-----Original Message----- From: Bruce Tonkin Sent: Thursday, 22 June 2006 8:00 AM Subject: RE: Regarding response from American Intellectual Property Law Association Hello Mike, Thanks for your quick reply. YOU STATE: In the Final task force report on the purpose of WHOIS and of the WHOIS contacts dated March 15, 2006, it is stated that "Task 1 of the task force terms of reference requires the WHOIS Task Force to define the purpose of WHOIS. Defining the purpose is important as it will guide work on the other work items in the terms of reference. RESPONSE: Agreed. Defining a purpose is always a good start when studying a system. However given that the formulations are very similar, and that not all members of the task force or the Council could agree on a single definition, it seems sensible to proceed to see where formulation 1 will take us with respect to the further work. The impact of formulation 1 can then be seen in the context of any recommendations with respect to changing access to data. If the recommendations do not get broad support, then that would seem the best time to revisit whether the definition of purpose is wrong. I recommend that the work product be viewed as a whole, rather than focussing further energy on the topic of purpose (many months have already been spent on this debate). With respect to the formulations, lets consider the actual differences. They only differ in the last few words, ie Formulation 1: "issues related to the configuration of the records associated with the domain name within a DNS nameserver. Formulation 2: "can resolve, technical, legal or other issues related to the registration or use of a domain name." With respect to "issues" the two formulations are equivalent. Formulation 2 explicitly lists technical and legal as categories of issues, but by comparison formulation 1 has no limitations on the types of issues. In some ways formulation 1 could be seen as a wider definition, as it makes not attempt to name any particular issues. Taking the next point of difference: Formulation 1: "related to the configuration of the records associated with the domain name within a DNS nameserver" Formulation 2: "related to the registration or use of a domain name" The difference here is far more subtle. For a domain name to be actively used for intellectual property infringement - by that I mean that using the domain name as an identifier to reach an Internet location that may have offending content, or using a domain name in an email address for the purposes of receiving responses to some sort of fraud etc - requires a particular configuration of the records in a DNS nameserver. Formulation 2 is in some ways narrower, as it refers to registration, but does not refer to subsequent configuration of DNS records. Note these DNS records are typically configured via an NS (nameserver) record in the gTLD zonefile, as well as DNS records in the nameserver computer (which can be operated by individuals , organisations, ISPs, etc). Thus formulation 1 would seem to cover all the possible scenarios where a domain name is actively involved in any intellectual property issues, and is perhaps the more general of the two definitions. Formulation 2 uses the term "use of a domain name". This is a less precise term than used in formulation 1. In this context who is the "user"? - the registrant or other Internet users. I have seen domain names used by Internet users in the same way as any other word, symbol, or trademark to deliberately confuse an Internet user. This is commonly done in two ways: (1) the domain name is part of a faked "From" address in an email (the domain name is not intended to be used for return email, it is purely a word intended to mislead) usually without any involvement of the domain name registrant or the operators of the nameservers for that domain name. (2) as part of the content of an email or the contents of a website, where the domain name appears again as a word or image as part of a hyperlink. An Internet user clicks on the hyperlink (effectively just a symbol) and gets directed to an Internet location completed unrelated to the domain name. In the cases above the domain name itself is misused in the same way as any trademark may be misused. In this case the domain name registrant along with the operators of the related DNS nameservers is the victim. So the term "use of a domain name" can have meanings outside of the mission of ICANN. I think the reason for such debate over the two formulation is more related to different language used in the technical versus the intellectual property community. If we focus on the more complex problem of improving WHOIS, it may well be that the differences in the two formulations are not material. Ultimately the wording of the purpose could certainly be improved to use language that everyone clearly understands. YOU STATE: While it is technically correct to state as you do that "that there are no changes in collected data, nor in the requirement for that data to be accurate," basing the further work of the task force on the narrow definition of the purpose of WHOIS in Formulation 1 will almost inevitably lead to recommendations that the data collected and the access provided to that data be more limited than is currently the case. RESPONSE: Any changes to data collected is out of scope for this particular policy development. There seems to be a mis-conception that the data is only collected so it can be displayed publicly by the WHOIS service. This is not the case, there are a range of operational reasons why the data will continue to be collected along with other data (such as credit cards, incoming IP addresses etc). Stating a purpose of the WHOIS service does not directly impact what data is collected. I do agree that access may be more limited than is currently the case, however this could result from either of the two formulations. It is important to distinguish access to data by the general public, from access to data by entities that have a specific need. For example registrars collect credit card information from registrants which is not made public, and provide this to law enforcement agencies for legitimate purposes through well established processes. The terms of reference of the task force note that if any data is removed from general public access, that the task force must also specify how that data will be accessed by those with a legitimate need. I hope that your association will continue to be involved in the more challenging work ahead. Regards Bruce Tonkin