as a means of protecting their privacy.  Interest was slightly higher in some categories – including among individual respondents, of whom 50 percent indicated an interest in such services – and was lower in others. 

 

Second, the survey results indicate that such services are currently being offered by a number of those responding.  More than half (52 percent) of those identifying themselves as registrars and/or registries indicated that they currently offer such services, as did 41 percent of ISP respondents and slightly less than half (46 percent) of all those in the “other” category who responded to this question.

 

Thus, while it is evident that there is a stated interest in these services, it is also evident that the marketplace is, to an extent that cannot be quantified based on the results of this survey, responding to this demand within the existing framework of the ICANN Registrar Accreditation Agreement.

 

VI       Other Comments (q. 20)

 

By Marilyn Cade

(Business Constituency)

 

A               Questions Asked

 

Question 20 asked respondents for free-form answers to a variety of questions.

 

Please consider the following:

 

20a. What, in your view, is the most important personal privacy interest applicable to the WHOIS database?

 

20b. What, in your view, is the most important consumer protection interest applicable to the WHOIS database?

 

20c. What, in your view, is the most important law enforcement interest applicable to the WHOIS database?

 

20d. What, in your view, is the most important interest with respect to protection of minors applicable to the WHOIS database?

 

20e. What, in your view, is the most important network operational interest applicable to the WHOIS database?

 

20f. What, in your view, is the most important competitive or economic interest applicable to the WHOIS database?

 

20g. What, in your view, is the most important interest with respect to intellectual property rights that is applicable?

 

20h. What other interests, besides those listed above, should be considered with regard to the WHOIS database?

 

Free text area for any other comments:

 

 

B               Method of Evaluation

 

 

960 narrative responses were received.  However, not all respondents chose to respond to all of the sub questions.  The task force decided to undertake an analysis process by looking for unique statements that we identified as "GEMS" meaning that these particular answers stood out to the reader or offered an additional view point not captured in the statistical responses or the previous narrative responses.  GEMS are not in any way statistically valid and great caution must be taken to not over react to the individual view points presented.  However, the respondents cared enough to share this point with us and the task force has chosen to present illustrative comments on a section-by-section basis.  Three readers (Thomas, Marilyn and Sarah) read through 2250 out of 3035 questionnaires, corresponding to approximately 660 out of the 960 narrative responses.  .  In addition, Abel Wisman read many of the responses.  No further analysis of the narratives to Question 20 is planned because the approach the task force took indicates to us that substantive unique new areas were not uncovered through Question 20.

 

The task force believes that in spite of this,  Q20 offered something unique to the respondents that is different from the narrative responses provided for in conjunction with the statistical questions.  We would not advise future task force to include narrative options with statistical questions.  However, we would suggest a single free form response option similar to Q20 to cover the respondents additional thoughts.

 

 

C               How the Information is Presented in the Report

 

Question 20 “gems” are discussed section by section in the body of the draft final report. By now, the reader will have seen the ‘gems’ inserted in each section as they have read through the draft report.  The TF is considering how and whether to present more information about Question 20 from the analysis done.  Given how they relate to the rest of the information, at present the TF believes that they may be most useful to present in a useable reader friendly format in some manner, with general themes identified, without further analysis.  An example of a reader friendly format for Q.20 may be posted shortly after Bucharest meeting in an addendum to the Draft Final Report, depending on final TF decisions about priorities. 

VII  Final Conclusions

 

By Marilyn Cade, Antonio Harris, Thomas Roessler, Tim Denton, Steve Metalitz , and Sarah Andrews

(BC, ISPCP, General Assembly, Registrar, IPC, and, Non Commercial)

 

 

v      The survey results are a useful addition to ICANN’s decision-making process.  While not a scientific sample, the 3000+ responses make this the most comprehensive survey ever undertaken regarding Whois, and respondents represent a good cross-section of Whois stakeholders.   Some of  the survey results are ambiguous (due in great part to shortcomings in the survey instrument), but many are clear-cut.  

 

v      The survey documents the variety of legitimate uses frequently made of Whois data.  Respondents rely on this data to support technical and security operations; to determine the identity of a party responsible for a site visited online; and to assist in the enforcement of intellectual property rights, among other uses.   Effective identification, the resolution of technical problems, and privacy protection were all chosen by significant portions of respondents as being their main concern with Whois data. With all categories of respondents except ISPs (who emphasized technical problem-solving), effective identification led the list of responses, while privacy issues were chosen by a minority of respondents in all groups.

 

v      Survey respondents generally appeared satisfied with the data elements now contained in Whois, with only relatively small minorities asking either for more data or for suppression of data that is currently collected.  Nearly half had encountered problems with inaccurate or incomplete Whois data, though most thought that only a small percentage of the database was involved.   Most respondents wanted the ability to search Whois on data elements other than domain name. 

 

v      Although fewer respondents used Whois in ccTLDs than in gTLDs, there was strong support for the concept of uniformity of Whois data formats and service throughout the domain name system.  A centralized point of access to all Whois was also a popular idea with the strong majority of these respondents, and most of them felt that registrars or registrants, rather than Whois users, should pay for the cost of this service. 

 

v      Many respondents appeared dissatisfied with the gTLD status quo in terms of limitations on marketing uses of Whois data, which currently operates on an opt-out basis.  Half the respondents thought such uses should be banned altogether, with most of the other half choosing an opt-in regime over opt-out or an unregulated environment.  However, when asked to react specifically to the contractual bulk access rules now in effect, at least half the respondents appeared to choose the status quo and to call for it to be extended to ccTLDs, thus adding a note of ambiguity to the results.   Half the individual respondents expressed interest in the existing provisions allowing registration of domains in the name of a third party, but this option found less favor with most other groups of respondents. 

 

v      The overall picture provided by the survey is one of general satisfaction with the Whois status quo.  It appears to be an important service upon which a number of segments of the community rely to carry out vital technical functions and to provide needed transparency and accountability.  The main areas of dissatisfaction seem to be the following:

 

v      More robustly searchable Whois, including the ability to search on a multiplicity of data elements.

v      More uniformity of Whois services throughout the Domain Name System, and a centralized point of access  to a multiplicity of cross-registry databases

v      Tighter restrictions on commercial and marketing uses of Whois data

v      Improving the accuracy and reliability of Whois data

 

 

The survey results suggest that these are the areas in which the Names Council should concentrate its efforts to articulate the evolving community consensus with regard to Whois, while reaffirming the existing consensus with regard to Whois data elements, public accessibility, and unrestricted uses outside the commercial/marketing arena.   

VIII    Request for Discussion: Possible WHOIS Recommendations

 

The present  report identifies four regions of concern:

 

1.        Accuracy of the data contained in the WHOIS database.

2.        Uniformity of data formats and elements across various TLDs and registrars, including ccTLDs.

3.        Better searchability.

4.        Better protection of data subjects from marketing use of the data contained in the WHOIS database.

 

A generally high level of satisfaction was found with respect to current data elements and non-marketing uses of Whois in the gTLD environment. These results reflect the existing community consensus, and we have not detected any changes in this consensus.  However, the evolution of the community’s consensus with respect to the WHOIS database must be closely monitored, in particular with regard to the impact of the roll-out of new gTLDs (not present at the time the survey was conducted) and evolving national law.

 

This chapter tries to explore possible approaches to address the issues identified as concerns, and to identify the interests affected by them. 

 

The Task Force solicits your comments on these possible recommendations.  Please submit your comments to the e-mail address <comments-whois@dnso.org>. Comments received are archived at <http://www.dnso.org/dnso/dnsocomments/comments-whois/Arc00/>.

 

 

A            Accuracy of data contained in the WHOIS database

The current Registrar Accreditation Agreement[41] (RAA), section 3.7.7.1, requires registered name holders to provide to their registrars "accurate and reliable contact details."  According to 3.7.2, the "willful provision of inaccurate or unreliable information" or the failure to respond to inquiries on the accuracy in a timely manner  "shall constitute a material breach of the [...] contract and be a basis for cancellation of the Registered Name registration."  ICANN has recently called registrars’ attention to these provisions, by issuing an advisory[42] concerning WHOIS data accuracy.

The Task Force believes that the approach of actually enforcing the existing contractual provisions is the essential first step toward improving  WHOIS data accuracy in the gTLD environment. .

The WHOIS Task Force is aware that although existing contracts allow for enforcement of applicable contractual provisions, in many cases, the only allowed penalty for a breach of the contract is revocation of the ability to register names by the registrar. This all-or-nothing system may actually impede enforcement.  In addition, registrars have not established  clear enforcement mechanisms to ensure their customers (resellers, ISPs or end-users) provide accurate data.

The Task Force believes that a method of graduated sanctions or enforcements against parties who breach the requirement to provide accurate information and to maintain an accurate Whois database,  potentially as a combination of policy and financial penalties, should be considered, in order to facilitate the actual enforcement of the current policy with respect to WHOIS data accuracy.

 

If enforcement of current contractual provisions  does not lead to an improvement of WHOIS data accuracy, then more substantial changes to the RAA itself or the establishment of consensus policies (as necessary) should be considered. 

For example, mandatory periodic re-validation of WHOIS data has been identified as one important technique for improving data quality which may require a change in ICANN policy, to the extent that it is not voluntarily adopted by registrars.

 

B             Uniformity of data formats and elements across various TLDs and registrars, including ccTLDs.

 Currently, whois data elements are, in general, uniform across gTLDs. They are not uniform across country-code top level domains, some of which do not even provide a Whois or equivalent service.  There is currently no uniform format for the responses provided by WHOIS services.

The Task Force believes that the questions of uniform data formats and uniformity of data elements need to be discussed and handled separately. 

 

As far as data formats are concerned, an open technical standardization process building on the work of ICANN’s earlier .com/.net/.org WHOIS Committee[43] and the ietf-whois mailing list[44] should be undertaken. The committee recommended in early 2001 that a standard Whois format should be phased in as expeditiously as possible that does not rely on TCP port 43, such as the XML-based format, which is described in detail in the Internet draft ‘Whois Export and Exchange Format’ of January 26, 2001.

The present Task Force believes that the use of such a uniform data format across gTLD and ccTLD environments should be evaluated. 

The survey data  evaluated by the Task Force seem to indicate that there is considerable support for such uniformity among the respondents to the questionnaire.[45]

 

The Task Force believes that WHOIS data elements should be uniform across all gTLDs.

 

Uniformity of data elements across gTLDs and ccTLDs, while found desirable by an extremely strong majority of respondents to the Task Force’s survey[46], can be expected to lead to conflicting views caused by national or regional cultural and legal differences with respect to a number of issues, including registrants’ privacy rights, and divergent views regarding the relationship of ccTLDs to ICANN consensus policies.  

The Task Force believes that this topic should be the subject of separate deliberations.  These deliberations should take into account specific aspects of  the TLD environments, as well as the value of  accountability and transparency across the domain name system.    Public interest concerns should be taken into account in an appropriate manner. The  objective should be to identify the best way to make progress toward the goal of the uniformity that all  users of the system clearly desire. 

 

 

C            Better searchability of WHOIS databases. 

The Task Force’s Survey covered three kinds of improved searchability of WHOIS databases:  (1) Centralized public access to WHOIS databases on a per-TLD level[47], (2) the use of data elements different from the domain name as query keys[48], and (3) the provision of still more advanced database query capabilities, and centralized search services across TLDs.[49] The Task Force’s Survey. indicates that, among respondents, there is demand and support for each of these services. The first two of these aspects (centralized access on a per-TLD basis, and the use of other data elements as search keys) mostly amount to a restoration of the InterNIC WHOIS status quo ante[50], and may be considered part of the current policy environment[51],  but they are not being enforced.

The more advanced services described under (3) do presently not exist in the .com/.net/.org environment.  However, centralized access to one or more cross-TLD Whois services is specifically provided for in the existing gTLD registry agreements.[52]  One registry also has taken on an obligation to conduct research and development activities toward a universal Whois service.[53]   Furthermore, enhanced searchability is to be offered by at least some of the new gTLD registries in accordance with their  accreditation agreements.[54]  

As far as the gTLD environment is concerned,   all these services can  be implemented either by registrars/registries or as third party services, based on Bulk Access to WHOIS data.[55] The survey revealed that many of those who demand such services believe that the services should be free for users, and should be paid for as part of registration fees. 

 

To facilitate the restoration of full searchability of Whois databases [see (1) and (2) above], ICANN should explore both enforcing the  mandate to  registrars and registries to provide (or to cooperate in the provision of) such complete  WHOIS search service, and a market-based approach based on bulk access to WHOIS data.

With respect to the more advanced services described in (3) above, the Task Force does not recommend any policy changes. The Task Force suggests that ICANN explore how best to swiftly develop and  implement a plan for cross-registry Whois services, including through  third party services, based on bulk access to WHOIS data.

 

 

D            Marketing use of WHOIS data; bulk access provisions.

The survey undertaken by the Task Force strongly suggests[56] that respondents generally do not accept the use of their personal information contained in the WHOIS database for unsolicited marketing activities. Respondents also generally preferred opt-in approaches to such marketing use over opt-out approaches (like the one envisioned by section 3.3.6.6 of the current RAA).

Based on these results, the Task Force recommends a review of the current bulk access provisions of the Registrar Accreditation Agreement.  Such review should explore the option to reduce registrars’ discretion in the design of their respective bulk access agreements, in favor of stronger privacy protection for registrants,  stronger restrictions on marketing use of WHOIS data, and facilitation of bulk access for value-added non-marketing services, as originally contemplated in the RAA.    In particular, the following possible changes  should be examined more closely:

·         The policy could attempt to ensure that protection mechanisms can’t be circumvented by third parties selling indirect access to bulk data.  This could, for instance, be accomplished by changing “may require” in section 3.3.6.5 to “shall require.”  It could also be accomplished by requiring bulk access  users to impose conditions on the use of their products and services which are similar to the ones in ICANN’s policy.

·         Sections 3.3.6.3 (prohibition of use of bulk access data for marketing purposes) and 3.3.6.6 (opt-out provision) could be simplified,  unified, and extended to include contact data of organizational entities. Marketing use of registrants’ data outside existing business relationships could depend on the registrant’s prior agreement (“opt-in”).

IX       Task Force Members; Contact

 

A               Authors of This Report

 

Those raw numbers in this report which concern the total set of responses received were prepared by ICANN staff.  The numbers which concern the set of 303 statistically selected responses were generated by the General Assembly’s representatives to the task force, Kristy McKee, Abel Wisman, and Thomas Roessler.  Kristy, Abel and Thomas also produced the skeleton of this report.  Statistics resulting from “basketing” of narrative responses was undertaken by nearly everyone on the Task Force.

 

Individual sections were worked on by the following individuals:

v      History and Mission:  Marilyn Cade (BC), Tony Harris (ISPC), Tim Denton (Registrars).

v      Participation in the Survey:  Thomas Roessler, Abel Wisman, and Kristy McKee (all GA)

v      Statistical Considerations:  Thomas Roessler (General Assembly)

v      User Expectations and Experience:  Steve Metalitz and Laurence Djolakian (IPC), Ken Stubbs (Registrars), and Hakikur Rahman, Non Commercial.

v      Uniformity in WHOIS Access: Ram Mohan and Karen Elizaga from the gTLD registries constituency)

v      Marketing and Bulk Access to WHOIS Data: Kristy McKee, Abel Wisman, and Thomas Roessler (all GA) and Sarah Andrews, Non Commercial, with substantial additional input from the gTLD and intellectual property constituencies.

v       Third Party Agents: Troy Dow and Bret Fausett (Business Constituency), Oscar Robles-Garay (ccTLD constituency), and Sarah Andrews, Non Commercial.

v      Other Comments:  Marilyn Cade (Business Constituency)

v      Final Conclusions:  Marilyn Cade (BC), Tony Harris (ISPC), Thomas Roessler (GA), Tim Denton (Registrars), Steve Metalitz (IPC), and Sarah Andrews (Non Commercial).

 

B               Archives and Contact

 

The WHOIS task force’s public discussions are archived at http://www.dnso.org/clubpublic/nc-whois/Arc00/. The task force can be reached by contacting its co-chairs, Marilyn Cade <mcade@att.com> (Business Constituency), and Tony Harris <harris@cabase.org.ar> (ISPCP).

 

C               Members of the Task Force

 

Co-chairs:

Marilyn Cade, BC

Antonio Harris, ISPCP

 

Members

 

Troy Dow, BC

Bret Fausett, BC

 

Oscar Robles-Garay, ccTLD

 

Thomas Roessler, GA

Abel Wisman, GA

Kristy McKee, GA

 

Laurence Djolakian, IPC

Steve Metalitz, IPC

 

Sarah Andrews, Non Commercial

Gilbert Lumantao, Non Commercial

Hakikur Rahman, Non Commercial

 

Philip Grabensee, Registrar

Tim Denton, Registrar

Ken Stubbs, Registrar

 

Karen Elizaga, Registry

Ram Mohan, Registry

 

Former Members:

 

Paul Kane, Registrar and original chair

Danny Younger, former GA Chair

Axel Aus der Muhlen, IPC

Theresa Swinehart, BC

Miriam Sapiro, Registry

Y.J. Park, Non Commercial