Thank you to Susan for setting out the approach we will take in our sub-team. I will begin this exercise by tabling “WHOIS: Blind Men and an Elephant”, a report from the Security and Stability Advisory Committee (SSAC) in September 2012.
The gist of their report is that there are four current uses of the WHOIS service, two of which the SSAC says are legitimate (law enforcement access to data; security practitioner access to data), and two where it is silent on the question of legitimacy (public access to data; intellectual property owner access to data). I have bullet pointed below the main arguments they raise in relation to the purpose of collecting and maintaining this data:
- Terminology:
- SSAC disagrees with the term “WHOIS” - prefers three specific terms be used: domain name “registration data,” “access protocol,” and “directory services”.
- Data Elements:
- The appearance of email addresses guarantees that spam will be delivered to those email addresses.
- Purpose:
- WHOIS was created to provide a means to make contact information available for what was then a very small (and essentially homogeneous in terms of user community) Internet compared to what exists today.
- Today there are four main uses of WHOIS:
- Public access to details about a domain name registration.
- SSAC is silent on the legitimacy of this use case.
- Law enforcement access to details about a domain name registration.
- SSAC says this is a legitimate use case.
- Intellectual property owner access to details about a domain name registration.
- SSAC is silent on the legitimacy of this use case.
- Security practitioner access to details about a domain name registration.
- SSAC says this is a legitimate use case.
- SSAC would like to see research into why users purchase privacy-proxy services. It has heard that some people do so to hide from law enforcement, but would like to see more research/evidence to validate this point. Privacy-proxy services should not hinder the ability to trace the identity of a domain name registrant.
- Access Levels:
- SSAC says we need to distinguish between what information is collected and what information is published in an open database. Does not comment any further.
- Universality:
- Whatever policy is adopted it should be applied universally across all gTLDs.
- Accuracy:
- Whatever data is collected must be accurate and there must be enforcement and compliance mechanisms in place to support this.
Ayden Férdeline
Hello All,
Thank you for volunteering for the Purpose sub team.
This is a list of all that have volunteered - Carlton Samuels, Fabricio Vayra, Susan Prosser, Beth Allegretti, Jim Galvin, Kiran Malancharuvil, Lori Schulman, Vlad Dinculescu, Richard Leaning, Amr Elsadr, Donna Austin, Stephanie Perrin, Tjabbe Bos, Sana Ali, Ayden Ferdeline, Greg Aaron, Jody Kolker, Adrian Cheek, Kathy Kleiman, Chuck Gomes, Maryan Rizinski, Nathalie Coupet, Roger Carney
I look forward to working with you all over the next couple of weeks to collect, consolidate, concisely summarize, and then present inputs and information about the purpose of registration data.
This is a link to the RDS PDP WG document that describes the approach the WG agreed upon https://community.icann.org/
download/attachments/58730879/ RDS-PDP-Proposed-Summary- Approach.pdf Would any one like to volunteer to start collecting information on purpose of registration data? I am sure that the RDS PDP WG wiki has resources to start this collection and then we should think of what else should be included. Once we have started collecting the information I think a sub team conference call to discuss what we are collecting would be helpful.
Any other ideas on how to approach our work?
Looking forward to the discussion.
Susan KawaguchiDomain Name ManagerFacebook Legal Dept.
_______________________________________________
gnso-rds-pdp-purpose mailing list
gnso-rds-pdp-purpose@icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-purpose