Hello All, The GNSO Council decided in its meeting in Kuala Lumpur to combine Task force 1 and 2, and continue with task force 3. The current titles of the 3 task forces are: TF1: Restricting access to WHOIS data for marketing purposes TF2: Review of data collected and displayed TF3: Improving Accuracy of collected data Based on the current recommendations in the TF1/2 reports, I recommend the combined TF1 and TF2 be called: "Improving informed consent to the publication of contact data and improving controls for 3rd party access to published contact data" Earlier in the week there was a joint meeting of members of the 3 task forces and the members of the GNSO Council. This is what I understand was agreed as next steps for TF1/2 and TF3: - prioritise the recommendations that have the best consensus, provide a tangible improvement for the Internet community, and are likely to be implementable within the short term (months rather than years) - start with the highest priority recommendations and design a reference implementation (This will provide evidence that the recommendation is implementable, and also provide more information to assist members of the task forces and Council to determine if the recommendation provides a tangible improvement for the Internet Community and thus is appropriate to recommend to the ICANN Board. Note a new consensus recommendation is likely to be a new contractually binding obligation on registries, registrars or registrants. The reference implementation may also help determine how the new policy recommendation should be worded - perhaps adding additional detail to an additional ICANN contractual obligation) - for each recommendation that is implementable determine the cost impacts on the various parties represented within the GNSO (ie business users, non-commercial users, ISP users, registries, registrars, intellectual property owners) - where there are cost implications, determine how those costs should be recovered - for each recommendation determine how the associated improvements can be measured, so that the outcomes of the policy change may be reviewed and further refined

From the task force reports, and the discussions in Kuala Lumpur, examples of priority recommendations that could be considered by the task forces for further analysis include:

- more conspicuous notice to registrants of the WHOIS obligations associated with the registrant-registrar agreement - ie ensure that registrants provide "informed consent" to the publication of contact data. A reference implementation could be provided to indicate how a registrant should consent in a typical online registration process. The task force could consider wording a new policy recommendation (obligation for registrars) specifying what "conspicuous notice" means. - additional tiers of access - e.g public access tier, and authenticated access tier (where the 3rd party requesting the data is identifiable) - determine a reference implementation that specifies the data elements available in each tier, and specifies how 3rd parties would be identified and possibly accredited. Note that it is current WHOIS policy that the data should not be used for marketing purposes. This applies to either tier, but the second tier may assist in tracking and enforcement of this existing policy. [NOTE: If tiered access is found to be implementable and found to give a benefit, then many further levels of enhancements are possible, but I urge the task force to consider the simplest implementation first - measure its impact - and then consider further enhancements. The aim should be to make tangible progress.] - improved measurement by ICANN of compliance by registrars and registrants to the existing WHOIS contractual obligations - need to be explicit about what the ICANN staff are being asked to do, and then get an assessment from ICANN staff on the cost of implementing the recommendation and whether it is within the current ICANN budget or would require further funding - improved complaints handling processes - currently complaints about WHOIS accuracy can be either lodged centrally or to each registrar - registrars are required to use "reasonable" efforts to investigate a complaint. The task force may consider creating a reference implementation for what is reasonable (which could include reporting of outcomes to ICANN), and determine whether a new policy recommendation should provide a more specific refinement to the current registrar obligation. Please let me know if I have missed any important points or if you disagree with my interpretation. Regards, Bruce Tonkin