I agree with others that we should/could use this opportunity to modernize this language before incorporating it in to the bylaws. As has been said, this could also be a WS2 effort. As an example, enumerating the various WHOIS contact objects is not helpful, given that past community work examined deprecating the billing contact, folding it in to the admin function, or collapsing all records in to a single contact (OPOC, anyone?). Future PDPs could revisit these issues, or create new contact objects that would be absent from the bylaws. And RDS would completely reshuffle the deck. We should also be mindful that “unrestricted” access would theoretically prohibit anti-abuse measures like CAPTCHA to mitigate WHOIS data harvesting, and “public access to accurate and complete” data might be read to invalidate proposals for “gated access” in RDS. For these reasons, I appreciate Bruce’s alternative language as an effort to ensure that future WHOIS/RDS work is not handcuffed by overly-narrow bylaws. Thanks— J. From: <accountability-cross-community-bounces@icann.org<mailto:accountability-cross-community-bounces@icann.org>> on behalf of Steve DelBianco <sdelbianco@netchoice.org<mailto:sdelbianco@netchoice.org>> Date: Wednesday, September 2, 2015 at 3:20 To: Nigel Roberts <nigel@channelisles.net<mailto:nigel@channelisles.net>>, "accountability-cross-community@icann.org<mailto:accountability-cross-community@icann.org>" <accountability-cross-community@icann.org<mailto:accountability-cross-community@icann.org>> Subject: Re: [CCWG-ACCT] Proposed WHOIS language Nigel — Guess I should have reminded everyone that the CCWG version started with the existing Affirmation of Commitments (link<https://www.icann.org/resources/pages/affirmation-of-commitments-2009-09-30-...>), then we added the OECD privacy guidelines. Here is the AoC language: 9.3.1 ICANN additionally commits to enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information. One year from the effective date of this document and then no less frequently than every three years thereafter, ICANN will organize a review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. From: <accountability-cross-community-bounces@icann.org<mailto:accountability-cross-community-bounces@icann.org>> on behalf of Nigel Roberts Date: Wednesday, September 2, 2015 at 3:28 AM To: "accountability-cross-community@icann.org<mailto:accountability-cross-community@icann.org>" Subject: Re: [CCWG-ACCT] Proposed WHOIS language I like Bruce's MUCH better. The CCWG version is self-inconsisent. In the first sentence it talks about "subject to applicable laws" while in the very next sentence proceeds to set out a proposition that, at least on the most commonly understood construction, would be incompatible with the laws of 30 or so countries (The EU and the EEA states), and for that reason, I object to it. Nigel On 09/02/2015 02:31 AM, Steve DelBianco wrote: Thanks, Bruce. For comparison purposes, I pasted the CCWG’s proposed language below your text. From: <accountability-cross-community-bounces@icann.org<mailto:accountability-cross-community-bounces@icann.org> <mailto:accountability-cross-community-bounces@icann.org>> on behalf of Bruce Tonkin Date: Tuesday, September 1, 2015 at 9:24 PM To: "accountability-cross-community@icann.org<mailto:accountability-cross-community@icann.org> <mailto:accountability-cross-community@icann.org>" Subject: [CCWG-ACCT] Proposed WHOIS language Below is some suggested language regarding WHOIS reviews for consideration by the CCWG when considering what to incorporate into the bylaws regarding the AoC reviews. Note the Board has no plans to cancel the current AoC - so the language in the AoC - still stands until the community and NTIA wish to change it. This language however tries to contemplate an environment where we are introducing a new gTLD Directory Service as a result of policy development within the GNSO, as well as most likely continuing to run the existing WHOIS service for some time. Regards, Bruce Tonkin ICANN commits to enforcing its policy relating to the current WHOIS and any future gTLD Directory Service, subject to applicable laws, and working with the community to explore structural changes to improve accuracy and access to gTLD registration data, as well as consider safeguards for protecting data. This Review includes a commitment that becomes part of ICANN Bylaws, regarding enforcement of the current WHOIS and any future gTLD Directory Service policy requirements. The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement, promotes consumer trust, and safeguards data. The Review Team shall assess the extent to which prior Review recommendations have been completed, and the extent to which implementation has had the intended effect. This periodic Review shall be convened no less frequently than every five years, measured from the date the Board took action on previous review recommendations. _______________________________________________ From CCWG 2nd draft proposal, page 81: ICANN commits to enforcing its existing policy relating to WHOIS/Directory Services, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information. The Board shall cause a periodic Review to assess the extent to which WHOIS/Directory Services policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. This Review will consider the OECD guidelines regarding privacy, as defined by the OECD in 1980 and amended in 2013. The Review Team shall assess the extent to which prior Review recommendations have been implemented. This periodic Review shall be convened no less frequently than every five years, measured from the date the previous Review was convened.