WHOIS Task Force Transcript

November 13, 2002



OPERATOR:  AT&T teleconference.  This Marilyn Cade’s conference call.  The conference ID is BMC 7221.  This is AT&T teleconference operator, this conference call is being recorded.


MARILYN CADE:  Thank you.  OK.  So, I'm hoping that as people join, they will announce themselves.  We'll do a roll call, again, in a few minutes just to make sure we've captured everyone.  Can I just see if I can from memory recap here?  We had present at the Shanghai outreach meeting on Sunday, Steve (ph) and Thomas (ph) ...


STEVE (ph):  No, I was not there.


CADE:  Sorry, Steve (ph).  You weren't there.  You're quite right.  We had your team.


STEVE (ph):  Ross (ph) was there, I think.


CADE:  Laurent (ph) was there and Jay Scott (ph) was there as well.  And Ellen (ph) was not there.  We have – Chen (ph) you were there.


CHEN (ph):  Yes.


CADE:  And Thomas (ph) was there.  And Tony (ph) was there, but we don't Tony (ph) just yet.  The reason we had this outreach meeting was really driven largely by the fact that we were getting a number of significantly detailed expressions of concern about some of the recommendations in our interim report.  And Tony (ph) and I felt that we should take this opportunity to – since the registrars and registries were there take this opportunity to (INAUDIBLE). 


And Karen (ph) you – I'm – you were in attendance with us most of that time if not all of it, is that right?


KAREN (ph):  That's right.


CADE:  That's right.  I thought you were.  Who just joined us? 


KRISTY(ph):  Good morning, this is Kristy (ph).


CADE:  Hi, Kristy (ph).  And who else just joined us?  So I have Karen (ph), Kristy (ph), Steve (ph), Hakakour (ph), Thomas (ph), Ken (ph).  Anyone else?  OK.


Anyway, we held the meeting, and I might just, Thomas start with you and we could just go, you Ken (ph) and Karen (ph) talk a little bit about the – your perception of the dialogue with the registrars and registries.  By the way, there approximately 34 people in the room at the time that we were conducting this particular outreach session, pretty fair representation from the Who Is (ph) task force itself.  So I would – and we had the ICAN (ph) staff there. 


The one – we kicked it off by asking the ICAN (ph) staff to explain the General Council's memo and response to questions.  And that was one of the significant things we were able to accomplish is to have an opportunity to hear from Louie (ph).  And Dan (ph) was in attendance as well.  So I would say we probably had about 26 to 27 representatives across the registry/registrar.  And I actually have the list and sent out an e-mail to them if anybody is particularly in them.


But Thomas (ph) could I start with you?  And the go to Karen (ph) and Ken (ph) for some feedback on that particular session.


THOMAS (ph):  Hello?


CADE:  Hi.


THOMAS (ph):  I just listened to the conference technology telling me that I'm in talk mode again.  This always takes some seconds.  OK.  So unless I missed something important during the last half-minute, I may just try to walk through the partially unreadable notes I took in Shanghai.


CADE:  That would be good Thomas (ph).  Thanks.


THOMAS (ph):  I'll skip over the part on policy making and the two tone making and go into the issues we were told about registrars.  And I have a couple of bullet points there. 


We have – I think we have been hearing about verification about the correction of bad Who Is (ph) data and possible sanctions in that connection.  There were issues about standardization of output and data elements.  There was discussion about the cost of – or there was a question from the registrar side, what is the cost of implementing some of the recommendations versus the general cost of not implementing them. 


There were some remarks on privacy issues.  There were remarks on cross registrar searchability for other fields.  And specifically concerning verification on data correction projects and recommendations.  There was a concern that registrars or for the mentor (ph) ICAN (ph) current format to make – may be flooded (ph) by abuses.  (INAUDIBLE) thereby tying up a lot of human or technical resources at the registrar or at ICAN (ph).  So there was a sketch (ph) this should somehow be tied to something.


Anyway, to some information about the complaint on something like that.  Anyway, for the individual issues, we're taking a look about verification.


OPERATOR:  Pardon me, Ms. Cade.


CADE:  Yes.


OPERATOR:  This is the AT&T teleconference Operator.  Ms. Cade I've tried several times to get Mr. Harris (ph) for your conference call.  I did leave word one of the numbers.  The other number I did get a lady and she said he's not available to call tomorrow.


CADE:  That's fine.


OPERATOR:  OK.  And if you should need assistance please press sign then zero.


CADE:  Thank you. 


OPERATOR:  Thanks for using AT&T.


THOMAS (ph):  That was really nice Marilyn.


CADE:  Sorry.


THOMAS (ph):  I'm sorry.  I just had to law the part about thanks for using AT&T.  It's really nice, wasn't it. 


CADE:  That was very nice.  I ...


THOMAS (ph):  OK.  Data verification.  I think one of the key points that was made by registrars was the (INAUDIBLE) of point of time of registration should be viewed as one possible to achieve the goal more security (ph).  Plus (ph) the data, some of the comments we heard were from Regression (ph) that the task force should clearly define the requirements it had in mind, because otherwise, registrars have to base their analysis on some kind of worse case scenario for the businesses there.  It would be better to have something more specific. 


To access (ph) we heard from, I think Mr. Kahura (ph), said it would be relatively easy to defeat a pre validation system by just using addresses or names or contact information in remote and non developed corners of the world where validation systems would most likely fail.  We got one comment talking about the data would be better if they were more private.  And pointed to the query base (ph) Who Is (ph), (INAUDIBLE) access important – as an important sources for marketing information.


In addition to that, there was an important comment I think which noted that verification at the point of time of renewal may be a bad thing because so many names are frequently renewed at last minute.  And delaying a renewal because of time consuming, debt, or verification have to take preference (ph) because they can't be verified which leads to a loss of a domain name.  This was reported as not being practical.


One last remark which, I'm not who came – I'm not sure from which came either from registrar or from someone from the registry side was that is correcting Who Is (ph) data is in any case, the registrants responsibility.  OK.  So it could have come from anyone.  I had two asterisks (INAUDIBLE).  I'm sorry (INAUDIBLE).


I have some other notes on the question how to handle the correction process once there has been a modification of that data?  In that case, we were told that 13 days may be a problem.  In fact, we may be suggesting a (INAUDIBLE) which can be used to get someone else's domain name.


And the scenario (ph) people were telling us about or something like this.  Imagine some registrant has a domain name and someone else desires to get that domain name.  There's no way to get it through the DREP (ph).  But there may be some inadvertently bad information in the Who Is (ph).  In that, case, the third party who desires to get the domain name may start that (INAUDIBLE) notification process possibly at an uncomfortable point of time like Christmas holiday or something like when people are unlikely to respond very quickly.


Hopes the data is incorrect.  This is the case.  (INAUDIBLE) later.  The domain name has gone.  It becomes a streamlined process of finally getting the domain name, of course, but using WLS (ph) but that's just a side effect.  Actually, I think that several people in the room told us how to work around this.  Instead of deleting domain names when that information isn't fixed (ph) immediately (ph) the domain name should be put on hold for an extended period of time which will make recovering the domain name, the correct information that's provided late, much easier.  And which would at the same time remove some of the abuse (ph) incentives (ph) in order to just get someone else's domain name.  I assume this is something we should really think about.


Well I think that's the most important points about this particular thing.  I have written some notes from – question what – there was a question about some individual user in the survey.  There were some remarks about code (ph) estimates.  But I don't have any more precise notes about that.  We heard something about (INAUDIBLE) for whatever reason.


Finally, there were some comments from one registrar who said that – basically said that machine readable Who Is (ph) data and the query (ph) based  Who Is (ph) would make, I'll use his words, by enabling that processing (ph) of such queries and by really making some of kind of indirect park (ph) some query based tool it's much simpler.  So this was, at least by this one registrar, perceived as something which may be dangerous to registrant privacy.  And maybe fostering (ph) selling (ph).  I strongly argued this (ph) service should be left as non standardized and difficult (ph) to (ph) use (ph) as possible.


If I recall this correctly.  I think that's basically all I have in readable or complete form.




THOMAS (ph):  I think there were some more points on centralizing access or centralizing databases but I don't recall them very precisely.


CADE:  I have a couple of notes on that.  Can I go to – did anyone else join us?


LAURENT (ph):  Yes, Marilyn, it's Laurent (ph).  But I have another call at the same time, so I can't promise I will follow – I will be able to follow everything. 


CADE:  OK.  What we're doing right now is just doing a quick debrief from people who attended the registrar/registry session, Laurent (ph). 


LAURENT (ph):  Yes.


CADE:  I'm going to go to – Thomas has just concluded.  Do you want to go next?  Or do you want to have Karen (ph) go next and then follow her?


LAURENT (ph):  Yes, then I can listen to Karen (ph) and then follow.


CADE:  Sure.  Karen (ph).


KAREN (ph):  I thought Thomas (ph) covered it pretty well and thoroughly.  I just wanted to make a general comment that I thought the session was productivity in that the registrars really commented – or gave us sort of practical suggestions on the theories that we've put forth.  So I just thought some of the suggestions were very helpful.


THOMAS (ph):  Yes.


CADE:  Laurent (ph). 


LAURENT (ph):  Yes, well I think that they made some – well they raised practical questions.  They asked some more practical important (ph) raised the question of the impact of the proposals and how to (INAUDIBLE) the cost for example, their activities – well impact on their activities.


I think they were interesting comments.  But I mean they sent – they asked this question and I would have been happy as well to have some feedback from them on systems they could have proposed.  And maybe more input from them.  I think there were more questions as comments.  Maybe a lot of criticism as well.  But that's my own feeling personal. 


CADE:  And Ken (ph).  Do we still have Ken (ph)?  Let me make a couple of comments because I have been meeting and hearing from registrars in follow ups that meet as well.  And I believe this is a topic of much discussion within the registrar constituency, so I'm hoping Ken (ph) will come back on.  The – there are significant concerns within the registrar constituency about the ability to actually do some of the things that are in the interim report. 


And they – that's where I think a number of the questions came from that Laurent (ph) mentioned.  They are struggling themselves with the status on standards in some areas and other kinds of activities that may be a part of any ability to address certain aspects of searchability (ph) or uniformity, et cetera. 


But they also, depending on where they do business in terms of a country, had differing experiences with the government representatives in relation to Who Is (ph).  And other interactions that they may – where they may be engaged in interacting with government for one reason or another.  I've only gotten, I'd say something like between eight, nine comments on that last item.  And it seems to me from my conversation with the registrars that we're at the very – and with the GAC (ph) members that we're at the very beginning of the issues and questions that they government representatives who are not necessarily the same people the registrars are interacting with, by the way.  So the GAC (ph) members may have one set of concerns.  The interaction on the part of a registrar with a government representative in the country that they're a resident in, may be around a very different topic.


And a number of the registrars that I talked to had attended the FTC hosted meeting for law enforcement dialogue with registrars here in Washington.  But they had a fairly unclear understanding of what the next steps were in relation to that FTC outreach meeting.  And see this is as a work item that is going to continue to evolve.


So high concerns about cost.  Some concern, as well, about the concept of re-centralizing the Who Is (ph) database and putting all of the data in the hands of a single entity that might or might not be delivering them the kind of neutral services that they would need in order to fulfill their responsibilities.  Some folks who are actually questioning why they should still have to provide Who Is (ph)?  If it's expensive?  And it's controversial.  Some questioning of that.  I didn't see a widespread questioning, but I did hear some questioning of it.


Cost recovery is a really big concern.  And the registrars that I spoke to are concerned that the small registrars are at a significant disadvantage.  And I agree, Thomas (ph) with your – your comment about the recommendation that whole versus deleting provides a mechanism to generate responsive behavior on the part of the registrant.  I just want to say one more word that – I think we got – we did get some good guidance on the role of the registrant and the importance of engaging the registrant in the data provision and correction. 


And something of a feeling that the registrars that they don't necessarily have the muscle needed to force data accuracy.  Strong objection to the sanctions program.  In some cases, a misunderstanding of when the sanctions program would kick in.  That it would only be after there was a documented history of abuse.  That was one thing.  The other thing frankly is, I think there's skepticism about how a sanctions program could be enforced.


Anything else?  I think that pretty much covers the – and I'm – is Ken (ph) back on?


KEN (ph):  Yes.  I'm sorry.  I had to go off for a couple of minutes.


CADE:  Great.  Ken (ph), I just wanted to give you a chance.  I went ahead and gave kind of my background statement.  I just wanted to give you a chance to comment as well.  Because I believe that registrars is a topic of discussion within your constituency independently.


KEN (ph):  Yes, we've had some discussions regarding the Who Is (ph).  And I think they're a little concerned about a couple of areas, number one implementation, number two the sanctions program.  I think that I feel that they think that it might be a little too heavy handed at this point in time.  The proposal, I think, took them off guard.  And so when you see something like that, then they tend to go back to what they felt was the original calling for the task force which was to identify to issues, as opposed to composing solutions.  And I don't think that they feel like they've been as consulted as much as they need to be from a practical concern.


I think the other concern that I tried to impose – let me them know that this is an issue that can't be ignored because if it continues to be ignored, what will happen is that legislative bodies will impose solutions on them.  So hopefully, they will try to get more involved.  I think even though there has been outreaches, I still don't think they have been as effective.  Although, I think Mike Pilage (ph) is trying very hard to get them more involved and to the point where he's made proposals to stimulate more involvement on their part.


So I feel at this point in time, that the registrars, they're preparing a ballot which is going to be going out to the members, which I'll give you the issues.  There are – I'm actually more than happy to send this out to you guys, but with respect to the task force, they registrars are being given the opportunity of voting on a ballot that says in effect because of the potential negative impact that the proposed task force report will have on registrars and registrants is set fourth in the following document.  The undersigned registrar supports the comments contained in the document.  This is the comments that have – Mike Pilage (ph) has indicated has been put together by five or six of the registrars who were asked to work on in it.


And they're given the opportunity of supporting the statement, opposing it or abstaining it.  Also, there's one additional part here.  And that is an effort to have the concerns of a growing number of registrars adequately represented on the – well now this is a transfers task force issue.  But I'll send a copy of Mike Pilage's (ph) latest iteration.


We are constantly having problems in the registrar constituency almost exclusively due to the fact that these guys are so involved right now with their own operations. And with a lot of issues that are going on between them that they – it's hard for them to stay focused on the long-term when it comes to Who Is (ph).  So I encourage the task force to continue to put out this stuff, because the only way we can get the involvement on the part of the registrars is to – how do I say it politely, you've got to hit them over the head with it before they get pretentious (ph).


So I hope I'm giving you some sort of an outline of the overall tone.  I don't know whether Tim is on the call.  I'm sure he would have some additional thoughts on this.  But ...


CADE:  I – is Tim (ph) on the call?  I didn't hear him earlier, or Phyllis (ph).  I can totally reinforce from the private conversations or individual conversations, Ken (ph), that I've had with registrars, the expressions that you've made. 


I think there's a realism here and that is that most of the registrars are small to mid size businesses.  And that means that they are focused very much on the day-to-day operation.  And it's very hard for them to devote resources to policy.  That being said, I think they also are beginning to – a group of them are beginning to become very aware of the policy implications besides sort of the big guys, and that's progress .


At the same time, I'm concerned about the – could you – my understanding was that Mike Pilage (ph) had two resolutions that he was preparing – proposing to ballot on Who Is (ph) or is it just one on Who Is (ph)? 


KEN (ph):  The – it's my understanding there's only one at this point in time.  But I'd have to go back.  There's been so much on this list in the last few days, but most of it's process as opposed to the registrations, you know.


CADE:  Yes.  Ken (ph) ...


KEN (ph):  It's very – I'm telling you and then is not meant as any way – any sort of disparagement in terms of the registrars constituency.  But we are dealing with such a broad group of people as Marilyn pointed out.  It is very hard to keep them focused.  And unfortunately in too may cases, it almost becomes crisis management.  And its' somewhat sad, but it's true.  You can post something out there and it will sit out there for 10 days with no comments at all.  And then all of a sudden when the day before a vote, suddenly it gets a little bit of interest and then all of a sudden people come out of the woodwork.


And I think it's something that – it's something the registrars are going to have to work on even that much harder.  I proposed six months ago that the registrars spend a full day at one of the ICAN (ph) meetings doing nothing except dealing with the issues like Who Is (ph) and escrow and so forth.  And it's – they're just – they got so focused on this transfers thing that they forgot that there's other effected parties.  And now with the issues on spam coming to the top, Who Is (ph) is as closely tied into that as it is with abuses of intellectual property issues and so forth.  And I think the registrars have got to realize, that if they don't do something pretty soon, something's going to get done for them and it won't be what they want.


CADE:  Yes.  If you could, you know, if you could forward the resolution that would be great.  The list is, you know, you have the individual e-mail addresses, I think Ken (ph).


KEN (ph):  Sure.


CADE:  Yes.  The one comment I would make timing (ph) is, I think it's a little unfortunate but maybe necessary given the registrar process to, in terms of timing, to vote on the interim report because the interim report was presented to take feedback.


KEN (ph):  I know.  The problem, I think is, that they are – there is a lot of issues within the constituency now as to whether or not opinions that are being voiced and put out by members, let's say of the executive committee of the registrars represent a consensus amongst the registry – I mean amongst the members of the constituency. 


CADE:  Yes.


KEN (ph):  So maybe let's put it this way.  Maybe in the business constituency you have a more effective way of developing a consensus or input, but in the registrars it's a bit more difficult.


CADE:  Yes, I appreciate that.  I just – I don't know if anyone wants to comment for Ken (ph).  Ken (ph) what's the timeline on the ballot?  Do you know when the vote will be?  Have I lost him?  Hello? 


That's – here's the dilemma that I think we face and particularly in relation to this vote.  The constituencies are asked for feedback and we need to document that.  And so a vote unless it's detailed in comments, is not, you know, not going to be particularly helpful in terms of the material that we will be able to provide.  But let me go to my conversation with Bruce Tonkin (ph) while we wait for Ken (ph) to return.


THOMAS (ph):  Marilyn are you just turning to further (ph) process (ph)?  In that case, I may have some more remarks about Shanghai I'd like to make. 


CADE:  I'm going to describe what Bruce's (ph) directions to the task force are.


THOMAS (ph):  OK.


CADE:  But do you want to make other comments before I do that.


THOMAS (ph):  Yes, I would like to if I may.


CADE:  Happy.


THOMAS (ph):  Some things from conversations, I had which may or may not be known to some of the members of the task force.  First of all, Net Names (ph) is preparing something like a slipper (ph) with (ph) service (ph) which is supposed to encompass as much Who Is (ph) information as possible.  And will be offered as a mainframe base through some database operating company in the United States.  I think it maybe network with other database.  I'm not entirely sure about this.  This may be something to look at.


And the second point which came out during a conversation with European registrars it seems like for instance the Bark (ph) access (ph) provisions, as it stands now are something some registrars believe they cannot fulfill given the current regulatory environment.  This is something we should also look at in more detail.  And actually, what (INAUDIBLE) puts that.  (INAUDIBLE) flat rate is this issue with registrar constituency as well.


CADE:  Yes.


THOMAS (ph):  OK.  These two points I think should be all.


CADE:  Fine.  That last point is very consistent with what I was hearing.  And from conversations with a couple of the larger CCTLVS (ph) as well.  Is Ken (ph) back?  No.  Any other questions or comments before I go to my conversation with Bruce (ph)?


STEVE (ph):  Yes, Marilyn, this is Steve (ph).


CADE:  Yes, Steve (ph).


STEVE (ph):  I appreciate having – this has been a very good report for me since I wasn't able to be at the meeting on Sunday in Shanghai.  It strikes me that our challenge is here is going to be try to take all of these comments and come up with something that we can use in the next iteration here.  Because so many of them are, as you would expect from a group that is as diverse as Ken (ph) was talking about, they're internally self contradictory.  There are people complaining that we didn't give enough detail or define things specifically enough.  And others saying that our mandate should only be to identify issues, not to make specific proposals.  And there are other contradictions within this – what we're getting here.


As I see this ballot on the registrars mailing list, at least they're trying to vote on one statement listing some concerns about the proposal.  And I don't know how many of them we can take on board and how many of them we can't, but at least that would help to unify their position.


Because I think what people described here in the last 45 minutes they're – it's just very self contradictory.  And there's no way that we could possibly satisfy all of those concerns.  That's just my impression of what people have told us this morning.


CADE:  I don't think it's quite that bad, but I'll come back to that in just a minute.  Let me share Bruce's (ph) guidance to us, as the Names Council (ph) chair. Bruce's (ph) recommendation to us is to divide our work and take the low hanging fruit and put forward recommendations addressing the low hanging fruit which I'll describe in just a minute what he was suggesting for feedback from the group.


And to propose then to the Names Council (ph) those next steps for dealing with the non low hanging fruit, including how to – asking the question of to more effectively ensure that the registrars and registries where they are effected are able to – I don't mean to say take this more seriously, that's really not the point.  But that they are able to contribute more actively in a staged approach which would be his suggestion.  So divide the work into prior – the – what we can get – what we can recommend by the end of the year.  And then stage two, and then stage three and then stage four.  And describe what we would recommend in each of those areas which might be worth it.  That isn't just by the task force, but some other initiatives as well.  The GAC (ph) – the joint GAC (ph) task force workshop.  Examining further the concept that Thomas (ph) mentioned, which I would see happening in the workshop about bulk access provisions, private restrictions, some of those interest things.


And also, hearing in more – I don't want to call this more detail, but getting a firmer handle on what the state of the standards evolution is so that we can make a recommendation to either just the Names Council (ph) should sit back and observe it. Should ask for periodic reports from participants in the process who are working in the ITS (ph) standards or something that nature.  There's not a discussion that we have to take on the monitoring and the work.  We could just propose a monitoring by the ICAN (ph) staff and the Names Council (ph) with the period update. 


So let me describe what he calls – called the low hanging fruit in our discussion.  If I sort of number our recommendations, one, two, three, four.  One being accuracy.  Two being uniformity.  Three being searchability (ph).  Four being protection.  Then I would pull out one and four and subdivide one and four into two broad areas for one, maybe three broad areas for four.  The broad areas in one would be what can be accomplished now to improve enforcement awareness and working within the existing contractual agreements and obligations.  That would be 1A.  And that should be treated as a priority with an effort to get something not only finally recommended but to (INAUDIBLE) timeline for trying to get implement – make the recommendation and push towards implementation.


One B, would address such areas that include the sanctions and other things that are not presently possible under the existing contracts or covered by the existing contracts.  And a more mid term work effort of probably a couple of more months need – would be undertaken to try to further refine that, fix it, moderate it, modify it, elaborate on it, whatever term I might use there.  So short term, long-term in one. 


Go to four, four really has three areas, again A,B,C.  C being bulk access.  And A being resale.  And B being the concept of what – examining what can be done to limit unauthorized access or misuse of the data which may be a longer term project while A&B may be a shorter term project.  So make a recommendation on resale.  Make a recommendation on bulk access.  And make some kind of recommendation on what mechanisms, if any exist, to limit the purposeful misuse.


THOMAS (ph):  For clarification, are you talking about purposeful misuse or just bulk access or of the entire Who Is (ph) system?


CADE:  The entire Who Is (ph) system.  So if a registrar, for instance, is lending their list or providing access to someone who is then reselling the list and the registrar knows it, that may not be bulk access.


UNIDENTIFIED PARTICIPANT:  Why would that not be bulk access?


CADE:  Pardon me?


UNIDENTIFIED PARTICIPANT:  Why would that not be bulk access?


CADE:  Because it isn't being provided as bulk access.  The registrar is ...


STEVE (ph):  It's being provided one registration at a time? 


CADE:  It's provided through port access.


STEVE (ph):  That – I don't think that's really addressed by our interim report.


CADE:  Pardon me. 


STEVE (ph):  I don't think that's really addressed by our interim report.


CADE:  I think the misuse of the access is.  I'm not sure I would agree with you.  Maybe I'm just clumsy in how I'm describing this, but this has to do with what the registrars themselves may be allowing in terms of data mining of the Who Is (ph).


THOMAS (ph):  So you're talking about access even in bulk, which is not being made available under the contractual bulk (ph) access regime (ph), right?


CADE:  I have no idea if this is really going on.  I've been told that that is – that there are registrars who do allow access or lend their list and not – but not under the bulk access agreement, Steve (ph). 


STEVE (ph):  Well OK, that's – we may have a vague (ph) – different terminology here.


CADE:  I think you might prefer to have it treated under bulk access.  But bulk access means something very specific, as you know, under the original agreement.


STEVE (ph):  Right.  Well – I thought your structure under one was very helpful to try to figure out which are the things that could be accomplished under the existing agreements.  And which are the things that can't (ph) and to put those on somewhat different time tracks.  Is that the same – do you have the same approach in four?  And or is four different?  Is four all deal with things that request changes to the contract?


CADE:  Yes, I think we need to do – I just wanted to divide the topics in four.  And then I think we ought to do the same thing in four, what can be dealt with under the existing agreements and what would require modification.  Let me go to two and three.


Two and three are really longer term issues.  So I would say one and four have short term and mid term work items making recommendations.  Two and three are much more troubled if I can use that terminology.  In terms of, there are people who believe strongly that increasing searchability (ph) will increase data profiling and lead to other particularly bad outcomes.  That unless there's a limitation of access – so if I can again, divide the issue of the data is accurate.  There's a robust set of elements there. 


But then there's the question of who has access to those elements?  And how are they able to generate them in any kind for form?  And are there data profiling and therefore privacy locations (ph) that are exacerbated by increased searchability (ph)?  That's one question that I think we've heard a little bit about it.  I heard a lot more about it from government people while I was with them.  So I did spend a fair amount of time with GAC (ph) members there for a variety of reasons trying to convince them they don't have to be more involved in the Internet.


I'm going to have to start wearing garlic and carrying crosses.


THOMAS (ph):  Is this a new point on the virus (ph) vaccination front?


CADE:  Yes.  But the both – I think uniformity, consistency and searchability (ph) fall into that – the task force thinking further about what needs to be done, what can be done.  What is – what we could – we have some recommendations, but we need to look, I think, harder at our recommendations.  And again, looking at them on what can be done within the existing agreements, what can't be done.  And what's even feasible to do in the mid time to a longer time. 


And I would say like those two in particular, I think we're going to hear – we did hear a fair amount about from registrars that there could be significant cost associated with redesigning the Who Is (ph) database.  If there is going to be a standard introduced there's an interest in doing once based on a standard as opposed to doing it in dribs and drabs, burying cost and having to go through update again, et cetera, et cetera.


KEN (ph):  Marilyn?


CADE:  Yes.


KEN (ph):  Yes, while we're on this area, let me reiterate the fact that I think registrars are very concerned about making sure that if they're going to be the development of standards and procedures as they move forward.  That they need to make sure that these – that there is a good solid, hard consultation with registrars.  I'm going to use as an example in the Who Is (ph) group here what happened last week with UK.com. 


I don't know whether everyone in here is familiar with what happened.  I believe it may – it might have even been Thomas (ph) who brought it to light, but there was a problem with the quality of the data in the Who Is (ph).  And somebody filed a complaint and Verisign registrar was notified.  Verisign then attempted to contact – to get the data rectified within the time period that ICAN (ph) had specified and did not receive a response from the UK.com people.  As a result, Verisign took the domain down and 70,000 users lost their third level domains in UK.com because Verisign and had pressured applied to them in the past on the 15 day rule.  And they tried to – so we just need to make sure that when we move forward in developing solutions to a lot of these issues that the solutions are practical.  And that we don't constantly end up having to make exceptions or creating a rule that has to be excepted (ph) every other week in order to the keep the world happy, you know.


And these are the kinds of things that legislative solutions are crafted from.  And I don't think any of us really want to go there.


CADE:  Ken (ph) can I ask you a question about UK.com.


KEN (ph):  Sure.


CADE:  So the Who Is (ph) administrative contact data or all data must have been incorrect.  And so Verisign was unable to contact anyone.


KEN (ph):  Right.  And Verisign made all attempts within the 15 day period.  And as a result of what had happened before, the registrar in effect shut the domain down.  I believe they deleted the domain as a matter of fact.  And everyone who used UK.com and the third level of which there were tens of thousands of users, at the third level evidently, lost the ability to have a presence on the Internet as a result of these.


So I think Verisign expressed a significant concern after the fact because ICAN (ph) came in a criticized them for it.  And unfortunately, it was one of those circumstances where enforcement, they did what they were supposed to do.  And believe me, I'm not taking their position.  But on face, everything I've heard so far, Verisign acted properly.  And it was a shame that UK.com didn't have accurate data.


But those kind of issues could get pretty scary.


STEVE (ph):  Well according to – this is Steve (ph).  According to what Tom (ph) has posted, and Ken (ph) you may have other information, Verisign made no attempt to contact UK.com by phone, post or mail.  And – but then simply – and then in 10 days rather than 15 days.


CADE:  So the only thing they did was send e-mails as far as I knew.


STEVE (ph):  Well we don't know, I mean, from this .


CADE:  Right. 


STEVE (ph):  There may be some factual issues.  But I'm a little worried that this is going to become a bit of urban folklore about ...


KEN (ph):  Well the only thing I would be concerned about is exactly what obligations do registrars have in the circumstances like this?  Are they obligated to?  And if so, is the procedure set out?  And I'm not trying to make excuses.  But if every time somebody files a complaint on something like, a registrar has to get on the phone and try to get this thing resolved, it could get to be an incredibly costly ...


STEVE (ph):  But that's the current contract, Ken (ph).


KEN (ph):  Yes.


STEVE (ph):  This is one of the things where the registrars are complaining about things that are in the current contract.  And they're blaming the task force for these recommendations, but in fact they've all ready signed up for these.


CADE:  Ken (ph), I think Thomas (ph) has a comment.


KEN (ph):  Well I didn't hear this in a form of a blame on the task force, but rather a concern expressed about the fact that maybe the time parameters aren't necessarily practical in every circumstance.  And what was more expressed along the line that as we move forward, we want to make sure that if we're going to modify or change any of the procedures in the future, then we need to make sure that we have active hard involvement on the part of the people who are going to be put in a position where they have to implement.  That's all that.


STEVE (ph):  (INAUDIBLE) with that.


THOMAS (ph):  I've got a question concerning the definition of lower hanging fruits.


CADE:  Yes.  I'll – this is being recorded.  I need a new name.  Got it.  I'm sorry go ahead.


THOMAS (ph):  On the question of what's lower hanging fruit, concerning the (INAUDIBLE) Marilyn you said that we should focus on things which are being done – which are within their existing contractual language.  I'm wondering, because I think we have some indications (ph) – let me restart the sentence.  I think we have some indications that there may be some convergence (ph) about what should happen about the (INAUDIBLE) changes to those procedures.


These changes will have to be implemented as a change of contractual language.  Would it be considered low hanging fruit if we would (INAUDIBLE) that ICAN (ph) offers registrars a choice between variance (ph) at this place where registrars can either stick with the existing agreement.  Or sum up to something which tries to address some of the concerns we have from various sides in this stuff.  Will this be lower hanging fruits? 


CADE:  The re-negotiation of registrar contracts – registrars have contracts that have – that have a five year time span, right Ken (ph)?


KEN (ph):  Yes.


CADE:  And so there's the contract and then there's also the accreditation, Tom (ph), agreement.


The – any contractual changes that – any policy recommendations that require a contract change do require consensus.  And it is very possible that registrars would be interested in renegotiating the contracts that they offered from ICAN (ph).  But I would say I think it unlikely – I'm skeptical that for an interim period, probably through the end of the year well into the first quarter, I think it unlikely that ICAN (ph) would be in a position to undertake a significant re-negotiation of the registrar contacts by themselves just based on resources available.  But I'm – that's just an observation. 


But the idea that registrars are offered a new contract would be a relatively, I think, extensive negotiation with registrars that would cover many other topics besides (INAUDIBLE).


THOMAS (ph):  OK.


CADE:  I think.


THOMAS (ph):  So maybe I'm just confusing contractual language and RAA (ph) language.  Things about which I – someone needs (ph) to question. 


For instance, I think I haven't heard any arguments against the registrar propositions (ph) and deletion of domain names are (ph) being replaced by extended hold if that data isn't corrected.  So I'm wondering if there's any way for us to recommend that registrars can fulfill their obligation either by sticking to the current policy which they delete the name.  Or by putting it on to extended hold.  They're giving them more options.  Would that be – wouldn't that be implementable (ph) somehow?


CADE:  I would make – I would propose something slightly different Thomas (ph) and that is that recommendation I would propose that the task force consider a substitution for deletion.  And consider recommending sort of time frames.  And the reason I say that is that as a registrant, I think that one of the things that is difficult for registrants to deal with is lack of certainty.


And given the recommendation we got, and if the rest of the task force agreed that this was a better solution than deletions, I believe it's the kind of things that we could easily demonstrate.  I think we could demonstrate consensus for it because I believe (INAUDIBLE) would support something like this.  Registrars it's difficult for registrars to delete a name and then have to go through the process of, you know, hold is definitely, I think, a better solution stem (ph) as long as there's some certainty to it.  And they have some protection for doing it.  But it is an existing tool to them today.  It just isn't presently deployed in this particular – to deal with this particular problem.


STEVE (ph):  Isn't this also an issue that could be addressed in the deletes policy development process?  That – I don't know exactly where that stands.


CADE:  The – you're talking about the taking the next steps Steve (ph).  What would the timeframe be, et cetera, et cetera.  Right. 


STEVE (ph):  Right. 


CADE:  Yes.  So lets just say that hypothetically this task force recommended that there be a substitution of register hold for deletion.  And we believe a period of time should be established.  We could obviously ask that the deletions task force under take the rest of the work on that particular item.


STEVE (ph):  Well I'm not that clear on how much of the delete work is being done in the task force and how much is being done in a policy development process.


All I know is that this issue is kind of on the table in that process too.  So it may be better way – I mean there may be a way to ...


KEN (ph):  You know, what I'm hearing from your guys is somewhat similar to some of the clash in philosophies we have in the registrar constituencies.  There are some registrars who advocate for allowing the market to deal with irresponsible behavior on the part of the a registrar.  And frankly, I don't believe in that because I feel that if we allow a registrar to act irresponsibly on the theory that they won't be in business if he screws up too many of his customers for too long, I think we all get painted with a bad brush there.


So I think from a practical standpoint we need to make it very clear that there are certain issues that need to be dealt with in an almost administrative manner.  And actually have to be imposed on the registrars whether they like it or not.  And in order to protect the public, there are certain disclosures.  You know, it's always been one of my biggest concerns is that when a registrant registers a name or any solicitation involving a registration of a domain name or any action on a domain name there should be a requirement in there that the ICAN (ph) accredited registrar be disclosed.  I get hammered on a regular basis from resellers.  And I think there's a significant problem with the reseller system.  And if we don't do something about making sure that the consumer is adequately protected all we do is create more confusion.  Some of it falls back to the Who Is (ph) but some of it falls back to what I consider to be an obligation we all have to make this process as full proof as possible to protect the people who use it. 


And those are – either – somewhere down the line they're all our customers or clients one way or the other.  Or they're users like Marilyn’s group, you know.


CADE:  Yes, Ken I wasn't really hearing, and I want to query on that particular point, I wasn't hearing much of a difference on the solution.  What I thought I was hearing from Steve (ph) was the idea that the definition of the timeframe, et cetera, et cetera would be a work item referred to the deletions group.  Not the question of making a recommendation register hold as a – because that relates to – that would relate to Who Is (ph).  That wouldn't – that recommendation would not be appropriate to refer to the deletions task force.


KEN (ph):  OK.  I'm sorry.  I wasn't trying to be getting on a soapbox.


CADE:  But I want to make sure that Steve (ph) and I are in sync.  That was ...


STEVE (ph):  I'm not sure whether that's right or not, Marilyn, because in the paper that was the basis for, you know, that people were asked to comment on the issue of deletion following, you know, on the basis of false contact data in Who Is (ph) is addressed there, and we commented on it. 


So I don't – I'm not making any statements about who's jurisdiction it's within or who's turf it's within.  All I'm saying is that it may be dealt with there.  And that, you know, that may be a more efficient way to deal with it that would be fine.  I don't think it's up to us – I don't know whether it's up to use to refer it to them or whether they've all ready got it.


CADE:  They don't.


STEVE (ph):  That's my point.


CADE:  They don't all ready have it Steve (ph).  Tony (ph) and I are appointed as liaisons to that group to go through the work items where there would be, I don't want to call it overlap, but congruence or dependence is probably the better phrase.  I've suggested that we need to do that after this task force has another week under its belt on what we – where we see those items line.  But I just again, hypothetically would see if this – that this task force, having the expertise on Who Is (ph), if they recommend – if we were to recommend the use of register hold – registrar hold, I would think that the question of what is the period of time, making sure that there's consistency. 


So since the task force is going to be looking at standard time – the deletions task force is going to be looking at standard – the need for standard timeframes for deletion of names.  And where – and they're input both from transfers and from Who Is (ph) on where it may be applicable to provide that as a tool to the registrar.  But I don't want to beat that particular horse any further than we have.  I was going to – I'm going to invite Jordan (ph) to come and speak to the task force at some point.  But they have not – they're just having their first meeting and trying to get organized electing a chair.  So until they have their first meeting, they won't even have gone through what they agree what their robust work items are going to be or what their timeframe is.  They're on a very short timeframe because they're going to try and follow the new policy process, although it's all ready clear that that timeframe is much too short.


Let me go back to the question of long hanging fruit and hear from other people.  Because if we – if you accept the proposal that I've laid out that was given to me by the Names Council (ph) chair and that I will tell you that I find merit in, we would do recommendations around 1A and 1B and around four however down (ph).  And then we would do – by that I mean, we would make specific policy recommendations.  And we would then recommend next steps or more work on two and three documenting the work we all ready have.  And assessing what can be done or what else needs to be done.


We would then also recommend or document the two or three outreach efforts the one with the GAC (ph) and the CCTOBs.  And address how we recommend the learning and awareness issues related – that the GAC (ph) is concerned about which is – it is not only about privacy.  That is sometimes how it's presented.  But it's very much about the misuse of data.  So it's spam.  It's whether the data's being misused.  Whether it's being used in ways that registrants would not agree with, whether there's improper resale not under the bulk licensing agreement.


But Steve (ph), for instance, there's an incident where a number of people have had their IP addresses so in a list that I'm aware of.  And it's clearly a data mined list.  It may be from the ripe (ph) and errand (ph) databases rather than from Who Is (ph).  But it's in that space that's the – some of the government people are concerned about misuses of the data and what can be done is anything under the existing – and whether it's even within the scope of the registrars or registries to deal with it or it's not. 


There's also some interest on the part of the OECD and WIPO on doing some further things that might encourage CCLTBs to become more aware of what steps they may take to become more automated if they are not all ready automated, et cetera.


THOMAS (ph):  So just to come back t o the actual work items, before I get – if I understand you correctly, so the most precise suggestions are going to be 1A and 4A, right?


CADE:  Would it be just on 4A?  Wouldn't it be on all of four?  Bulk access being different than resell or misuse of the data? 


THOMAS (ph):  What do you mean when you say about as the entire four, all three public resale?  What can be done to limit unauthorized access and bulk access problems?


CADE:  Right.  And I was making that A, B, C.


THOMAS (ph):  Yes.  So you think we can get to something on all of these, OK.  And 1B sanctions program or something like that except (ph) for (ph) Jersey (ph) would be one of the mid to long-term items, right?


CADE:  Right. 


THOMAS (ph):  OK.


STEVE (ph):  Yes, I think the division you had for one Marilyn is -may again, I would say, might be very useful for four also.


CADE:  Right.  Dividing it in ...


STEVE (ph):  Yes, what can be done under the current contract.  And then in a slightly longer term, maybe not too long, what changes need to be made?  What changes would we recommend be made.


CADE:  Right.  Have any of you had a chance to look at Louie's (ph) document in an detail in relation to Who Is (ph)?


STEVE (ph):  You mean his document about that he sent out before – just before the Shanghai meeting?  Or is there another document?


CADE:  Yes. 


UNIDENTIFIED PARTICIPANT:  I don't even remember it's been so long.


STEVE (ph):  Yes, I – well I did at the time.  And as I have asked him a couple of times, he didn't make this distinction between things that ...


CADE:  Right. 


STEVE (ph):  That dealt with implementation of the existing contracts and things that would require changes.  I think he has made the very valid point that to change the contract you're going to need a lot of buy in.  I don't know whether you need – I mean without getting into the consensus or not where you obviously need a lot of buy in from the other parties of the contract. 


It's a – I think it makes sense to look first at things that could be done under the existing contract, but he didn't make that distinction, I don't think in his paper.


CADE:  You know, the – I had the benefit on the transfers task for of having both Jeff Neman (ph) and Ross Rader (ph) and Dan (ph) available.  Who Ross (ph) and Jeff (ph) are very, very knowledgeable about what's in the registrar contract and the registry contract.  And Dan (ph) is available as a resource there in a way that he's not unfortunately on Who Is (ph). 


So I have asked what, and I talked to Louie (ph) about this last night, on what help we can get to walk through the appendix to and sort out which of these are implementable (ph) and which are not.


THOMAS (ph):  I have some problem understanding one point.




THOMAS (ph):  What do we mean by implementable (ph) under the current contract.  This is just supposed to be confirmation?  Please enforce this regulation, please enforce that regulation.  Or is this about adding policy under the contractual language?


CADE:  Well for instance ...


STEVE (ph):  Well can I give an example?


CADE:  Yes, do.


STEVE (ph):  I'll just look at our recommendation 1.0.A.4.C. 


THOMAS (ph):  Please give an executive summary of what's in there.


STEVE (ph):  OK.  I will.  ICAN (ph) has all ready said that accepting – under the existing contract, it's told the registrars that accepting unverified corrective data from a registrant that is all ready deliberately provided incorrect data may not be appropriate.  And our recommendation is that they tell the registrars it is not appropriate to accept unverified, quote corrected, unquote data from a registrant that has all ready deliberately provided incorrect data.


Now I don't know whether that's a policy question or not, but it's clearly something that's within the scope of the existing contract or at least ICAN (ph) thinks it is.  And that's the kind of – now, then we have to look at whether in light of the comments we've gotten from the registrars we'd want to modify our – any of our recommendations, that's a separate question.  But I think this is in the low hanging fruit category because what's in there does not require a change to the contract.


CADE:  Steve (ph) we – can I ask a question about this?  But Thomas (ph) you wanted to say something first?


THOMAS (ph):  No, no.  Go ahead.


CADE:  The registrars that spoke were fairly articulate about the fact that they don't presently keep, they didn't use this term, I'm going to use it, blacklist of someone who's previously provided incorrect data.  That's not something they do.


STEVE (ph):  This isn't about a blacklist.  This is about someone that has provided incorrect data or it appears that it was done deliberately.  The complaint comes in ...




STEVE (ph):  Well I don't know whether – what the circumstances of that were.  Sometimes a human being actually has to look at these things.  I know the registrars don't like that, but as we heard from dot-CA it does not kill you to do it.


THOMAS (ph):  It does not kill them.


STEVE (ph):  So – well and they are larger than 90 percent of the registrars.


CADE:  I'm sorry.  We heard ...


STEVE (ph):  Let's not get on ...


CADE:  No, I'm trying to understand what you said, we heard from who?  Sorry.


STEVE (ph):  Dot-CA.


CADE:  Dot-CA.


UNIDENTIFIED PARTICIPANT:  The Canadian registry when they came on and told us about their manual process a couple, gosh about a month ago.


STEVE (ph):  Right. 


CADE:  OK.  I just wanted to be sure I captured who you had said, sorry.


STEVE (ph):  But getting back to this recommendation.  This is when someone has submitted incorrect data under circumstances that it appears to have been deliberate.  They – a complaint comes in about it.  The registrar asks, you know, contacts the registrant and says please correct your data.  And then new data comes in.  The question is should that be accepted as without verification?  Or should some verification be required?


CADE:  I got you.  OK.


STEVE (ph):  Probably the issue that was raised, for example, in the OECD (ph) paper ...


THOMAS (ph):  So you're now talking about future registration from the same registrant, right?


STEVE (ph):  No.  I'm talking about the same registration.


THOMAS (ph):  OK.  Thank you. 


UNIDENTIFIED PARTICIPANT:  Just to maintain that registration.


STEVE (ph):  That's right.  So the question is should they – should ICAN (ph) instruct the registrars under the existing contract that were they to remain in compliance with the existing contract they should – they would require some sort of verification of that data.  Now if we agreed to go forward from that recommendation, I think one thing we're hearing from the registrars is well there's undefined terms I there about deliberately providing incorrect data and what kind of verification.  And I think those are very legitimate points and we would – we ought to see what we could do to specify them or at least have a process for specifying.


But I think this falls in the category of low hanging fruit as Marilyn described it because it would not require a change in the contract.


CADE:  There's a work item over in the transfers task force that Christine Russo (ph) has done for us that I will ask her to provide to this group.  And it was a look at the variety of different kinds of identification that might be widely available such as, you know, some countries don't have the counterpart of drivers license.  They have something – with pictures only of something else.


But she's done a pretty exhaustive list that I'll get sent over to this group. 


UNIDENTIFIED PARTICIPANT:  That was my question.  That's so cool. 


CADE:  And one of the things that, of course, we found is that there countries that have a citizen ID card or something of that nature as well.  I can name four and another one soon to have that.  Hopefully not this country. 


Sorry, Thomas (ph).


THOMAS (ph):  I have – OK, I think that this specific category of low hanging fruit basically isn't contract change or policy but really is the task force giving a particular interpretation of existing contractual language which may not be entirely clear.  So the next question is what about those parts of the RAA, where the RAA felt safe that certain provisions may be replaced by a policy adopted by ICAN (ph).  This is all ready in the long-term category?  Do we consider this a thing for the mid term?  Or do we even believe that we can get a formal consensus making process which would be necessary in this case?


CADE:  Do you have an example in mind?


THOMAS (ph):  The bulk access provisions.


CADE:  Pardon me?


THOMAS (ph):  The bulk access provisions.  There's an explicit sentence in the agreement, not in the agreement, I'm sorry.  In the RAA which says that the bulk access provision can be removed or changed either by the DOC noting that there is sufficient competition.  Or by a containment (ph) policy as defined somewhere in the RAA.


CADE:  Well let's talk a little bit about bulk access and then move in a different direction.  So what's the view of those of you on the call about our ability to – well our bulk access recommendation is – and – is the chair of that group on the call still? 


THOMAS (ph):  Karen (ph)?


KAREN (ph):  I'm still here.


CADE:  OK.  Karen (ph) the bulk access recommendations what do you think your working group – basically what you asked the question, I'm just looking to see – we don't actually have a – we have a question about whether bulk access – about whether we should completely restrict bulk access for any marketing purposes, right? 


THOMAS (ph):  We have – I think we all ready have a question which asks can we identify a so called legitimate users and restrict bulk access to them but something different – may be different than non marketing users.


Actually, Marilyn you're right now getting into the direction of asking can we get to consensus?  The question I was trying to ask is, how should I put it?  OK.  No, forget it, the question was bad.  OK.  The question is – the real question is most likely really can we achieve something like consensus hear.  And I think in order to do that we would have to thoroughly read the GTLD constituent – registry constituencies comments.  They have a lot of concerns about the feasibility of the recommendations we have been making.


CADE:  The GTLD registry?


THOMAS (ph):  Yes, the comments posted by Karen (ph).  Yes, some interesting stuff in there.


CADE:  Yes.  Karen (ph), can you comment on that?


KAREN (ph):  Well I was going to say to the consensus point, I would think that that would be, I would think, sort of a mid to long-term goal rather than something we would be able to do now.  The recommendations that we put forward in the draft were really, you know, specific to the various provisions in the registrar accreditation agreement.  So there's no sort of wholesale recommendation in there.  And in fact the – you know, one of the questions we raised in there was, you know, we should consider maybe getting rid of bulk access completely, but without further research we can't make that statement right now.


And I don't think we can do that based on the results of the survey.


THOMAS (ph):  But, OK, we still have the question if we can come to – if we can achieve some formal consensus on a recommendation – on a compromised recommendation which at least tries to improve things somewhat.  Keep in mind that this will have to be investigated further in the future?  Or will that be just waste of time and we defer this?


CADE:  Well the – look the questions we ask, we ask whether the – under we address the question in the – whether the provision should be changed, so the third party is required not to sell or distribute the data except at the part of value added product or services.  That would be changing what the data could be used for once it is sold.  And we asked that question.  Should it be changed?  And should there be a provision which explicitly prohibits, forbids any use of our purposes other than those stated in the bulk access agreement? 


I don't really see, Karen (ph), that is being based on the survey results.  I see the answer to that being based on the question was based on the survey results, but the consultation we're trying to take is beyond the survey. 


STEVE (ph):  Marilyn ...


KAREN (ph):  I agree with you.  I just think that they're – before making sort of the whole sale recommendation that Thomas is proposing here we need more feedback, right?


THOMAS (ph):  So you're saying that anything which changes bulk access agreement, bulk access provisions of the RAA will be mid to high hanging fruits? 


KAREN (ph):  Well I think – well they are, you know, that what we've recommended here are – both times, I think changes the RAA.  And so either you get consensus or you get the agreement of the individual registrars.  And so I think it's maybe not as low hanging as we think.


THOMAS (ph):  OK.  Well 4C is in the mid term region.


CADE:  Well let's keep talking about this.  Steve (ph).


STEVE (ph):  Marilyn – yes, it might be helpful to look – if you look back at the recommendations that were made by the working groups, it included an appendix.  Karen's (ph) working group included an appendix that really shows the proposed changes to the bulk access provision or ERAA (ph) and there are four.


CADE:  Can you – yes.  Sorry.


STEVE (ph):  And I mean I think, yes, all of them would require consensus, I think.  But it might be – consensus might be harder or easier to attain on some of these.  I mean I don't know.  And I had to go back and look on the registry comments, which if they focus on this.  But I mean I think it's fairly specific what changes we're recommending.


Now there may also be issues of about whether – what is the existing compliance – compliance with the existing agreement.


UNIDENTIFIED PARTICIPANT:  Is this something that because it's formatted in such a nice way, that we could each take to our constituencies and have them vote on?  You know, each, does this sound good?  Does this not sound good?  Do you have a better suggestion?  Sound good, not good, better suggestions?


THOMAS (ph):  Frankly, before we carry this to a constituency for a vote, I think we should have some look at it on the plannery (ph) of the task force. 


UNIDENTIFIED PARTICIPANT:  Oh I don't think it's low hanging fruit.


THOMAS (ph):  OK.  So we can (INAUDIBLE) this for this year.


CADE:  I'm not sure that I agree with that and so I'd like to understand.  You know, we're making – maybe we're being too broad with this.


STEVE (ph):  Well maybe the way to say it is all right, these changes would require – might require consensus, but we did certainly get the sense from the survey that people feel strongly about this.  And that therefore, we would want this consensus process to move forward quickly.


CADE:  And Steve (ph) we're – at this point we're talking just about bulk access?


STEVE (ph):  Yes, that's all I'm talking about at this point.




KAREN (ph):  I would agree with that.  I mean I think, you know, what's to stop us from making the recommendation, and saying this is, you know, either subject to a consensus process or, you know, subject to the agreement of the registrars because that's who it really effects, I think. 


THOMAS (ph):  Actually, if we are proceeding that way, we can just stop because most of the changes we are suggesting are of the nature of replacing something – of replacing language, which says the registrar may with language which says the registrar shall.  And leaving this – leaving buy in to the new policy at the registrar, discretion is equivalent to leaving it as is.


CADE:  And I don't think the task force has any value by ...


THOMAS (ph):  It just doesn't change anything.


CADE:  By trying to go one-by-one.  I think that's just nuts but for a number of reasons, including the fact that as Ken (ph) had mentioned, it would take so long to get people to – but I will tell you in my dialogue with the registrars, I didn't hear any enthusiasm for bulk access.


STEVE (ph):  You mean for the status quo.


CADE:  Well yes.


STEVE (ph):  Or do you – bulk access at all I think is ...


UNIDENTIFIED PARTICIPANT:  I haven't heard any enthusiasm for bulk access by anybody.


STEVE (ph):  Well this is partly because we haven't really had at the table here, the people who now get bulk access and use it for what I would consider legitimate purposes.


CADE:  Tell us who that is.


STEVE (ph):  Well, for example, I talked with the people at Thompson and Thompson (ph) who use bulk access to provide value added services to a lot of businesses and so forth.  And I encourage them to submit a comment and get involved.


CADE:  Yes, I know.


STEVE (ph):  So I don't know exactly what the path forward is at this point.  But certainly in a consensus process there would be some way to ...


CADE:  Yes, Steve (ph), guys, you – I need to correct an understanding here.  You guys are in a consensus process.  You're it.  There is nothing different in a consensus process than what we're doing.


STEVE (ph):  No I understand that.




STEVE (ph):  But I mean it's one – it's a contractual change process as distinguished from the process of recommending how to handle ...


CADE:  OK.  So we put out a recommendation.  But let me make a distinction here.  If – what we asked was whether bulk access use should be restricted to legitimate.  And then we asked – I mean I think it may feasible to say something like the following.  The task force recommends that a four week process be undertaken to create a definition to legitimate, non marketing uses of Who Is (ph).  And plans to take comment on the following proposed definition. 


And then publish a recommendation.  That would be like – you'd get a – you'd get in a our December report recommendation the fact that we recommend that bulk access be modified.  And we intend to address what that modification might look like in the following way.  So we wouldn't be wiping out non marketing uses Steve (ph).


STEVE (ph):  Right. 


CADE:  And I want to go back to something that Thomas (ph) mentioned.  Thomas (ph) you mentioned that Net Names (ph) has developed a quote super Who Is (ph)? 


STEVE (ph):  Snap Names (ph) I think he said.




CADE:  Snap Names (ph)?  Snap Names (ph) is creating a product as I understand it, where they intend to revenue share with registrars.  That was my understanding.


UNIDENTIFIED PARTICIPANT:  Too bad they wouldn't revenue share with the old registrants.  I think I should get a $1 a day for all of the spam they send me.


THOMAS (ph):  OK.  Well the important thing about that is, of course, that I wouldn't be- that they would neither be just doing query based data mining nor would they be using the bulk access regime.  So they would fall out of it.  And I think is 4A Marilyn?


CADE:  How do they get access to the data?


STEVE (ph):  Yes, that's what I don't understand is that either something is bulk access or it's not bulk access, but is there a third path that we're talking about? 


CADE:  And if there is, that may be a – I mean I – well look I actually I thought – I did think you mean Net Names (ph).  There are three or four portals out there today that you can use to search across multiple Who Is (ph).  And for most of them, not all of them are based on bulk access.  Some of them are based on port access.


STEVE (ph):  Yes, they do a query.


CADE:  Yes, they do a query. 


STEVE (ph):  But there are services that are based on bulk access.


CADE:  Right. 


STEVE (ph):  And the question is what are the legitimate uses?  What should be the cost of access to the data?  Should an opt out be required?


CADE:  Right. 


STEVE (ph):  And should there be restrictions on licensee use of the data.  I mean these are the recommendations that we have.  And, obviously, we need to see what input we've gotten on those.


CADE:  Right.  And then – but – so I – can I just delve a little bit further here.  That would be bulk access.  And we kind of – I'm going to move us to the on – what about the other recommendations, Karen (ph) in your ...


THOMAS (ph):  May I just try to get back on some point before we go on?


CADE:  Yes, go ahead Thomas (ph).  Sorry. 


THOMAS (ph):  First of all on Steve's (ph) question either it's bulk access or it's not.  I don't think, but I may be wrong, I don't think that the registrar accreditation agreement currently says registrars must not make their data available accept under the bulk access provisions.  It only says registrars must make their data available on the bulk access provisions.  That is if Snap Names wants better data and wants fresher update than just once a week.


They may – there may be a way for them to pay registrars for this data.  Pay them high prices.  Do revenue – maybe do some revenue sharing like Marilyn alluded to.  And I think that this is a separate question from bulk access proper.  And that we really should address this and I don't think we do it so far. 


CADE:  Well I think – and I have a question about this.  And, you know, leaving aside what's being done, here's my question, as a registrant, I may expect that my data when I registered PSWG.net, I expect my data to be in the Who Is (ph) database.  I don't expect the registrar to make decisions to resell additional access to my data for the creation of other accounts (ph) except under bulk access.  And I know more than the average bear on this.


If this – I don't – I have no idea whether this is a problem or not.  That registrars are making decisions about distributing the data to which clearly they are.  They're making decisions about access to the data, to third parties, not just under bulk access but otherwise as well.


THOMAS (ph):  And in fact, they would have to announce these decisions to registrants under 3774 of the registrars accreditation agreement, I think which they don't seem to do very enthusiastically.


STEVE (ph):  Well that – it may be that this is a – that part of it a contract implementation issue if they're making this available and not disclosing that they are doing so.


THOMAS (ph):  How they are disclosing?  I mean to what level of detail do they have to say we make it available for any legitimate purpose?  Or do they have to say, OK, we make it available for search service by Thompson and Thompson.  We make it available for cross linking to ..


CADE:  Or ...


THOMAS (ph):  ...and so on.


KRISTY (ph):  I guess you'd be specific.  I think that we should know who has our data.


CADE:  Or Thomas (ph) and Kristy (ph) and Steve (ph) or do they have to disclose to the registrant at the time like an IP does in their service level agreement?


STEVE (ph):  Well they do have to disclose who, you know, in general.  I mean there is an RAA obligation of – for them to disclose to the registrant.  It doesn't say how detailed that is.


THOMAS (ph):  I mean one of the questions is is this clearly (ph) part of the contract.  If they tell me, OK, we make your data available under the bulk access agreement, does it all ready mean that they tell me and we won't do it otherwise.  And that I have arrived to enforce it or doesn't it?


STEVE (ph):  Yes.  Well again, I think, maybe one thing we're stumbling up against here is the lack of a clear definition of bulk access.  Because I have on definition of it, and maybe other people think of it different.  But it's not defined in the agreement which is one shortcoming that I think ...


CADE:  Now tell us what you think it is Steve (ph)?


STEVE (ph):  I think it's access to all or substantially all of the data that's in the Who Is (ph) database that's held by the registrar.  So that they're basically turning over a tape.


CADE:  Right. 


STEVE (ph):  Or in some other form, giving you a snapshot of everything that was in this database as of a certain date.  To me, that's distinguished from port access.


CADE:  Right. 


STEVE (ph):  That – where the data is coming one at a time.  Now it may be coming on at a time with a very high volume.  But that's – to me that's a separate issue.  It's one that the registrar – some registrars handle through the use of governors and technological attempts to try to keep people from using port access as a substitute for bulk access.


But to me these are separate things.  And that the bulk access provisions cover the first situation.  They don't cover the second situation.  But maybe there needs to be a clearer definition and agreement of what bulk access is.


CADE:  Steve (ph) are you in the latter category, port access?  Are you making a distinction between agreed to port access where the registrar is in some way cooperating with the third party?  Versus data mining via unauthorized (ph) port access?  I mean the ports there but ...


STEVE (ph):  Yes, well but they're obligated to provide port access.


CADE:  Yes.


STEVE (ph):  Under the agreement.  The question – I think your question is are they allowed to give some people preferential access?  Or are the – for example, use of governors is not mandatory.


CADE:  Right. 


STEVE (ph):  But it's clearly accepted under the agreement, because a number of registrars have done it.  In fact, I think the registry agreements for the new TLDs say they can do it at the registry level.  But may be a clearer definition – I mean because if there is this gray zone, if you will, of people getting access to large quantities of data, let's call it that, without going to through the bulk access process, maybe that, you know, that would be more clearly defined. 


THOMAS (ph):  I'm not sure that we only – I'm not sure I understand why you argue that we need a clear definition of bulk access.  Because things are – the provisions we are starting to have towards RLS1 (ph) from 3.7 that (ph) seven (ph) of the RAAs (ph) is separate from the actual bulk access provisions which is in the business dealings including with registered name holder sections.


And there are some interesting point there would – at which we would have to look which addressed the question – seemed to address the question of what kind of additional access registrars may give or may not give.  But I'm not currently at the point of understanding it completely.


STEVE (ph):  Yes, OK.  But all I'm saying is my viewpoint is that they're only giving two types of access.  They're either giving port access or they're giving bulk access.  But in some cases port access could kind of substitute for bulk access if it's not governed, if it's millions of names, you know, a day or something like that.


So the question is, does that fall under bulk access?  Or does that fall under for which you can opt out for example?  Or does it fall under port access from you can't?


UNIDENTIFIED PARTICIPANT:  It almost sounds like it falls under searchability (ph) and something that we want to protect against.


STEVE (ph):  Well all I'm saying is that maybe we need to – we should think about recommending that this be clarified.  Because if we think this is a big problem, and I'm not sure how big a problem it is. 


CADE:  Well maybe this is something we need to – actually need to ask the registrar Steve (ph).  Because the, you know, my conversation with the registrars and – goes like this.  They don't lie people data mining the data and misusing it because they do think A, when their systems are being bombarded or they've had to put governors on them, there's actually additional cost to them to support dealing with the data being mined.


STEVE (ph):  Right. 


CADE:  And so, you know, they're not thrilled with that.  They consider that as sort of an unfunded mandate or requirement.  They don't see that as – even those who wholeheartedly support public access to Who Is (ph), don't support that.  They – I didn't find any in the few I talked to that saw the fee for bulk access as a really realistic revenue stream.


So, you know, the $10,000 wasn't, at least in the ones I talked to, that wasn't being viewed as oh I can make $10,000 every month by selling my data to a Thompson and Thompson (ph) or whoever.


The – we may – maybe we should think about more questions that we should address to the registrars and go back to them.  I don't really think that this particular approach of having a resolution that Mike (ph) is proposing is very helpful to the registrars.  And I think that a dialogue to answer some of these questions and hear from them is much more helpful.  And I thought the meeting in Shanghai was very – was a good beginning.


Now there's a few that I could go back to and we could ask questions of several of the, you know, Enam (ph), Register.com.  We could probably – Bulk Register (ph).  We could probably get a relatively short list, but fairly representative list to come back and respond to this additional set of questions as an educational effort for the task force if that's useful.


STEVE (ph):  Well do their comments – do they comment – I don't mean the unified registrar comments that are on the ballot now, but the comments that have come in from the various registrars.  Do they address this bulk access issue? 


CADE:  No.  No that I ...


STEVE (ph):  Or they're focused more on point one I think.


CADE:  Yes and – I think so.  I haven't seen anything on bulk access.  Karen (ph) from the registrars? 


KAREN (ph):  I haven't seen anything. 


THOMAS (ph):  A statement on bulk access? 


STEVE (ph):  Yes, it just is a question of how input do we have as of now based on the comments? 


THOMAS (ph):  We have something from Two Cal (ph) on it.


CADE:  Right.  Actually, we have some pretty good detailed comments from Two Cal (ph).


STEVE (ph):  On this – on bulk access.


CADE:  Pretty bluntly on everything.


THOMAS (ph):  Almost everything.


UNIDENTIFIED PARTICIPANT:  Yes, they really responded well.


CADE:  Yes.  They actually did an excellent job.


UNIDENTIFIED PARTICIPANT:  It looks like they read the whole thing that we wrote.


CADE:  That would be Ross (ph).  That would be Ross (ph) who called me to tell me when we were going to be getting their comments to make sure that they got in on time which I really appreciated.


Let's do this and wrap up.  Let's do next steps and wrap here.  Here's – I have just now been able to print out all of the comments.  And the comments site is closed, but I have told registrars – I have told people that if they have comments they haven't gotten in that they can posted to the task force by whoever their representative is.  And I'm expecting comments from gosh, sorry, I can't remember, there's another large registrar who is going to have comments.  They had some sort of a situation that held them up.  And they're going to have comments, I think Wednesday or Thursday on Who Is (ph) that are – they won't be as detailed as Two Cal's (ph) but I think they'll be helpful.


And then we have, Karen (ph), your comments from the registry constituency.


KAREN (ph):  Right. 


CADE:  We don't have comments from – and then we just have sort of drips and drabs of other significant comments, except we have comments from Danny Younger (ph) and from – personal comments from Mike Pilage (ph) himself, right.  And I think, other than that, we've got sort of bits and pieces of comments.  But that I mean they are comments that are made to address a particular area but aren't real, real broad, that don't address the entirety of it. 


STEVE (ph):  OK.  But you're saying that if there are additional comments, for example, from these users of bulk – current users of bulk access that we could just send those to the list?


CADE:  Yes.


STEVE (ph):  OK.


CADE:  And Steve (ph) if you can get them to respond, any kind of response would be helpful.


STEVE (ph):  Yes.  OK.  I will try.


CADE:  Yes.  I'd like to have people look at the table of contents and just look at the taxonomy that we talked about.  And let's thin about how we could begin to write or final report in modules.  And I'd like to use the same working task forces if that's OK with everyone.


THOMAS (ph):  One issue with that, in order to avoid further problems with the registrars constituency, we should maybe make sure that we have representatives from them everywhere. 


CADE:  That actually that's not going to solve our problems.  We're going to have to do something other than that.  We have had representatives on the task force from the beginning.


THOMAS (ph):  Yes, I mean on the subgroups.


CADE:  I hear you, and that won't solve our problem.  I think instead, what we're going to go have to do is have another more detailed discussion.  It's very hard for them to organize themselves to consult.  Ross Rader (ph) did a call last Monday on transfers and had five to six people on it.  And we did a call on transfers yesterday, even though it was a follow on to the Shanghai meeting, we had about the same number of people.


And we had – I have personal commitments from people that they would try to be on the call.  So it's just very difficult Thomas (ph).  I think we've got ...


THOMAS (ph):  I've got your point.


CADE:  We've got to put something in front of them and walk them through it. 


SARA (ph):  Marilyn, this is Sara (ph).


CADE:  Hi, Sara (ph). 


SARA (ph):  Hi.  Sorry, I joined late.  And I'm just wondering what the time range is for the final report.  I don't know if you said that all ready.


CADE:  It has to be posted the week of the 24th. 


SARA (ph):  The 24th OK of December.


CADE:  Yes.  No.  Of November.


SARA (ph): Of November.  OK.


CADE:  Which is why we need to cut it in to pieces.  So, you know, we – the final report would basically have here are the things that we recommend.  And then here's the additional work we recommend so we – so actually, Thomas (ph) to your point, we do need to re-divide the task forces anyway because our focus is going to be heavily on one and four.  And, well I'm not sure that's right.  Let me think about this and talk to you guys.


Karen (ph), are you still willing to do this?


KAREN (ph):  Yes.


CADE:  And Kristy (ph).


KRISTY (ph):  Yes, ma'am.


CADE:  Steve (ph).


STEVE (ph):  Yes.


CADE:  And Rom (ph) is still willing to do it whether he knows it not.


THOMAS (ph):  I have one issue with this.  I have no – absolutely no problem with preparing suggestions for high hanging fruits for (ph) groups (ph) to work on.


CADE:  Yes, right.


THOMAS (ph):  And inputs basically I have no problem in producing input for future work in this large group.  But I'm not sure that we should also delegate the low hanging fruit that is implementable (ph) and to be implemented recommendations we are going to make.  I don't think we should put these into small groups.


I think we should try to identify these early.  And have the small group work on the long term – mid to longer term stuff.




THOMAS (ph):  And have the entire task force work on the real call recommendation. 


CADE:  Yes, I think that's actually a good idea.  I was thinking about a similar – I was thinking about a similar concern but hadn't come up with a solution.  I think you're right.


Let me run something past you guys.  Given the amount of time we have left here, what – I think we're going to still have to do two – this is Wednesday.  Can some of you do a call on Friday afternoon?  And then let me go to on Monday, I can still do – I can do a call on Monday the 18th.  I can do a call on Wednesday the 20th.  I can do a call on Thursday the 21st.  I'm not proposing three calls that week, but I am probably proposing two calls that week.  Do we need to do a call this Friday to try to launch the work on the low hanging fruit as a group?  Or do we do it on Monday?


And in the meantime, people read all of the comments.  Maybe this is a better idea.  People read all of the comments that have come in.  And on Monday we work on the low hanging fruit.  And the task force chairs are going – you will then have a sense of what remains for you to try to do – Kristy (ph) you and Rom (ph) fall into the mid to long-term anyway.  So we should probably try to get your groups going in parallel as well as having you on the Monday call.




CADE:  Can everyone do the call on Monday?


THOMAS (ph):  It works for me. 


STEVE (ph):  What time?


CADE:  Eleven.  Yes.






KAREN (ph):  I have a conflict.


CADE:  Karen (ph)? 


KAREN (ph):  Yes, I may have a conflict on Monday.




UNIDENTIFIED PARTICIPANT:  Could you go earlier in the day on Monday, Karen (ph)?


KAREN (ph):  I kind of have an all day sort of management ...


THOMAS (ph):  So maybe we could concentrate Monday on low hanging fruit in section one.


CADE:  Yes. 


THOMAS (ph):  If Karen (ph) is fine with that.  I don't know if we – can – do we have anyone else from the GTLD (ph) registries?


CADE:  Well Rom (ph) and I'll see where he is.


THOMAS (ph):  We need him.


CADE:  Does anyone feel the need to – so Monday and then again, Wednesday.  OK.  And you guys are (INAUDIBLE) me that you're cooperating in this intense effort because you want to me sure that I – that my birthday wish comes true, right?


UNIDENTIFIED PARTICIPANT:  Oh, yes.  When's your birthday?


CADE:  The 24th of November. 




CADE:  We are going to post something that week.


UNIDENTIFIED PARTICIPANT:  A little happy birthday song.


THOMAS (ph):  So Marilyn just to be sure.  I think we should really try to make sure that if Monday and Wednesday are calls for working on the low hanging fruits, we will need representatives from all of the constituencies there.


CADE:  Yes, I will – I'll notify everybody.  Tony (ph) is available after Friday.  I knew today was a risk for him.  But – and that means that we would have another call on the 25th.  And then that's Thanksgiving week.  So we're going to – we have a call on the 25th.  We have got to – the last day that we can post is the 30th because we have to meet the 14 day deadline.  And that would just – for the Names Council (ph). 


So guys we may have to make a decision that our focus is going to be very much on low hanging fruit and pushing the other work further out given how little time we have.  When you read the comments would think very hard about the practicalities here? 


THOMAS (ph):  I have one more question.




THOMAS (ph):  Concerning this resale business.  Earlier this call, I've been arguing that there may be a way for registrars to make the bulk of their data available besides bulk access provisions.  But during some of the discussion I haven't been paying too much attention to the call but rather to the RAA.  And there are some clauses in the 377 part which may mean something else.  Could you on behalf of the task force, send something to Louie (ph) and ask him for clarification on that?  I can send you an e-mail with the question.  Would that be possible?


CADE:  Would do.  Yes, thank you.


THOMAS (ph):  Because it's framework for the bulk access part.


CADE:  Yes, please.


THOMAS (ph):  I need to understand what kind of discretion do registrars have.


CADE:  Right.  You know, what I'm going to do is I'm going to go back to a couple of the registrars who know the agreement very, very well and ask if one of them would be available by e-mail to consult with us on questions about the agreements, the contracts, and the accreditation – the contracts in particular.  


Thomas (ph), you did this document on relation to the RAA that I know you posted.  Can you ...


THOMAS (ph):  Which one do you mean?


CADE:  Can you find it and repost it?  Or point all of us to it again, because I've been searching for it randomly while we've been talking.  And I know it's there.


THOMAS (ph):  You mean that survey of the bulk access of the Who Is (ph) provisions?


CADE:  In the RAA, right?  You did ...


THOMAS (ph):  Yes.  But it leaves out – it actually leaves out these contractual relationship parts.


CADE:  I know.  But ...


THOMAS (ph):  But it is http://doesnotexist.info.whois-primary.html.


CADE:  You'll be shocked to know that I didn't copy that down.




THOMAS (ph):  Sorry, the domain I use ...


STEVE (ph):  Why don't you just send that on e-mail? 


UNIDENTIFIED PARTICIPANT:  It does not exist dot-info, there was a tilde (ph). 


THOMAS (ph):  I actually got dot-net and tried (INAUDIBLE) that.


CADE:  And I wanted to note that I saw that Louie Tuton (ph) was using does not exist while he was traveling.




CADE:  OK.  Guys.


STEVE (ph):  OK.  All right.  Thank you. 


CADE:  Thanks.














We welcome your feedback on this transcript. Please go to http://www.emediamillworks.com/feedback/ or call Elizabeth Pennell at 301-731-1728 x138.