William McKelligot: Well thank you for the invitation to address the At-Large community on ICANN's study of domain names registered using a privacy or proxy study of -- privacy or proxy registration. I'm sorry.
I just want to set the stage to kind of give some context here for where this study came about. So the study was actually initiated some time ago and what changed over time was the approach. So initially, our thinking was that maybe we could just reach out to registrars and ask them just to share what percentage of domain names of the ones they hold under management were registered using a privacy or proxy service.
That approach did not go well and so we had to retrench and retool, kind of think of a more creative way to gauge the percentage of domain names that actually are registered using a privacy or proxy study. And at the same time, the community also expressed significant amount of interest in the accuracy of Whois data. So this was a more specialized study that was going to draw a powerful sample of the top five gTLDs looking at domain names registered under dot com, dot net, dot org, dot biz, and dot info. And so we contracted the National Opinion and Research Center, brought a sample based on their well known experience in handling large surveys and anything that kind of can boggle the mind in terms of numbers, they are actually quite well at handling.
So we relied on this shared sample, that is a sample of 2,400 domain names, which would be universe for this study of domain names registered on the top five gTLDs. And the whole purpose was to establish some type of baseline information because as we started out, we realized that there was a lot of speculation about the number of privacy and proxy registrations, but there was nothing actually factual. So we needed to start with something. And as you can probably tell, the other studies being marshaled by the policy team are more -- they start with a hypothesis, whereas this study basically started with a whiteboard. We just asked a very simple question. So if we were to inform the community about how many domain names registered on the top five gTLDs, which accounts for some say 99%, others say almost 100% of the domain names registered out there, how many of those were actually registered using a surface to actually protect or conceal altogether the information of the registered name holder or in the case of proxy registrations of the beneficial user.
And I'd like to draw -- so I'm actually -- I already covered slide one. I'd just like to draw your attention to what this study was not intended to answer. So we did not look at costs associated with registering a domain name using a privacy or proxy service. We did not try to differentiate between privacy or proxy service providers that are either an organization, or individuals, or attorneys. It is well known that many counsels register domain names on behalf of their clients to afford them some privacy. That is actually I must -- there is full disclosure on part of counsel. It is extremely difficult, if not next to impossible, to determine who the beneficial user of that domain name is.
We also shied away from qualifying anything related to the privacy or proxy registration. That is, as I pointed out earlier, this study did not hypothesize. Members of the community well know that there's a lot of discussion about the rationale for proxy registrations and what people do with these type of registrations. Some type of a -- in discipline/malicious conduct hides behind proxy registration. Those as far as I know are significant hypotheses. We do now go there. So we are not saying if these registrations are good or bad.
In terms of the definitions that we used for this study, I'd like to just highlight that since our draft report was published we obtained further advice from our legal department and we actually refined at least the definition related to proxy. And I guess the simplest way to capture these definitions is by the following. So in a typical privacy registration, the registrant or registered name holder, his or her name usually appears in the Whois record, whereas the remaining information you would find in the Whois is actually substituted by the privacy provider.
The main difference, and I guess the other, the proxy registration; the gist of this is that the proxy service provider is the registered name holder. And that registered name holder licenses the use of the domain name to a third party. Or we can call that the beneficial user. So that's actually a correction that will be made to the final report. And I think it's an important distinction and for reasons that I'll explain further on.
So once we had the definitions set in place, as I pointed out we relied on the same data sample used for the Whois accuracy study. And we drew a sample with NORC in March of 2009. And again, we covered domain names registered under the top five gTLDs. We did not address domain names registered under the ccTLDs and here is why. Because we were looking at Whois accuracy. It was decided that based on our understanding of the matter that the same Whois implication and contract requirements are not the same by the domain name sponsored on the ccTLD arena as those sponsored by registrars in the gTLDs. And additional elements of accuracy in Whois that don't necessarily apply to ccTLDs.
Now if there are any specific questions regarding this aspect of the study, I'd be more than happy to entertain questions offline. And I can obtain further information from my colleague Khalil Rashid. But unless there's a significant objection to me continuing, I would prefer to move forward.
Patrick Vande Walle: Well, I would suggest that we keep our questions until the end of your presentation, William.
William McKelligot: Okay, great. Then we decided to take the sample and then start coding the data, which was primarily looking at the Whois record for each domain name and trying to identify known characteristics of either a privacy or proxy registration. So in the privacy registration, or proxy we tried to identify a range of high probability to a very low probability. And --
Patrick Vande Walle: Please go ahead, William.
William McKelligot: So we were interested in identifying any aspect of the Whois record that would indicate that there was a third party arrangement. So for example, the zip code of known proxy providers. I don't -- I just don't want to single out any single provider because I don't know if that would be fair, but. So there are about 10 or 15 large providers of privacy and proxy services in this industry. They have a known physical location. Their full address, their zip code, the state and city of location came up multiple times. Those probably indicated it was highly suspect that they were a proxy registration.
The less indication that we got from the Whois record that there were elements that would conspicuously put them on the side of being probable, then we would put them aside. There were also some domain names that clearly did not have any indication that they were registered using a privacy or proxy service. Those were labeled zero.
So when looking at our sample and gathering those domains that we label as 3, 2, and 1, again on a sliding scale of probability, 3 being higher, 1 being lower, about 580 of them, or close to 25% appear to have been registered using a privacy or proxy service. Now if we take the more conservative view and only focus on those domain names that have multiple characteristics or identifying information in the Whois record to indicate that it -- there is a third party arrangement, that percentage actually goes down a bit. It goes down to 15%.
So up until this point is where the draft report that was posted online for public comment on October 1st, which closed also on the 20th of November, this is what was shared with the community at the time.
Now I can also share that since we've been working with NORC to try to validate these findings, because of course in all social science research there is a need to circle back to another source of information to kind of verify that what you actually saw, heard, or read, or felt is actually true. So we've been reaching out to registrars. We've also been reaching out to registered name holders. And it turns out in some of the preliminary findings of our validation phase indicate that first of all proxy registrations are far more common than any privacy registrations. And the ratio I think is significant. I think preliminary numbers coming back are, of the 580 we have maybe 20 privacy registration. But again so the number points to within the domain names that have been used -- have used a third party arrangement, the majority of them have contracted a proxy registration.
We've also encountered something interesting, which we anticipated, but again the extent of the problem is -- was unknown and I would even submit to you that it is still unknown. But it is worth to point out that it does take place, which is people may pre-ride on a proxy registration. Because what I need to do is just instead of including my name as a registrant when I sign up for a domain name, I can easily type in the name of a provider of proxy services, not pay for the service, and I go kind of undetected within the universe of domain names that are registered out there. And I am inoculated, if you will, of being contacted by someone. And just because I can choose to piggyback on the information that is available to the public.
Also our preliminary findings for this validation phase also indicate that perhaps the prevalence of privacy and proxy registrations in less than the outer limit of 25%. We always knew that it was going to fall between 15% and 25%. At this point, I'm not prepared to share with the community exactly what percentage we found. What I am able to share is that it is not as high as 25% as we had thought earlier.
And I'd like to share with you, it's unrelated to the study because it's not a continuum, but it's related to the body of work that ICANN is doing that relates to proxy registrations. So in the RAA, session 3.7.7.3 tells registrars that in crafting their registration agreements, that is the documents that registered name holders would sign to register a domain name, ICANN is telling the registrars that it has to be conspicuous. That the registered name holder, when a proxy service is contracted, the registered name holder is the proxy service provider. And that the person registering the domain name is actually a licensee.
We have seen so far that not all registrars are in compliance. Meaning that the registration agreements that they signed with people from the community, they don't make it clear to them that when they contract a proxy service, they are no longer the registered name holder. It's the provider and they in turn become licensees for that domain name. We expect to have the final report on that audit towards the end of March of 2010
And that actually concludes my presentation. I'm more than happy to answer any questions.
Patrick Vande Walle: Thank you, William. Well, I have already several questions in the chat room. So I will -- do you see the Adobe Connect room now, William?
William McKelligot: My apologies, no. I'll try again, but I was blocked off this morning on an earlier call.
Patrick Vande Walle: Okay. Well anyway, I will maybe ask because Rudi was the first one to have a question in the chat room. I would ask you, Rudi, if you could ask your question please.
Rudi Vansnick: Yes, thank you, Patrick. Thank you, William for the clarification. It was helpful. However, I still have a question in regards how it is possible to see the difference between a privacy proxy registration and a registrar who books a domain in just for business purposes in order to sell the domain later on?
William McKelligot: So initially in coding the data, we sought to identify domain name registrations as they appear on Whois that contain the terms privacy or proxy in the registered name holder field. That was one of the criteria used early on to kind of discern between all the domains in the sample.
So unless the registrar of record in registering these domain names used a name other than privacy or proxy, they would have been contained in our smaller sample of 580, which is the one -- our study group, if you will.
Rudi Vansnick: Okay, thank you.
Patrick Vande Walle: Okay, thank you, Rudi. I have a question myself actually. William, you told us that about 25% of the domain names in this studied sample at least were registered through privacy or proxy services. Was there any -- or are you aware of any study that was done on those domain names that are not registered through privacy or proxy services, which display plausible data but that data being actually false in the sense that it's sort of privacy service, but it doesn't cost anyone any money to just provide a false street and a street address, and a false phone number, for example.
William McKelligot: Right. So if I'm understanding your question correctly, sir, you're asking me about patently false information contained in Whois. So I understand your question. The short answer is that with this as is with any other study, there has to be a point of origin. And using some criteria, you have to discern between your elements to come up with a smaller group of study. Meaning that we have to use the coding exercise and based on our information available at the time, what would be a reasonable approach. And this was using privacy or proxy in the registered name and other identifiable information.
So unless -- again, unless those terms were contained in the Whois record for the domain name, we put them aside. So it's actually an interesting question because what you may be asking is what about William McKelligot contained in the registered name field -- I'm sorry, the registered name holder field in Whois for a domain name that perhaps is not a proxy service registration? Is that correct? Because if it had the terms it would have fallen into our group of 580. And in the validation process, we would have been able to, subject to the amount of candor obtained from the registered name holder, identify what was the method for registering that domain name, if in fact they contracted a privacy or proxy service. And in reaching out to the registrar of record, they could also, which was the case, validate that they do in fact provide a privacy or proxy service to that domain registration or if in fact somebody was just free riding on the name.
Patrick Vande Walle: Thank you, William.
William McKelligot: As a follow-up, if I can just add, I think the other study that has been conducted in parallel to this, the Whois accuracy study, will provide additional information that may inform that line of questioning, which is how much information in Whois is false and for what reason? False can include many things. Typos, incomplete information, a registered name holder that no longer lives at the specific address. That means the information is wrong, doesn't mean it's perhaps deliberate. But when you register a domain name saying that your name is Darth Vader and that you live in Graceland, I become suspect that that domain name is probably not accurate in terms of Whois content.
Patrick Vande Walle: Thank you. Well, I had yet another question. And it relates to the size of the sample that was used for this study. On which basis was it decided that 2,400 domain names were representative of several millions of domain name registrations in the major gTLDs? It looks to me as like this sample is quite small.
William McKelligot: Yes, so this question has been addressed a couple of times. I think it was in Mexico City and again in Sydney. So the question is the power of the sample size to inform about a large population, in this case 180 million plus domain names I think is the accurate count at this point. There's some -- there is -- ICANN obtained additional more statistically sound information from NORC for the work for the members of the ALAC. But the sample size was validated and it's not uncommon for a small sample to inform about a large population.
This is -- it's the relative power of the sample and it was also -- it took into account it was proportional to how many domain names are under dot com, under dot org, registered under dot net, dot info, dot biz, so it wasn't -- I think it was accurate. It was explained to me as being accurate. Again I can obtain additional statistical information for the ALAC to kind of validate or to inquire additional as to the soundness of the sample size, but based on my background as well, it is not uncommon.
For example, here in the in US we have 240 million plus people and there's a survey that goes out every year. It's called a general social survey. And I believe the sample size is 900. And it's accurate to capture the information needed. So the sample size is, sure -- I think it's mind boggling to infer that from such a small sample we can tell what's going on in the broader population, but it's not uncommon and it's statistically based. It wasn't a number that we felt comfortable with. It was the number that made statistical sense.
Patrick Vande Walle: Thank you, William. Are there any other questions or remarks? Beau, I see one of your remarks in the chat room.
Beau Brendler: Yes, I was just saying that 2,500 happens to be the same number that I've used before for a statistically representative sample of the population of the United States. Although that's only 22 million I think, so it's a lot smaller than the universe of domain names. But --
William McKelligot: I'm sorry. What is 22 million?
Beau Brendler: Isn't 22 million the US population?
William McKelligot: 22 million --?
Beau Brendler: -- people in the US.
William McKelligot: 22 million? No, it's actually a lot more.
Beau Brendler: Oh, it's more than that. Okay. Well, then I'm arguing on your behalf.
William McKelligot: It's actually like 248 million and growing. Yes.
Beau Brendler: 248? Okay. Well in that case, that's a stronger argument for the sample size.
Patrick Vande Walle: Thank you, William. I do not hear any more questions unless someone wants to speak up?
Unidentified Participant: Yes, Patrick if you allow me?
Patrick Vande Walle: Yes, please go ahead, Rudi.
Rudi Vansnick: Well, another question I have, but perhaps that William cannot give an answer. But it's something that still hits my head from the back. What happens if a domain name registered to a proxy gets you through your (inaudible) process? How can someone now who is the real owner of it?
William McKelligot: I'm sorry. Could you repeat that last part, sir?
Rudi Vansnick: Yes, sorry. How -- in case a domain name registered through a proxy gets into the dispute rule process, how can someone discover who is the real owner of the domain name in order to get the (inaudible) running?
William McKelligot: Yes, so that's actually one of the purposes of our audit of the -- of section 3.7.7.3 of our registrar accreditation agreement to see how, if at all, registrars incorporate the spirit and the meaning of that provision in their registration agreement. Because it is made clear that when you say who the owner is, well the owner is the proxy service provider. There is a licensee to that domain name. Unless of course, the proxy service provider discloses who the licensee is. Does that make sense?
Rudi Vansnick: Yes, of course. That's one of the possible explanations, yes.
William McKelligot: So actually ICANN tends to take a very narrow and I think in all the right way, narrow approach to this in that there shouldn't be any gray areas here. So if I register a domain name, and I contract a proxy service, the proxy service provider becomes the registered name holder. We should just kind of move away from contemplating ownership, because I know that in some countries it's still kind of up in the air as to whether a domain name is a good or a service. But let's just call it a domain name registration. So who is the domain -- the registered domain name holder? In the case of a proxy service registration, it's the proxy service provider that in turn licenses it's use for a specific amount of time to a third party. So if that third party engages in some type of illegal activity with this domain name, well obviously they're going to come looking for the proxy service provider as the registered name holder unless of course the registered name holder discloses who it licensed the domain use to.
Now, I'm not saying that you don't have a lot of different stories in the practice. So obviously we've seen that there's a lot of inappropriate behavior in the domain name space. And that a lot of these rapid disclosure of who the licensee is and other requirements is not always the case. But it's what should take place.
Patrick Vande Walle: Thank you, William. I see some other questions from Dave in the chat room. Unfortunately we are already 35 minutes into our meeting. So might be interesting, if you could provide short answers to these questions, William, before we go onto the next presentation by Beau Brendler.
One of these questions is the following. Has the sample size taken into consideration the number of registrations in the dot com, org, and dot net?
William McKelligot: Absolutely. So, yes. The short answer is yes, the sample is drawn from domain names registered under the top five gTLDs, which obviously encompass dot com, dot org, and dot net.
Patrick Vande Walle: And also another of these questions is has this study provided any correlation between the private proxy registration and the dot com and dot net TLD compared to dot org? So in other words, are there more proxy registrations proportionally in the dot com and dot net than there are in the dot org for example?
William McKelligot: Yes, I don't have information to address that question. I understand it, so the question is is there a higher prevalence of privacy or proxy registration under dot org than dot com when you adjust for the number of domain names registered under that gTLD? The short answer is that I don't know. And that was actually not the focus of the study note.
Patrick Vande Walle: Yes. And another, the last of Dave's questions was whether business registrations use more the proxy product services more than noncommercial users. I guess if it's also not -- who is also not part of the study.
William McKelligot: Correct. So that falls out of the scope of our study. I mean a lot of these questions are increasingly interesting as we go down the list. It's just that again, the purpose of the study was to establish a baseline for which additional studies could be conducted in the future. I'm not committing to any study in particular; I'm just opening it up for the community to express an interest. But again, so this is a very simple, narrow, focused study to begin with.
Patrick Vande Walle: All right. Thank you very much for all these explanations, William. I would suggest now that we go onto the next presentation, which is Beau Brendler, who wants to -- who is going to brief us on the situation of the Whois discussions within the At-Large. Beau?
Beau Brendler: Sorry, I just muted myself instead of taking myself off mute. So I have a short -- just a short couple of items here on the page that should be loading up for you to look at. They have links that you can use if you want to look at some of the background for some of the statements. But basically I want to thank the -- I'm just glad that this is taking place and that we're using some real data, even though it is somewhat circumscribed, I think it's very important for us to be looking at real numbers when we're talking about these issues.
Just a couple of statements basically to try to address the issue of Whois and the perception of it within At-Large and some of the other parts of the ICANN community that represents the public interest. The general public, regular people are largely unaware of Whois and its function. I think that's fairly straightforward and not big news to anyone, but there's some backup there for people to look at.
The general public, I'm talking at this point about registrants, are about 10% of the general population. Their first exposure to privacy and proxy registration services is generally an up sell. And by that I mean that registrars are fairly aggressive -- some registrars I should say -- are fairly aggressive about selling privacy and proxy services. And some of the pitches that are made to do this are fairly strongly worded, as the one that I've listed here: as threats to online security grow increasingly sophisticated, it's important to protect your privacy by adding private registration to your domain name. So for $9 a year, this is being encouraged and certainly in certain circumstances it's probably worthwhile. But even given the numbers that were being talked about in the previous presentation, even -- let alone 20%, but even 1% of registrations would be enough to provide an enormous and robust home for cyber criminals.
So the next couple of things I wanted to say are not necessarily definitive and I think they bear some further discussion within the At-Large. I've, over the last few years, seen the At-Large take up Whois in some regards, but I don't necessarily think the community is divided on the issue as maybe is thought. I think that there is something of a geographic circumstance to this. Many of the European consumer groups I have worked with believe that US privacy laws are very weak on consumer protection. So outside the United States perhaps Whois or the circumstances of cyber criminality and fraud are not as acute as they are in the United States. Or perhaps they're as acute, but consumers have more protection from government from criminal activity.
Another possible thing to consider is that it's no secret why a large percentage of cyber criminals choose US hostings. As you see from this story here that I've quoted the US as typically the first choice of cyber criminals to host bot nets since IP address based is considered to have a good reputation.
And then the second quote, when cyber crime is mentioned it never takes long for Russia and the Ukraine to enter the picture, however while a lot of cyber criminals are based in this country as a lot of their infrastructure is housed in the west in the United States. One could make the argument that the reason for that is that we've got something of a double-edged sword between privacy concerns and free speech, the issue that has been at the heart of the Whois debate for many years as Patrick alluded to in the beginning.
I do think that Whois is probably the only issue at the moment, or at least the most problematic issue that created a distance between the NCUC/NCSG and the At-Large, or at least the consumer constituency. And in fact, Milton Mueller made this point recently, and yes, you actually are hearing me quoting Milton Mueller. He did basically characterize the division between the groups that are representing the public interest in the ICANN community as based on the Whois issue. So that's, I think, a very intelligent insight of his that we should really consider and think about.
A couple of questions I just wanted to leave people with to think about and there regards the purpose of this meeting. I'm not so sure, or I throw the question out there, isn't ALAC's statement of diverse opinions actually valuable? I'm not sure that it is and that's for us to debate. I mean is it really going to advance anything if the At-Large comes out and says we have a large range of opinions on this issue that can't be reconciled? Or that some people think this, some people think that. I'm not sure how valuable that is.
What I would suggest or what I would hope for would be perhaps some internal survey work within the At-Large or within the At-Large community that attempt to attach some real numbers, or at least something more solid to opinions than just vague characterizations, because I think that -- I don't think that the Whois perceptions from the At-Large community is as easily characterized as it once was. So you can see my last two points there: survey work needed? I'd say yes. And can we (inaudible) the research this (inaudible) At-Large and the NCSG combined too? I also think that answer is yes, so.
That's all I have on this topic. So thank you.
Patrick Vande Walle: Thank you very much, Beau. I see a question from Cheryl. Please go ahead, Cheryl.
Cheryl Langdon-Orr: Thank you very much, Patrick. And thank you in particular, Beau, for raising and introducing something I wanted to make sure we discussed or at least the very beginnings of recognition that we need to discuss on the table. You mentioned the word geography -- the geographic diversity between (inaudible) of Europe and (inaudible) Europe and America. Let me bring into the larger part of the population of the world that group that I represented as (inaudible). And you will find that diversity, dare I say the care factor at all on matters who (inaudible) is going to become more complex, not less.
And vast numbers of populations are covered and they're (inaudible) the billion and the billion, and the next billion that we will be bringing in with our new gTLDs and with airing specialized domain names have no concept of the matters that seem to be lasting (inaudible) about so far. And it will be I think very important that we've had some baseline information, not so much on the well-known theaters of Europe and America, but the less well-known -- or if they're known, the less well-matched in a survey, opinions of many, many others who live in countries and places of (inaudible) their privacy (inaudible) non-issue because it does not even exist.
Now I'm not saying anything about value judgments on that. I'm not saying about the merit or otherwise of that. I'm not saying anything about freedom of speech and why these are not a good thing, and why these are not as important as we make a global Internet more and more pervasive into these areas. But I think just as this baseline study that William has outlined in the nature of proxy services and privacy services, what's a bonus suggested, and that is a dashboard, if nothing else on opinions from our At-Large structures. And as we see more At-Large structures coming in, that dashboard information can reflect that, I think would be huge reinforcement. Thank you.
Patrick Vande Walle: Thank you, Cheryl. I think indeed it's a good idea, because you're right that up to now often discussions about privacy and the Whois contacts are often focused on the Europe versus the US. And it's true that there are other parts of the world that -- where that there are -- where there are also other contacts. For example, included on the Wiki a few links to privacy policies in ccTLDs regarding Whois and (inaudible) develop to those I've found out from a simple Google search. So I found the ones from Australia, Canada, several European countries indeed. But I didn't look any further. Obviously if you give me a Whois policy written in Japanese, there's no way I can understand what it's about. So I didn't want to link to that.
Anyway, yes, Cheryl, please go ahead.
Cheryl Langdon-Orr: Sorry. Now you know why I'm not moderating this, because I actually want to represent my part of the world, not just herd the conversation.
I think what's important is that it's not just the linguistics that such regulations or policies may have if we're looking at a (inaudible) example here. Such policy may in fact be existent or nonexistent within the CC. Within the G space, the care or concern that the same user and registrant -- future registrant, commercial or otherwise, has will be vastly different.
So I'm suggesting that if I took a random example of just my Asia Pacific At-Large structures and asked them to ask their members what they thought about Whois processes and any concerns about having a thick/thin and accurate or inaccurate (inaudible), you would find some very -- I would predict you would find some very interesting diversity, or should I say lack of care on some of those matters that have kept us well and truly occupied in the ICANN world up until now.
A number of countries had established national privacy principals, which override in all cases what has to be done to (inaudible) in the CC space. So if we're looking just to the G space, I think sort of baseline on information would be very useful. I don't think it's going to be a definitive result. I think it needs to be not -- you'll note I used the term dashboard because as consumer's savvyness, as end-user savvyness, and as registrar savvyness changes, then we also get changes in care and changes in opinion.
Patrick Vande Walle: Yes, well that sounds like an action item from this meeting, isn't it?
Cheryl Langdon-Orr: Hmm.
Patrick Vande Walle: But indeed, I think it's a good idea that we set up such a dashboard and actually ask our ALSs what that context is and what their opinions are regarding these issues because indeed apart from the few vocal participants in this matter, I don't think that we have really a good overview of what's the -- our ALSs think about these issues.
I had one additional question to Beau. Beau, you made a reference in your presentation to the way Milton Mueller characterized the ALAC and NCUC regarding the Whois. But could you share with us what he said about this issue?
Beau Brendler: Yes, he said basically that he thought that the -- kind of just how I said it. He said that the division right now, or the bad blood between the consumer constituency, which has a lot of At-Large people in it, although it's not synonymous with At-Large, and with the NCSG is just a mask for the debate about Whois. In other words, the NCSG sort of has had it, or the NCUC over time has sort of presented as an article of faith that Whois is a violation -- the universal violation of privacy for more or less everyone. I don't mean to mischaracterize there, but they have a fairly (inaudible) --
Cheryl Langdon-Orr: -- strident.
Beau Brendler: -- view I think. And there are others in the At-Large community, not just me but Garth Bruen, Danny Younger, Artists Against 419, some other groups, especially those of us who've been involved in fraud prevention and consumer protection who think that Whois is a valuable tool to give people some recourse.
So that's what he said basically. Does that make sense?
Patrick Vande Walle: Yes, thank you, Beau. Any other comments on this issue?
Cheryl Langdon-Orr: I put back into the -- I guess just more of a statement, a follow-up statement into the chat record. Cheryl here for the record. I think what is also important is that we see this as an opportunity to engage with our ALSs and the end users that they bring to our discussion table. I think it is something that people, particularly when you discuss the matter of accuracy and assumptions made from a consumer point of view, or from a registrant's point of view, we even have to go through as the -- with the herding in William's presentation and do the outreach and education that the outreach and education that exists in ownership or is just a license. We are going to cross into the CC world because end-user expectations are often created from the hearings that they have locally within their own CC environment.
So for example, I have sat yesterday in a board meeting where the government is requesting a UDA to have full verifiable checking done on every single domain name applicant and renewal for integrity and accuracy of who they are and the right to their name. And that is inclusive of dot id, dot au names.
We will now discuss that over the next 12 months and it quite possibly will simply be too damned expensive because that would mean manual checking, up to the 100 point presentation, credit card equivalents, banking equivalents. We're going to look at all those things. So there are even in countries, which do hold national private sequence all as part of their core sets of values. Because of fraud and concerns about fraud, which is actually coming to us not from the CC space, but from the G space. They've got real pressure to ensure that our CC space is looked at and is held at a, I think, extraordinarily high level of accuracy. And that's going to be, I think, not an isolated situation.
Patrick Vande Walle: Yes, but obviously I think it's more easier to check the accuracy of Whois records on a mostly national basis then it is on the real world basis like you would have in the G space.
Cheryl Langdon-Orr: Absolutely, but you won't find Australians, if they're -- if Australians agree that they will not just warrant but prove themselves and their right to a name when they do their licensing or their renewal of licensing, which in our country is every two years, right, then they will not be up in arms about the right to be hidden in a global situation because they're not hidden within the CC. Everyone can find out exactly who owns what and therefore can work (inaudible) now consumer protection and more the highly accurate way. And so that experience within the CC is going to temper the whole of my country's views on what's feasible or is not (inaudible) thing in the CC. So we do have to straddle over both of those.
Patrick Vande Walle: Thank you, Cheryl. Any other comments? Well, Dave asked a question to know the burden of correct information on Whois lies on who? The registrant? The registrar? Or ICANN?
It's a good question. Well, the short answer is that theoretically at least the burden of correct information lies on the registrant in the sense that if you provide false information, your domain name could be -- could just disappear. I don't know if this has ever happened for I would say domain names that were not registered in an abusive way. I would say domain names that were -- are not being used for phishing or other frauds, just -- I don't think that there has been a case where a providing false phone number either voluntarily or through a title has disabled someone's domain name. But I might be wrong on that. Maybe other people have other experiences.
Well, Dave says that is it not the duty of the registrar to make sure that the registrant has provided the correct information? Yes, to a certain extent the registrar could do some sanity (ph) check. But to be honest, it could maybe be easily -- be done easier in the CC space. On the global space just try to figure out that a registrar somewhere in the US has to figure out if the address you give in India or in some -- in Russia, let's say, it's indeed correct. If the registrar had to go through these sort of checks. There is also a commercial aspect and a business aspect in the sense that checking the validity of Whois data does have a cost. So who is going to bear that cost? That's another question.
Rudi Vansnick: If I may add one comment, Patrick?
Patrick Vande Walle: Yes, please go ahead, Rudi.
Rudi Vansnick: Well, I think that in any case as there is always commercial activity by grouping a domain name, there should be a tracing of the financial transaction, so at the end someone is responsible for checking who they give the domain name, otherwise you'll never get -- you'll never be paid for the service. So there is a check on this.
Cheryl Langdon-Orr: And may I respond to that slightly? Sorry about the echo. Is that me?
Patrick Vande Walle: Yes, please.
Cheryl Langdon-Orr: With the discussion in another workgroup, just in response to Rudi's point about matching the financial transactions and using validation is that as some way of validating the licensing and registrant information. That again isn't universally applicable. For example, you have very large numbers of registrants in very significant sized countries with -- we do and perhaps I suppose we need to realize that as more different levels of development of economy comes in with a different kind of practice (inaudible) coming, but we cannot assume that credit card transactions, for example, are the norm. They are not the norm in existing payments for registrations in very wide parts of Asia Pacific, including Russia. So these are strange days indeed where a cash or cash-like economy is still the norm and therefore to check whether my dollar is in some way linked to my identity is impossible. Whereas you check whether my credit card is in some way linked to my identity, it's far easier.
It does head it, unfortunately, Rudi, to a real sector of more expensive licensing proof.
Patrick Vande Walle: Yes indeed, Cheryl. You're correct. I've heard the same thoughts from people living in Africa, for example who told me that credit cards are not something common and they usually go to the ccTLD instead, rather than the ccTLD. Because for the ccTLD they can find registrar, which they can pay in cash at the local computer shop or cyber café rather than having to find a way to send money abroad. And it's very difficult if you want to register a domain name and gTLD space and you don't have a credit card. There are not many registrars who give you the option of alternative forms of payments.
Cheryl Langdon-Orr: Indeed. Money order is the other thing, which again is an anonymized form of payment. And money order is the norm as I understand it in Tatyana (ph) in Russia. And that makes differences of course to things like renewal where auto renew doesn't -- check the box for auto renew doesn't happen because auto renew relies on some form of a prepayment, more traditionally in the form of credit card (inaudible).
Patrick Vande Walle: Thank you. Well, as we're already five minutes past the hour, so are there any other comments people would like to make? If not, I would suggest that we try to figure out what the next steps after this meeting could be. One was as suggested by Beau and Cheryl, to actually survey or root our ALSs to see what their thoughts are about the Whois issues in their local context. And this could be done through the RALOs as Cheryl mentions in the chat room. Indeed the RALOs could be a good way to sort of convey the information -- aggregate the information to the ALAC.
And I'm not sure as Beau mentioned that it is valuable to have an ALAC statement just acknowledging that there are a whole set of opinions within the ALAC on this issue. I think it would be more productive for us to do some homework before we go with the statement to the board. It would be difficult to bring in something that hasn't been said in the last 10 years. But anyway, we could try. And at least we could try to find some common ground within the At-Large that would allow us to have sort of a position on which the ALAC and RALOs could agree on, even if it's a minimal position.
As Beau mentioned, we may not be that apart from each other. Some of you may know that I'm quite radical about privacy issues in the Whois. Maybe this is a cultural thing, I agree. But I also see that there are some (inaudible) that might use this for accessing registrant data and Whois is -- the issue here being that we have to know what we -- which data is being used and by whom it's being used. But I guess we could work that further.
Another comment was that are there any other studies that we could link to our Wiki? I think that there are. That there are already quite a lot on the ICANN website. It only takes some time to find them and to create the links on the Wiki. And but the hard part is actually to read them. And this is something that you should do. So I would suggest that, Cheryl, if you agree, at the next ALAC meeting we have maybe a 5 or 10 minute discussion on this issue and try to find out some wording for something we could ask the RALOs to do in the future, like collecting input from the ALSs and try to aggregate that into something that we could use as a skeleton I would say or as a strong proposal for a common position for the ALAC about the Whois.
Cheryl Langdon-Orr: And thank you for that. I'm going to be a little bit difficult to convince that we will have the time in our December meeting, like this -- I think it's, what, next week, -- yes, the 22nd -- to fit that in, but I would like to see that as a larger activity in the January meeting with a view to when we're meeting face-to-face in Nairobi, perhaps having some traditional feedback from that activity.
Patrick Vande Walle: Well, I didn't mean to do that in December. I mean --
Cheryl Langdon-Orr: Oh, whew. Thank you.
Patrick Vande Walle: We've been talking about the Whois for 10 years. I think we can wait another month to talk about that within the ALAC.
Cheryl Langdon-Orr: I'm trying to minimize the number of agenda items for our December meeting because (inaudible).
Patrick Vande Walle: And yes, you are correct. I encourage you to --
Cheryl Langdon-Orr: But let's get into -- yes, you certainly can make sure that it gets onto the future agenda. And I think we have an opportunity to get some preparation done before the face-to-face in Nairobi that way.
Patrick Vande Walle: Okay, that's fine. Any other comments from anyone? If not, I would like to thank you all for attending this meeting. I would like to especially thank William for his presentation and Beau also. And always those of you who have participated. So I wish you all a very good day, afternoon, evening, night, depending where you are. And hope to hear and see you soon. Bye-bye.
Cheryl Langdon-Orr: Thank you.
Unidentified Participant: Thanks, Patrick.
