Hello, The following are 4 recommendations and additional information surrounding my suggestions in the attached document. 1) Create Single WHOIS policy 2) Change to a Registry Thick WHOIS 3) Registrant pays for validation of WHOIS data 4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices Considering the call is at 3 am pdt I will not be on the call I do not think I can add anything substantial to the discussion in the middle of the night. Good luck and I look forward to listening to the recording of the call tomorrow. Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi@fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents.
Since is targeted to 7 AM (I'm a late sleeper and it´s freezing here specially in the morning), I'll listen to the recording. Have a good call. Omar 2011/7/5 Susan Kawaguchi <susank@fb.com>:
Hello,
The following are 4 recommendations and additional information surrounding my suggestions in the attached document.
1) Create Single WHOIS policy
2) Change to a Registry Thick WHOIS
3) Registrant pays for validation of WHOIS data
4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices
Considering the call is at 3 am pdt I will not be on the call I do not think I can add anything substantial to the discussion in the middle of the night.
Good luck and I look forward to listening to the recording of the call tomorrow.
Susan Kawaguchi
Domain Name Manager
Facebook Inc.
1601 California Avenue
Palo Alto, CA
Phone - 650 485-6064
Cell - 650 387 3904
Please note my email address has changed to skawaguchi@fb.com
NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents.
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
I am getting confused. What time is the call scheduled for? I have it for 10 pm est? Kim Please excuse my typos! This is sent from my iPhone. On 2011-07-05, at 21:01, Omar Kaminski <omar@kaminski.adv.br> wrote:
Since is targeted to 7 AM (I'm a late sleeper and it´s freezing here specially in the morning), I'll listen to the recording.
Have a good call.
Omar
2011/7/5 Susan Kawaguchi <susank@fb.com>:
Hello,
The following are 4 recommendations and additional information surrounding my suggestions in the attached document.
1) Create Single WHOIS policy
2) Change to a Registry Thick WHOIS
3) Registrant pays for validation of WHOIS data
4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices
Considering the call is at 3 am pdt I will not be on the call I do not think I can add anything substantial to the discussion in the middle of the night.
Good luck and I look forward to listening to the recording of the call tomorrow.
Susan Kawaguchi
Domain Name Manager
Facebook Inc.
1601 California Avenue
Palo Alto, CA
Phone - 650 485-6064
Cell - 650 387 3904
Please note my email address has changed to skawaguchi@fb.com
NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents.
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
10 UTC, Kim. http://www.timeanddate.com/worldclock/fixedtime.html?msg=WHOIS+Conf+Call+-+6... Rgds, O. 2011/7/5 Kim G. von Arx <kim@vonarx.ca>:
I am getting confused. What time is the call scheduled for? I have it for 10 pm est?
Kim
Please excuse my typos! This is sent from my iPhone.
On 2011-07-05, at 21:01, Omar Kaminski <omar@kaminski.adv.br> wrote:
Since is targeted to 7 AM (I'm a late sleeper and it´s freezing here specially in the morning), I'll listen to the recording.
Have a good call.
Omar
2011/7/5 Susan Kawaguchi <susank@fb.com>:
Hello,
The following are 4 recommendations and additional information surrounding my suggestions in the attached document.
1) Create Single WHOIS policy
2) Change to a Registry Thick WHOIS
3) Registrant pays for validation of WHOIS data
4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices
Considering the call is at 3 am pdt I will not be on the call I do not think I can add anything substantial to the discussion in the middle of the night.
Good luck and I look forward to listening to the recording of the call tomorrow.
Susan Kawaguchi
Domain Name Manager
Facebook Inc.
1601 California Avenue
Palo Alto, CA
Phone - 650 485-6064
Cell - 650 387 3904
Please note my email address has changed to skawaguchi@fb.com
NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents.
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
If I can do 1AM (Singapore), then I can do 6AM. :-) Looking forward to joining the call, Kathy Since is targeted to 7 AM (I'm a late sleeper and it´s freezing here
specially in the morning), I'll listen to the recording.
Have a good call.
Omar
2011/7/5 Susan Kawaguchi<susank@fb.com>:
Hello,
The following are 4 recommendations and additional information surrounding my suggestions in the attached document.
1) Create Single WHOIS policy
2) Change to a Registry Thick WHOIS
3) Registrant pays for validation of WHOIS data
4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices
Considering the call is at 3 am pdt I will not be on the call I do not think I can add anything substantial to the discussion in the middle of the night.
Good luck and I look forward to listening to the recording of the call tomorrow.
Susan Kawaguchi
Domain Name Manager
Facebook Inc.
1601 California Avenue
Palo Alto, CA
Phone - 650 485-6064
Cell - 650 387 3904
Please note my email address has changed to skawaguchi@fb.com
NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents.
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
I got the time from our wiki. I won't be able to make the call as I have my daughter and she usually wakes up at that time. Anyway, here are three, of many, suggested changes that I think may be prudent: 1. Make a distinction between legal and natural persons and also provide an exemption for certain natural person registrants to be "categorized" as "persons" requiring some privacy/protection, e.g., battered women shelters. 2. Implement a random audit of Registrants to verify the accuracy of their information in the WHOIS database. This should include a global requirement for each registrant to confirm his/her/its contact details every year or every 6 months, e.g., send email to registrant, registrant needs to go to a link, provide some authentication tool, and confirm information. Note, this is per registrant and NOT per domain name. 3. Provide some special access to law enforcement and UDRP applicants to WHOIS information for legitimate and reasonable reasons of natural and legal persons, but it needs to be a controlled access. Finally, thanks Lynn for the RFP. Great work and I am fine with it. While I think that the legal language should be tightened up, but since ICANN legal does not want to share theirs I don't see why we lawyers should put our neck out there and provide legal advice on that front. In light of that, I am fine with the content of the RFP, but would urge ICANN to conduct its own due diligence with respect to the terms and conditions of the RFP to ensure proper legal protection. Kim __________________________________ kim@vonarx.ca +1 (613) 286-4445 "Shoot for the moon. Even if you miss, you'll land among the stars..."
Also, this part is "to walk over eggs" like we say here (pag. 9 WRT): "Impose standards on proxy/privacy services on what data is protected". Should/could these standards be categorized? What was done so far? How to deal with different levels of protection, specially on a political point of view like in free speech? Omar 2011/7/5 Kim G. von Arx <kim@vonarx.ca>:
I got the time from our wiki. I won't be able to make the call as I have my daughter and she usually wakes up at that time. Anyway, here are three, of many, suggested changes that I think may be prudent: 1. Make a distinction between legal and natural persons and also provide an exemption for certain natural person registrants to be "categorized" as "persons" requiring some privacy/protection, e.g., battered women shelters. 2. Implement a random audit of Registrants to verify the accuracy of their information in the WHOIS database. This should include a global requirement for each registrant to confirm his/her/its contact details every year or every 6 months, e.g., send email to registrant, registrant needs to go to a link, provide some authentication tool, and confirm information. Note, this is per registrant and NOT per domain name. 3. Provide some special access to law enforcement and UDRP applicants to WHOIS information for legitimate and reasonable reasons of natural and legal persons, but it needs to be a controlled access. Finally, thanks Lynn for the RFP. Great work and I am fine with it. While I think that the legal language should be tightened up, but since ICANN legal does not want to share theirs I don't see why we lawyers should put our neck out there and provide legal advice on that front. In light of that, I am fine with the content of the RFP, but would urge ICANN to conduct its own due diligence with respect to the terms and conditions of the RFP to ensure proper legal protection. Kim
__________________________________ kim@vonarx.ca +1 (613) 286-4445 "Shoot for the moon. Even if you miss, you'll land among the stars..."
_______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
On Tue, Jul 05, 2011 at 11:24:39PM +0000, Susan Kawaguchi wrote:
1) Create Single WHOIS policy 2) Change to a Registry Thick WHOIS
I do oppose any thick whois apporach as RT-recommendation. Fulfilling national data protection laws is impossible with any centralized (extra territorial) data store.
From the perspective of lawful implementation of Whois services, only a thin whois structure is possible. I strongly suggest to extend the thin whois delegations into the reseller chain. This requires approbriate contracts between registries and registrars as well as registrars and resellers.
3) Registrant pays for validation of WHOIS data 4) Create contractual agreements between ICANN and each Proxy/Privacy Registration service provider and impose standardized best practices
I do oppose any proxy/privacy services while maintaining the whois requirement. Either the data is required or proxy services are allowed. Both approaches conflict in practice. If proxy/privacy services are allowed, whois services should not collect and publish personal data (of at least owner and admin) anymore.
Interesting, so privacy/proxy are alowed (fact). Not collecting and publishing personal data equals in what? Another level of privacy protection? I believe the general rule is to publicize all. The exception are the proxies, and having only a finantial reason (to pay for this service to have more "privacy") is the real gap. It's different from having a motivation to hide personal data - making the levels of protection, if it's the reason - more slippery and subjected to colateral damages, as subjective responsability. Omar 2011/7/6 Lutz Donnerhacke <lutz@iks-jena.de>:
I do oppose any proxy/privacy services while maintaining the whois requirement. Either the data is required or proxy services are allowed. Both approaches conflict in practice.
If proxy/privacy services are allowed, whois services should not collect and publish personal data (of at least owner and admin) anymore.
On Wed, Jul 06, 2011 at 06:30:54PM -0300, Omar Kaminski wrote:
Interesting, so privacy/proxy are alowed (fact). Not collecting and publishing personal data equals in what? Another level of privacy protection?
Accepting the consequences for everybody means to remove whois services at all. While iterating though the use cases of whois, it might result in a restart of such a service to easily obtain the registry database information (for domains consisting of: ace-name, nameservers, DNSSEC, contract party, domain status, change history). The existance of the contract party reference can be used to insist on a redirectable whois service at the contract party site (usually the registar and then the resellers in the chain down to the customer). This way Whois would contain only directly validateable, contractual information, which can be used by law enforcement. The operator of each Whois service is direct responsible for correct entries, because those entries are derived from its direct business cont(r)acts. The usual (non LEA) user automatically follow the whois chain and can obtain the necessary information from the final server, if this access is granted by national laws (of the final Whois operator). This way the applicable laws of data collection and protection even in the light of LEA access (cross-national?) can be fullfilled without knowing all those laws in advance.
So we must admit that any final server (registrars) are contratual covered by national laws.Perhaps, but most probably not. Also, cross-national norms should be covered by International Conventions and/or Treaties to be granted (in less time). For a transborder court order, Brazil takes at least 6 months to a year (or more) just to answer and then start the process itself. Omar 2011/7/7 Lutz Donnerhacke <lutz@iks-jena.de>:
The usual (non LEA) user automatically follow the whois chain and can obtain the necessary information from the final server, if this access is granted by national laws (of the final Whois operator). This way the applicable laws of data collection and protection even in the light of LEA access (cross-national?) can be fullfilled without knowing all those laws in advance.
On Thu, Jul 07, 2011 at 12:07:08PM -0300, Omar Kaminski wrote:
So we must admit that any final server (registrars) are contratual covered by national laws. Perhaps, but most probably not.
Of course they are covered by national law. Otherwise the operating company would not exist in this country. Please note, that I do not stop at the registrar level but got down the reselling chain.
Also, cross-national norms should be covered by International Conventions and/or Treaties to be granted (in less time).
For a transborder court order, Brazil takes at least 6 months to a year (or more) just to answer and then start the process itself.
Whois services are not a short cut for inefficient legal processes. If they are used to circument such legal preconditions, the whole system of Whois services should be considered as illegal itself.
participants (5)
-
Kathy Kleiman -
Kim G. von Arx -
Lutz Donnerhacke -
Omar Kaminski -
Susan Kawaguchi