All,

You may recall that when the GNSO Council decided last October in LA to terminate the pending PDP on WHOIS, you also decided to solicit public opinions about the types of future studies that might be conducted on WHOIS, to inform future policy development.  You may also recall that the 31 October resolution asks staff to prepare a summary of the submissions received (amended to request by February 25), and the Council would then provide additional definition regarding potential data gathering and study requirements.  Staff would then provide the Council with rough cost estimates for various components of data gathering and studies as requested by the Council.  Based on those cost estimates, the Council will decide what data gathering and studies would be pursued; and 4) staff will perform the resulting data gathering and studies and report the results back to the Council.

The public comment period closed on 15 February, and attached is a summary and analysis of the public comments we received (25 total) that I’ve compiled with the considerable help of an expert consultant, Lorrie Faith Cranor.  Dr. Cranor is a professor of computer science at Carnegie Mellon U. and an expert researcher on Internet privacy, security and related issues, and we are fortunate to have her expertise to review and collate study suggestions.

 

As you consider next steps, I do want to point out that in the attached summary, we have grouped proposed studies according to the following topic areas:

 

1.       WHOIS misuse

2.       Compliance with data protection laws and registrar accreditation agreements

3.       Availability of privacy services

4.       Demand and motivation for use of privacy services

5.       Impact of WHOIS data protection on crime and abuse

6.       Proxy registrar compliance with law enforcement and dispute resolution requests

7.       WHOIS data accuracy

 

You may find it useful to first consider which of the groupings address questions you think that having data about would inform the debate. Once you have identified which questions you want to answer, then you could focus on only those particular groupings and consider which study approach (or combination of approaches) will best answer your questions. In some cases Lorrie has indicated that the different studies answer slightly different questions. In some cases she indicates that some of the approaches are likely to give better data, or that some of the approaches are likely to be less expensive.  When you think about the fundamental questions asked by each grouping, you may find it more useful to consider the questions asked by each grouping as follows:

 

1.       How big is the WHOIS misuse problem that may need to be solved?

2.       Is there a non-compliance with data protection laws problem that needs to be solved?

3.       Are there already market-driven solutions available?

4.       Is there demand for market-driven solutions, and are they being used for legitimate or illegitimate purposes?

5.       Do WHOIS data protections lead to abuse and misuse?

6.       Are provisions for providing protected WHOIS data to law enforcement for investigation of crime and abuse effective?

7.       Is WHOIS data accurate?

 

I note also that several of the proposed studies are being recommended to address questions of WHOIS accuracy and compliance and I have also shared this summary with ICANN’s compliance director and deputy general counsel. They may have further views that we will share as appropriate.  Lastly, if you would find it useful, Dr. Cranor can be available to participate in an upcoming call to discuss the report and answer questions. 

 

Thanks, Liz