AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

See the public comment announcement on this topic:  WHOIS Policy Review Team – Discussion Paper.  The public comment period closes on Saturday, 23 July 2011.

The first draft of this ALAC statement, by Carlton Samuels, reflects the views of the At-Large Community (based on its members' written and spoken comments).  Please use the "Add Comment" function below to leave comments.

DRAFT ALAC STATEMENT ON WHOIS REVIEW DISCUSSION PAPER

The ALAC welcomes the Discussion Paper as a laudable step in the WHOIS Review Team’s goal to solicit structured feedback from the community as guidance for your continued work.  Notwithstanding, we would have liked to see additional ones that seek to define the problems attending current WHOIS definition, utilization and compliance that are properly before the Review Team for exploration and advice to the Board and global ICANN community.  We also heartily endorse the series of community-specific conversations that the Review Team hosted during the ICANN 41st International Meeting at Singapore, at which time members of the ALAC and others of our community participated and observed.

The ALAC is on record as to its concerns with aspects of certain WHOIS-related matters from which we do not retreat. [See ALAC Statement <add link of March 2011 Statement here>.] And having participated and observed the interactions with other communities, we are now more convinced than ever that the single most important objective for the Team is to report a perspective and/or  recommend a set of policy initiatives or refinements to existing policy that realize a balancing of  the competing interests in regard the entire WHOIS ecosystem.  We are particularly seized of the possibility that having executed as proposed, the Team would be in a position to identify and define all of the problems attending WHOIS, prioritize their impact on consumer trust and confidence in the domain names system and make an unambiguous recommendation as to areas of need and focus of the correctional policy work should be in the near to mid-term.  

With respect to process and while our community has concerns about whether this new consumer-focused study now authorized by Board funding [See link to Board Resolution <add link here>] will add any new information, the ALAC on general principle will always be for more and complete information as possible on this knotty issue, if only to satisfy ourselves that all possible sources of information and the interests of all sectors are fully aired and considered before a decision.  To reiterate, the ALAC believes that this Review Team must embrace or reject but pronounce unambiguously on several related principles. It is our view that this Team must treat with and declare: 1) Whether the WHOIS construct as originally devised and for the purpose intended is still necessary 2) Whether the WHOIS dataset as originally determined remains fit to original purpose 3) Whether the several identifiable uses made of both the WHOIS data and processes that has expanded its original intent is useful and in the public interest.

In reference, we would surely expect recommendations from the Team as to whether these additional uses made of WHOIS is within the terms and intent of the Registrar Accreditation Agreement (RAA) and as such, to be embraced by the global community and by virtue of this embrace, in the remit of ICANN Compliance. In the end, answers to these questions will allow thoughtful interpretations as to: 1) Whether the present WHOIS dataset is good and sufficient to meet these needs and likely others that might be contemplated 2) Whether the WHOIS information processes used to meet WHOIS information compliance and now in production are fit to purpose.   Using this framework, for example, the Team may be able to acknowledge the instance of Privacy Proxy Services and the role they play in the WHOIS ecosystem, chart and recommend some workable solution that acknowledges and fully embrace privacy concerns of the community, including ways that these may be answered in a balanced way.

With regard to compliance, the ALAC now believes that maybe the time has come for a change in the philosophical approach to WHOIS compliance.  Over the years, it has become almost an article of faith that ICANN Compliance is responsible for WHOIS data accuracy.  There is also widespread acceptance that the registry/registrar community is responsible and must bear the cost and burden of both data accuracy as well as availability.  The lowered expectations of registrants in this area is often remarked.  We now acknowledge the complexity of these issues and on record, reject these views as too unilateral and simplistic in definition and, thusly, undermine the opportunity to be effectively addressed.

Compliance in particular has a great need for a balanced approach, given the 3 sets of actors; registrants, registrars and ICANN Compliance. Undoubtedly, WHOIS data accuracy is a cost/value proposition with differing perspectives from registrants as original data providers, registrars as collectors and hosts for the data and users of the WHOIS dataset.  We do not doubt that 100% accuracy is laudable as an objective.  But we recognize that as a practical matter, 100% accuracy may just be unobtainable in the present dispensation and places an unfair burden on one set of actors in the WHOIS triangle. In fact, this objective creates an insurmountable threshold for ICANN Compliance, even with their best effort and more resources available to them. We believe that the all-round public interest may be better served by recognizing that the risks from the fraudulent actions of bad actors are not the same throughout the WHOIS data cycle but tends to be cyclical; higher following the establishment of new domains  and decreasing thereafter.  Neither is it rational for the same risk in class or kind to be ascribed to all domains; domains used primarily for support of business transactions on the web have a higher risk for consequential fraudulent activities than those used for more personal or informational pursuits. As such, certain adjustments in approach to compliance and our expectations of the impact from compliance might benefit from a change in the philosophical construct of compliance and the processes used to effect assurance of compliance.

The ALAC remains keenly committed to the Review Process and awaits the outputs with heightened anticipation. 

  • No labels

9 Comments

  1. Anonymous

    message from Danny Younger

    Carlton,

    The WHOIS Review Team posted 14 questions.  It would likely be more helpful if the ALAC actually answered these questions one by one.  With regard to the statement that you have produced, I feel obliged to inquire as to the source of your viewpoint when you state "it is our view" ( as, sorry to say, I haven't seen any discussion on this matter in the WHOIS WG archives nor on the ALAC list nor elsewhere)... perhaps you can offer me a pointer (URL) to recent at-large discussion on this topic that perhaps I have missed.  Are there any regional statements on this issue?  Are there individual ALS contributions that can be cited?  Further, I take issue with your conclusion that accuracy considerations place an "unfair burden on one set of constituents of members of the ICANN community".  What is the basis of your determination that the burden is "unfair"?  Overall, I'd like to see a broader discussion of these issues (that I haven't seen so far) before the ALAC routinely rubber-stamps yet another Statement.  Feel free to email me if you'd like to discuss these matters further.

    Thanks, dannyyounger[at]yahoo.com

    1. Carlton Samuels

      Thanks for your comments. So that we contextualize this response, note from the onset that this draft builds principally on previous ALAC - meaning the 15-member body - Statement of March 2011 - follow the link that identifies it to the left of this page - and meetings at Singapore.  It would also be useful to think of this statement much like you would an executive summary of a long report; Gordon Chillcott's submission below comes closest in appreciation.

      On your question re individual answers to the questions posed by the RT, I stand to be corrected but with respect, other than creating a really long document, I really do not see the retail approach - that is to say rehashing the answers here with all the likely variations - to be useful.  You see those questions were posed – and answers solicited - in the f2f RT_At-Large meeting at Singapore; the ALAC members at Singapore were in attendance.  There may have even been responses from At-Large members present who are not ALAC councilors. I would imagine the RT kept a record of the answers. If the concern you express can be extrapolated to be that the broader community knowing what was said then, maybe accessing the recording of that At-Large_RT session might help.  Taking a more strategic view however, the questions were posed to all groups as a mechanism to extract guiding opinions for the RT's deliberations on its chartered remit.  Here again, you may wish to revisit the original RT charter.  From this perspective, it seems to me that and endorsement [or not] of this mechanism and reinforcing the importance of the critical assessment of the multiplicity of views from the wider ICANN community for a balanced position to emerge would be good advice.  This is our principal objective.

      Regarding your set of questions beginning with the source of the "it is our view" abstraction, I take it you mean to inquire on both rationale and legitimacy. For both, I refer you to the ALAC statement of March 2011. I know that like a suppurating boil on the body At-large, these eruptions regarding legitimacy of the current At-Large organization to represent end users come from time to time in many guises.  But in this case, we work with what we have.  This statement builds on that of March 2011.  There are ten (10) ALAC members representing end users and their organizations - RALOs and ALS - eligible to vote on these matters. Their votes represent fully 66.6% of eligible votes on any ALAC matter put to the vote. The March 2011 statement was put to a vote.  I cannot now say what the individual votes were on the statement of March 2011; staff may, if you wish, provide these details.  What I can say without fear of successful contradiction though is that the March vote was both affirmative and quorate.  It is this vote that establishes and identifies the substantive At-large voice in this statement.

      Finally, I suspect interpretation does play a role in our differing view but do allow me to give this a shot.  I take the view we would agree that it is always the results that matter. Now, if the accuracy objective of WHOIS data records is 100% and by some estimates it remains stubbornly hovered in the region of 2 accurate records in every 10, then this result matters in this discourse.  Consider further.  If your compliance efforts have not had a significant impact on improving this statistic, then, ditto.  In the context of WHOIS, there are three (3) actors at issue: registrants, registrars and ICANN compliance. I offer a practical example of a partial WHOIS record that might pass muster on a perfectly adequate online registry operations support system: a registrant that offers “Daisy Dee Duck, 2502 West Ball Road, Anaheim, CA 92802”. Neither the operational mechanisms nor the process delivers the expected result; an ‘accurate’ record. The compliance operations are similarly stiffed.  So, what do we do?  The apocryphal story goes if you do the same thing over and over expecting different results from the underachieving ones you had the zillion times previously, then this is the very definition of madness*. * It is incontestable that what has transpired so far has delivered the results we have.  Notice we’ve not even plumbed why a registrant might offer inaccurate details.  Here’s a guesstimate: maybe the responses and/or remedial actions to date could possibly be too simplistic - meaning absent a deep knowledge of the 'connectedness of things' - or, proverbially dumb. It is therefore on the balance of the evidence and hearing the several expressions of doubt that allowed me to posit this sentence for my ALAC colleagues’ consideration.

      I trust even if the answers I make give no comfort, you have a better understanding of the ‘presence of mind’ that produced the script at issue.

      Cheers,

      Carlton Samuels

  2. Anonymous

    Speaking for NARALO member CAUCE, we specifically and completely reject the paragraph about compliance. Every registrar and every registrant who signs up for a domain in a gTLD or sTLD knows that valid WHOIS info is part of the deal, and it is irresponsible and contrary to the public interest to relieve registrants of the responsibilities they have already agreed to.

    - John Levine, CAUCE

    1. Carlton Samuels

      Dear John:

      Good pickup, we - you and I - agree.  Maybe it was way too subtle but the appeal for a 'balanced approach' referred constituents of the ICANN community.  Notice the statement openly acknowledges the burden commonly placed on registrars but remained mum on the responsibility of registrants!

      Carlton Samuels

  3. Lutz Donnerhacke

    I would be very happy to read some thoughts from ALAC (as the major representative of the end users in the Internet Governance Game) about:

    • Who is allowed to use Privacy Services and how can such a system ensure Consumer Trust (i.e. in eCommerce)?
    • Centralized Whois as a shortcut over national law restrictions regarding data protection (Why is Whois allowed to be accessed from a LAE of a different country by ignoring the international LAE cooperation processes?)
    • What about differentiated access models for law enforcement and normal people? Can the anti-spam community live with?

    I hope you get the point ... My proposal is a stringent thing whois approach, down the reseller chain, to prevent copying private data and applying local law at each point.

    1. Anonymous

      Hello Lutz,

      I understand that the WHOIS Review Team is charged with (1) an assessment of the current model, and (2) an analysis and determination of ICANN's specific performance against the AoC requirements.  The remit is very narrowly written.  It doesn't appear to allow either for the development of policy by team members or for new implementation proposals, so I hope that your questions aren't designed to push the boundaries of that particular remit.

      I offer my personal comments as I hope they will reflect the public interest perspective:

      1. With regard to the use of privacy services -- no commercial entity has the right to, nor expectation of, privacy with respect to its contact details.  As a matter of public policy all commercial entities should be precluded from using privacy services.  Further, I call your attention to the position adopted in the .us namespace:  "The United States Department of Commerce's National Telecommunications and Information Administration ("NTIA") has recently completed its review of "proxy" or anonymous domain registration services by .us Accredited Registrars. At the conclusion of this review, NTIA directed NeuStar to phase out the offering of such services by Registrars or by any of its partners or resellers and to ensure that complete and accurate WHOIS data is provided for any existing registrations in .us."
      2. With regard to a Centralized WHOIS, section 3.3.4 of the Registrar Accreditation Agreement states: "Registrar shall abide by any ICANN specification or policy established as a Consensus Policy according to Section 4 that requires registrars to cooperatively implement a distributed capability that provides query-based Whois search functionality across all registrars. If the Whois service implemented by registrars does not in a reasonable time provide reasonably robust, reliable, and convenient access to accurate and up-to-date data, the Registrar shall abide by any ICANN specification or policy established as a Consensus Policy according to Section 4 requiring Registrar, if reasonably determined by ICANN to be necessary (considering such possibilities as remedial action by specific registrars), to supply data from Registrar's database to facilitate the development of a centralized Whois database for the purpose of providing comprehensive Registrar Whois search capability."  Current language makes it clear that a Centralized WHOIS can only emerge as a result of either a GNSO Consensus Policy recommendation or as an ICANN "specification".  Any Advisory Committee or the GNSO could ask for an issues report on this topic as a precursor to a Policy Development Process (PDP).  In my view, it would serve the public interest to have such an issues report generated.
      3. Differentiated Access Models -- these have been discussed in prior GNSO WHOIS Working Groups and Task Forces --see for example http://gnso.icann.org/mailing-lists/archives/dow2tf/docV83riHElig.doc for a comparison of Whois Task Force 1 and 2 reports recommendations regarding tiered access and notification of data access to registrants. 

      Overall, we are currently at the mercy of a WHOIS Study Cycle (which will probably last at least another year).  The Affirmation of Commitments obliges us all to abide by a "fact-based" policy development process.  Until such time as all the studies/facts are in, we cannot proceed apace with new proposals (no matter how tempting they might be).  We need to let the fact-finding process run its course before we embark on any new policy-formulating missions.

      best regards,

      Danny Younger

  4. Gordon Chillcott

    We would like to have seen a discussion paper that more completely addresses the questions the Review Team were given. The review team was constituted to review the current status of WHOIS and assess ICANN's performance against the requirements of the Affirmation of Commitments. A number of the questions in the Discussion Paper seem to be driving at finding solutions, not defining the problems.

    Carelton's resopnse seems to be an attempt to identify some rather more fundamental issues than are reflected in the Discussion Paper. There is some merit to this approach, but what is needed is questions that will direct the discussion to those issues. As examples, those might include:

    1. what information is in the WHOIS database and how much of it is really necessary?
    2. What are the current and envisioned uses of the WHOIS database? How are these uses addressed in government legislation?
    3. What are the circumstances that lead to inaccuracies in the database and how do they function?

    In other words, what is it that we're really trying to enforce? The questions in the discussion paper seem to try to address these, perhaps in more detail than in detail, but with limited success.

    On the subject of accuracy, while 100% accuracy is not always obtainable, admittedly. However, some reasonable level of confidence needs to be achieved. The current level of accuracy (around 23%) is simply not acceptable. And the question that needs to be addressed is just how did it get that way?

    In the response, there is some discussion of whether the “WHOIS construct” is necessary. This may well be outside the scope of the argument, given, among other things, our commitments under the Affirmation of Commitments. The AoC (section 9.3.1) “commits to enforcing its existing policy relating to WHOIS, subject to applicable laws”.

    Answers to some basic questions about the makeup and use of WHOIS may themselves show us where ICANN Compliance should direct its efforts to best effect.

    Regards,

    Gordon Chillcott

    1. Carlton Samuels

      Dear Gordon:

      Thanks for your thoughtful comments.  To respond to your concerns,  first see my response to Danny Younger above. Maybe it is not stated as clearly but regarding your numbered questions, the answers you seek may be subsumed in Paragraphs 3 & 4. Maybe you can offer some specific language that would make this more exacting.

      Kind regards,

      Carlton Samuels 

  5. Gordon Chillcott

    Dear Carleton:

     We would seem to be in some agreement, but view from different angles. I was not seeking answers – even though I admit to some curiosity. I was looking for those fundamental issues to be addressed in the Review Team's Discussion Paper.

     I agree with Danny Younger in that the fact-finding process has not yet run its full course. The concern is that this process does not become a victim of “scope creep”, or that efforts to seek solutions do not begin too soon. That way lies incomplete answers at best, and answers to the wrong questions at worst.

    With my apologies for taking so long to respond

    Regards,

     Gordon Chillcott