Page History

Versions Compared

Old Version 1

changes.mady.by.user Alac Temp

Saved on Apr 01, 2011

compared with

New Version 2

changes.mady.by.user Alac Temp

Saved on Apr 01, 2011

Key

This line was added.
This line was removed.
Formatting was changed.

Wiki Markup
\| h2. [Revision 14\|https://st.icann.org/alac-docs/index.cgi?;revision_id=20081008095621;action=revision_view;page_id=statement_on_whois_hypothesis_working_group_studies_al_alac_st_0908_3] Tags:  \\ By:  Nick Ashton-Hart on Oct 8 2:56am \| h2. [Revision 15\|https://st.icann.org/alac-docs/index.cgi?;revision_id=20081014101209;action=revision_view;page_id=statement_on_whois_hypothesis_working_group_studies_al_alac_st_0908_3] Tags: \\ By:  Nick Ashton-Hart on Oct 14 3:12am \| \| Multi-language Versions: "SiZH"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - siZH.doc} "RU"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - RU.doc}  "FR"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - FR.doc} "ES"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - ES.doc}  "AR"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - AR.doc} \| Multi-language Versions: "SiZH"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - siZH.doc} "RU"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - RU.doc}  "FR"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - FR.doc} "ES"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - ES.doc}  "AR"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - AR.doc}0908_3] Tags:  \\ By:  Nick Ashton-Hart on Oct 14 3:12am \| \| \\ \| \\ \| \| \| \| \| \---\- \| \---\- \| \| \| \| \| \STATUS OF THIS DOCUMENT:\ Available for community comment. \\ \COMMENT DEADLINE: 10th October 2008, 1200 UTC \| \STATUS OF THIS DOCUMENT:\ Comments incorporated; document in final form. \\ \COMMENT DEADLINE: 10th October 2008, 1200 UTC \| \| \NEXT STEP FOR THIS DOCUMENT: Final draft incorporating comments left will be voted on by the ALAC at their 14th October 2008 meeting. \\ \| \NEXT STEP FOR THIS DOCUMENT: Final draft incorporating comments will be voted on by the ALAC at their 14th October 2008 meeting. \\ \| \| \---\- \| \---\- \| \| \| \| \| \Preliminary Note\ \| \Preliminary Note\ \| \| \| \| \| We note there is no clear distinction in the document between whois services, as provided through whois servers compliant to RFC3192 and whois-like services provided through web-based systems. The differences are important in analyzing how the systems can be misused. \| The At-Large Advisory Committee (ALAC) wishes to convey to the GGNSO Council the ALAC's views on the report prepared by the Whois Study Hypothesis Group, which can be found at following URL: The report to which this Statement pertains may be found at \[http://gnso.icann.org/issues/whois/whois-study-hypothesis-group-report-to-council-26aug08.pdf. \\ \] The ALAC wishes to thank the members of the ALAC community who participated in this statement:  Carlton Samuels, Alan Greenberg, Danny Younger, Patrick Vande Walle and anonymous contributors. \\ We note there is no clear distinction in the document between whois services, as provided through whois servers compliant to RFC3192 and whois-like services provided through web-based systems. The differences are important in analyzing how the systems can be misused. \| \| \| \| \| The text-based whois service suffers from its simplicity. It makes bulk data download easy. To the contrary, web based whois systems can be better tailored to limit bulk queries through catpcha validations or other techniques. \\ \| The text-based whois service suffers from its simplicity. It makes bulk data download easy. To the contrary, a web based whois systems can be better tailored to limit bulk queries through captcha validations or other techniques. \\ \| \| With regard to the text-based version of whois, we note and agree with the writers of RFC 3912: "The WHOIS protocol has not been internationalised. The WHOIS protocol has no mechanism for indicating the character set in use. \[...\] This inability to predict or express text encoding has adversely impacted the interoperability (and, therefore, usefulness) of the WHOIS protocol." RFC 3912 further elaborates that: "The WHOIS protocol has no provisions for strong security. WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly, WHOIS-based services should only be used for information which is non-sensitive and intended to be accessible to everyone. The absence of such security mechanisms means this protocol would not normally be acceptable to the IETF at the time of this writing". \| With regard to the text-based version of whois, we note and agree with the writers of RFC 3912: "The WHOIS protocol has not been internationalised. The WHOIS protocol has no mechanism for indicating the character set in use. \[...\] This inability to predict or express text encoding has adversely impacted the interoperability (and, therefore, usefulness) of the WHOIS protocol." RFC 3912 further elaborates that: "The WHOIS protocol has no provisions for strong security. WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly, WHOIS-based services should only be used for information which is non-sensitive and intended to be accessible to everyone. The absence of such security mechanisms means this protocol would not normally be acceptable to the IETF at the time of this writing". \| \| \| \| \| With the above in mind, the ALAC considers that the text-based whois services do not serve the needs of the community anymore. This includes the support of non-ASCII character sets, granularity of displayed data, access rights and auditing. We urge the GNSO to consider a new whois-like service with would provide granular access rights to registrant information and proper auditing of accesses, as well as the support for non-ASCII character sets. In this respect, we draw the attention of the GNSO to the SSAC recommendation expressed in SSAC-033 \[http://www.icann.org/en/committees/security/sac033.pdf \\ \] \| With the above in mind, the ALAC considers that the text-based whois services do not serve the needs of the community anymore. This includes: \\ \* The support of non-ASCII character sets; \\ \* Control of the granularity of displayed data; \\ \* The management of access rights and the auditing of accesses; \\ \* The compliance of the Whois services with the legal requirements registrars and registries are subject to. \\ \\ We urge the GNSO to consider a new whois-like service with would provide granular access rights to registrant information and proper auditing of accesses, as well as the support for non-ASCII character sets. In this respect, we draw the attention of the GNSO to the SSAC recommendation expressed in SSAC-033 \[http://www.icann.org/en/committees/security/sac033.pdf. \\ \] \| \| \Area 1 WHOIS Misuse Studies\ \| More generally, the ALAC support the GNSO council's definition of the of the purpose of the whois, as expressed at the GNSO council meeting of 12 April 2006: "The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver." \\ On the GNSO Whois hypothesis working group studies report, we would like to make the following comments: \\ \Area 1 WHOIS Misuse Studies\ \| \| \| \| \| Comment 21 and GAC data set 2: Other cases of misuse have been reported, like identifying political opponents and other people persecuted for their opinions. \| Comment 21 and GAC data set 2: Other cases of misuse have been reported, like identifying political opponents and other people persecuted for their opinions. \| \| \| \| \| \Area 2 Compliance with data protection laws and the Registrar Accreditation Agreement\ \| \Area 2 Compliance with data protection laws and the Registrar Accreditation Agreement\ \| \| \| \| \| If local laws allow a registrant (natural person) to oppose the publication of his/her data in databases like the public whois, he/she should still be allowed to register a domain name. Further analysis is needed to see if: \| If local laws allow a registrant (natural person) to oppose the publication of his/her data in databases like the public whois, he/she should still be allowed to register a domain name. Further analysis is needed to see if: \| \| \| \| \| \* Provisions under 3.3.1 and 3.3.6 of the Registrar Accreditation agreement are compatible with the local laws of the Registrar \| \* Provisions under 3.3.1 and 3.3.6 of the Registrar Accreditation agreement are compatible with the local laws of the Registrar \| \| \* If the failure to comply with these provisions by a Registrar because of local laws can lead to the termination of the RAA for said Registrar. \| \* If the failure to comply with these provisions by a Registrar because of local laws can lead to the termination of the RAA for said Registrar. \| \| \| \| \| Further analysis is needed regarding the export of registrant data from one country to another. It may be the case that a registrar located in country X is not allowed by law to export natural persons data to a registry in country Y. This matter is further complicated if the registry subcontracts the technical backend to an operator with its registered address in country Z and its data operations in yet another country. \| Further analysis is needed regarding the export of registrant data from one country to another. It may be the case that a registrar located in country X is not allowed by law to export natural persons data to a registry in country Y. This matter is further complicated if the registry subcontracts the technical backend to an operator with its registered address in country Z and its data operations in yet another country. \| \| \| \| \| \Area 5 Impact of WHOIS data protection on crime and abuse\ \| With regard to gTLD registries, the ALAC notes that registry agreements include requirements for whois services which may be incompatible with the legal requirements some registries may be subject to under local law. Further analysis is needed to see if the inability for a registry to comply with ICANN's generally accepted whois requirement could be used as an eliminating criterion in the comparative evaluation process under new gTLD program. If this were the case, the ALAC fears it would distort the evaluation process in favour of registries located in countries or regions with less stringent privacy laws.       \\ Area 3  Availability of privacy services \\ With regard to the cost of proxy services, it should be noted some registrars may be mandated to offer free proxy services to private individuals under local law. \\ \Area 5 Impact of WHOIS data protection on crime and abuse\ \| \| \| \| \| Regarding GAC comment 1, it is important to define what is "the legitimate use of gTLD WHOIS data" and who are those entities, who can invoke it and how. \| Regarding GAC comment 1, it is important to define what is "the legitimate use of gTLD WHOIS data" and who are those entities, who can invoke it and how. \| \| \| \| \| \Area 6 Proxy registrar compliance with law enforcement and dispute resolution requests\ \| \Area 6 Proxy registrar compliance with law enforcement and dispute resolution requests\ \| \| \| \| \| Regarding Metalitz comment: It may be true that some registrars operating proxy/privacy services are not revealing registrant data when requested in a UDRP proceeding. These registrars may be prevented to do so under local law. UDRP is an arbitral, not a legal, process. Different rules may apply, depending on local law. Further analysis is needed to see if the UDRP process is compatible with the laws the registrars have to comply with. \\ \| Regarding Steve Metalitz' comment: It may be true that some registrars operating proxy/privacy services are not revealing registrant data when requested in a UDRP proceeding. These registrars may be prevented to do so under local law. UDRP is an arbitration process, not a legal process. Different rules may apply, depending on local law. Further analysis is needed to see if the UDRP process is compatible with the laws the registrars have to comply with. \\ \| \| \Area 7 WHOIS data accuracy and general considerations\ \\ \| \Area 7 WHOIS data accuracy\ \\ \| \| As noted in the report, "The use of non-ASCII character sets in Whois records will detract from data accuracy and readability". This matches the comments we made in the preliminary note above. The whois hypotheses study group should investigate if alternative systems would allow better support for non-ASCII character sets, both in the domain names themselves and in the registrant data. \\ \| As noted in the report, "The use of non-ASCII character sets in Whois records will detract from data accuracy and readability". This matches the comments we made in the preliminary note above. The Whois Hypothesis study group should investigate if alternative systems would allow better support for non-ASCII character sets, both in the domain names themselves and in the registrant data. \\ \| \| \--\- \\ I reaffirm these concerns: 1) The existing text-based whois service is unfit to purpose 2) Introducing non-ASCII characters in whois data tends to muddle rather than give clarity 3) there should be a minimum set of whois data that is required by solemn agreement and enforced by the RAA 4) All access to whois data must be auditable. \| \---\- \\ \---\- \\ I reaffirm these concerns: 1) The existing text-based whois service is unfit to purpose 2) Introducing non-ASCII characters in whois data tends to muddle rather than give clarity 3) there should be a minimum set of whois data that is required by solemn agreement and enforced by the RAA 4) All access to whois data must be auditable. \| \| \| \| \| Carlton Samuels \| Carlton Samuels \| \| \| \| \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 13:20:43 GMT}_ \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 13:20:43 GMT}_ \| \| \| \| \| \--\- \| \--\- \| \| A comment such as this would have far more impact if it included somewhere, the lineage of the comment. That is, how was it created and by whom. \| A comment such as this would have far more impact if it included somewhere, the lineage of the comment. That is, how was it created and by whom. \| \| \| \| \| \_contributed by {user: alan.greenberg@mcgill.ca} on {date: 2008-10-03 14:54:34 GMT}_ \| \_contributed by {user: alan.greenberg@mcgill.ca} on {date: 2008-10-03 14:54:34 GMT}_ \| \| \| \| \| \--\- \| \--\- \| \| There are technical and legal methods in reducing the bulk data abuse of whois (port 43). But, what about 'legitimate' bulk access? Ie. I have a bunch of spam, I want to a program to check the whois data on the links so I can identify if it is from the same spammer? By blocking port 43 access, I cannot do that. \| There are technical and legal methods in reducing the bulk data abuse of whois (port 43). But, what about 'legitimate' bulk access? Ie. I have a bunch of spam, I want to a program to check the whois data on the links so I can identify if it is from the same spammer? By blocking port 43 access, I cannot do that. \| \| \| \| \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 15:19:45 GMT}_ \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 15:19:45 GMT}_ \| \| \| \| \| \--\- \| \--\- \| \| Having participated in the Council's Working Group, allow me to reiterate the conclusion reached:  "There was not agreement in the Whois Studies volunteer group regarding whether or not any studies should be conducted."  I was part of the contingent opposed to the notion of further studies for the following reasons: \| Having participated in the Council's Working Group, allow me to reiterate the conclusion reached:  "There was not agreement in the Whois Studies volunteer group regarding whether or not any studies should be conducted."  I was part of the contingent opposed to the notion of further studies for the following reasons: \| \| \| \| \| 1.  Studies are being used as a delaying tactic by parties unwilling to accept the Council's duly-voted-upon WHOIS definition:  "The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver." \| 1.  Studies are being used as a delaying tactic by parties unwilling to accept the Council's duly-voted-upon WHOIS definition:  "The purpose of the gTLD Whois service is to provide information sufficient to contact a responsible party for a particular gTLD domain name who can resolve, or reliably pass on data to a party who can resolve, issues related to the configuration of the records associated with the domain name within a DNS nameserver." \| \| 2.  We have now wasted 2 1/2 years since the definition was adopted instead of moving forward with policy development. \| 2.  We have now wasted 2 1/2 years since the definition was adopted instead of moving forward with policy development. \| \| 3.  Even when the ICANN Board resolves to commence studies (such as via the 18 October 2006 Resolution on Economic Studies), those studies never seem to see the light of day. \| 3.  Even when the ICANN Board resolves to commence studies (such as via the 18 October 2006 Resolution on Economic Studies), those studies never seem to see the light of day. \| \| \| \| \| Approving more studies is nothing but a poorly-disguised effort to further delay policy development activities.  If you are someone who wants no changes in the WHOIS for the next several years, then feel free to ask for more studies that will only tell us what we already know. \| Approving more studies is nothing but a poorly-disguised effort to further delay policy development activities.  If you are someone who wants no changes in the WHOIS for the next several years, then feel free to ask for more studies that will only tell us what we already know. \| \| \| \| \| Danny Younger \| Danny Younger \| \| \| \| \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 20:29:39 GMT}_ \| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 20:29:39 GMT}_ \| \| \| \| \| \--\- \| \--\- \| \| Hypothesis: \| Hypothesis: \| \| \| \| \| With regard to the process to select new gTLD operators, there may be requirements in the RFP that new gTLD operators have to provide whois services similar to those the incumbents already provide. A problem may arise if a potential gTLD operator is based in a country where privacy laws restrict the amount and type of data provided through whois services. \| With regard to the process to select new gTLD operators, there may be requirements in the RFP that new gTLD operators have to provide whois services similar to those the incumbents already provide. A problem may arise if a potential gTLD operator is based in a country where privacy laws restrict the amount and type of data provided through whois services. \| \| \| \| \| Utility: \| Utility: \| \| \| \| \| If the potential operator does not meet the requirements, he could be eliminated during the selection process. This would effectively distort the selection process in favour of those operators located in countries with weak or no privacy laws. \| If the potential operator does not meet the requirements, he could be eliminated during the selection process. This would effectively distort the selection process in favour of those operators located in countries with weak or no privacy laws. \| \| \| \| \| How the hypothesis could be falsified: \| How the hypothesis could be falsified: \| \| \| \| \| If the RFP for new gTLD submissions includes provisions that whois services need to be offered only to the extent allowed by local and international laws, and that this criterion will not be used to eliminate applicants, especially in case of string contention. \| If the RFP for new gTLD submissions includes provisions that whois services need to be offered only to the extent allowed by local and international laws, and that this criterion will not be used to eliminate applicants, especially in case of string contention. \| \| \| \| \| \_contributed by {user: patrick@vande-walle.eu} on {date: 2008-10-04 17:20:11 GMT}_ \| \_contributed by {user: patrick@vande-walle.eu} on {date: 2008-10-04 17:20:11 GMT}_ \| \| \| \|

Wiki Markup

| h2. [Revision 14|https://st.icann.org/alac-docs/index.cgi?;revision_id=20081008095621;action=revision_view;page_id=statement_on_whois_hypothesis_working_group_studies_al_alac_st_0908_3]
Tags:&nbsp; \\
 By:&nbsp; Nick Ashton-Hart on Oct 8 2:56am | h2. [Revision 15|https://st.icann.org/alac-docs/index.cgi?;revision_id=20081014101209;action=revision_view;page_id=statement_on_whois_hypothesis_working_group_studies_al_alac_st_0908_3]
Tags:&nbsp;\\
 By:&nbsp; Nick Ashton-Hart on Oct 14 3:12am |
| Multi-language  Versions: "SiZH"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS  Hypothesis WG - siZH.doc} "RU"{file: AL.ALAC-ST-0908-3 ALAC Statement on  WHOIS Hypothesis WG - RU.doc} &nbsp;"FR"{file: AL.ALAC-ST-0908-3 ALAC  Statement on WHOIS Hypothesis WG - FR.doc} "ES"{file: AL.ALAC-ST-0908-3  ALAC Statement on WHOIS Hypothesis WG - ES.doc} &nbsp;"AR"{file:  AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - AR.doc} | Multi-language  Versions: "SiZH"{file: AL.ALAC-ST-0908-3 ALAC Statement on WHOIS  Hypothesis WG - siZH.doc} "RU"{file: AL.ALAC-ST-0908-3 ALAC Statement on  WHOIS Hypothesis WG - RU.doc} &nbsp;"FR"{file: AL.ALAC-ST-0908-3 ALAC  Statement on WHOIS Hypothesis WG - FR.doc} "ES"{file: AL.ALAC-ST-0908-3  ALAC Statement on WHOIS Hypothesis WG - ES.doc} &nbsp;"AR"{file:  AL.ALAC-ST-0908-3 ALAC Statement on WHOIS Hypothesis WG - AR.doc}0908_3]
Tags:&nbsp; \\
By:&nbsp; Nick Ashton-Hart on Oct 14 3:12am |
| \\ | \\ |
| | |
| \---\- | \---\- |
| | |
| \*STATUS OF THIS DOCUMENT:\* Available for community comment. \\
\*COMMENT DEADLINE*: 10th October 2008, 1200 UTC | \*STATUS OF THIS DOCUMENT:\* Comments incorporated; document in final form. \\
\*COMMENT DEADLINE*: 10th October 2008, 1200 UTC |
| \*NEXT STEP FOR THIS DOCUMENT: Final draft incorporating comments left will be voted on by the ALAC at their 14th October 2008 meeting. \\ | \*NEXT STEP FOR THIS DOCUMENT: Final draft incorporating comments will be  voted on by the ALAC at their 14th October 2008 meeting. \\ |
| \---\- | \---\- |
| | |
| \*Preliminary Note\* | \*Preliminary Note\* |
| | |
| We note there is no clear distinction in the document between whois  services, as provided through whois servers compliant to RFC3192 and  whois-like services provided through web-based systems. The differences  are important in analyzing how the systems can be misused. | The At-Large Advisory Committee  (ALAC) wishes to convey to the GGNSO Council the ALAC's views on the  report prepared by the Whois Study Hypothesis Group, which can be found  at following URL: The report to which this Statement pertains may be  found at \[http://gnso.icann.org/issues/whois/whois-study-hypothesis-group-report-to-council-26aug08.pdf. \\
\] The ALAC wishes to thank the members of the ALAC community who  participated in this statement: &nbsp;Carlton Samuels, Alan Greenberg, Danny  Younger, Patrick Vande Walle and anonymous contributors. \\
We note there is no clear distinction in the document between  whois services, as provided through whois servers compliant to RFC3192  and whois-like services provided through web-based systems. The  differences are important in analyzing how the systems can be misused. |
| | |
| The text-based whois service suffers from its simplicity. It makes bulk  data download easy. To the contrary, web based whois systems can be  better tailored to limit bulk queries through catpcha validations or other techniques. \\ | The text-based whois service suffers from its simplicity. It makes bulk data download easy. To the contrary, a web based whois systems can be better tailored to limit bulk queries through captcha validations or other techniques. \\ |
| With regard to the text-based version of whois, we note and agree with  the writers of RFC 3912: "The WHOIS protocol has not been  internationalised. The WHOIS protocol has no mechanism for indicating  the character set in use. \[...\] This inability to predict or express  text encoding has adversely impacted the interoperability (and,  therefore, usefulness) of the WHOIS protocol." RFC 3912 further  elaborates that: "The WHOIS protocol has no provisions for strong  security. WHOIS lacks mechanisms for access control, integrity, and  confidentiality. Accordingly, WHOIS-based services should only be used  for information which is non-sensitive and intended to be accessible to  everyone. The absence of such security mechanisms means this protocol  would not normally be acceptable to the IETF at the time of this  writing". | With regard to the text-based version of whois, we note and agree with  the writers of RFC 3912: "The WHOIS protocol has not been  internationalised. The WHOIS protocol has no mechanism for indicating  the character set in use. \[...\] This inability to predict or express  text encoding has adversely impacted the interoperability (and,  therefore, usefulness) of the WHOIS protocol." RFC 3912 further  elaborates that: "The WHOIS protocol has no provisions for strong  security. WHOIS lacks mechanisms for access control, integrity, and  confidentiality. Accordingly, WHOIS-based services should only be used  for information which is non-sensitive and intended to be accessible to  everyone. The absence of such security mechanisms means this protocol  would not normally be acceptable to the IETF at the time of this  writing". |
| | |
| With the above in mind, the ALAC considers that the text-based whois  services do not serve the needs of the community anymore. This includes the support of non-ASCII character sets, granularity of displayed data, access rights and auditing. We  urge the GNSO to consider a new whois-like service with would provide  granular access rights to registrant information and proper auditing of  accesses, as well as the support for non-ASCII character sets. In this  respect, we draw the attention of the GNSO to the SSAC recommendation  expressed in SSAC-033 \[http://www.icann.org/en/committees/security/sac033.pdf \\
\] | With the above in mind, the ALAC considers that the text-based whois  services do not serve the needs of the community anymore. This includes: \\
\* The support of non-ASCII character sets; \\
\* Control of the granularity of displayed data; \\
\* The management of access rights and the auditing of accesses; \\
\* The compliance of the Whois services with the legal requirements registrars and registries are subject to. \\
\\
We urge the GNSO to consider a new whois-like service with would  provide granular access rights to registrant information and proper  auditing of accesses, as well as the support for non-ASCII character  sets. In this respect, we draw the attention of the GNSO to the SSAC  recommendation expressed in SSAC-033 \[http://www.icann.org/en/committees/security/sac033.pdf. \\
\] |
| \*Area 1 WHOIS Misuse Studies\* | More generally, the ALAC support the GNSO council's definition of the of  the purpose of the whois, as expressed at the GNSO council meeting of  12 April 2006: "The purpose of the gTLD Whois service is to provide  information sufficient to contact a responsible party for a particular  gTLD domain name who can resolve, or reliably pass on data to a party  who can resolve, issues related to the configuration of the records  associated with the domain name within a DNS nameserver." \\
On the GNSO Whois hypothesis working group studies report, we would like to make the following comments: \\
\*Area 1 WHOIS Misuse Studies\* |
| | |
| Comment 21 and GAC data set 2: Other cases of misuse have been reported,  like identifying political opponents and other people persecuted for  their opinions. | Comment 21 and GAC data set 2: Other cases of misuse have been reported,  like identifying political opponents and other people persecuted for  their opinions. |
| | |
| \*Area 2 Compliance with data protection laws and the Registrar Accreditation Agreement\* | \*Area 2 Compliance with data protection laws and the Registrar Accreditation Agreement\* |
| | |
| If local laws allow a registrant (natural person) to oppose the  publication of his/her data in databases like the public whois, he/she  should still be allowed to register a domain name. Further analysis is  needed to see if: | If local laws allow a registrant (natural person) to oppose the  publication of his/her data in databases like the public whois, he/she  should still be allowed to register a domain name. Further analysis is  needed to see if: |
| | |
| \* Provisions under 3.3.1 and 3.3.6 of the Registrar Accreditation agreement are compatible with the local laws of the Registrar | \* Provisions under 3.3.1 and 3.3.6 of the Registrar Accreditation agreement are compatible with the local laws of the Registrar |
| \* If the failure to comply with these provisions by a Registrar because  of local laws can lead to the termination of the RAA for said Registrar. | \* If the failure to comply with these provisions by a Registrar because  of local laws can lead to the termination of the RAA for said Registrar. |
| | |
| Further analysis is needed regarding the export of registrant data from  one country to another. It may be the case that a registrar located in  country X is not allowed by law to export natural persons data to a  registry in country Y. This matter is further complicated if the  registry subcontracts the technical backend to an operator with its  registered address in country Z and its data operations in yet another  country. | Further analysis is needed regarding the export of registrant data from  one country to another. It may be the case that a registrar located in  country X is not allowed by law to export natural persons data to a  registry in country Y. This matter is further complicated if the  registry subcontracts the technical backend to an operator with its  registered address in country Z and its data operations in yet another  country. |
| | |
| \*Area 5 Impact of WHOIS data protection on crime and abuse\* | With regard to gTLD registries, the ALAC notes that registry agreements  include requirements for whois services which may be incompatible with  the legal requirements some registries may be subject to under local  law. Further analysis is needed to see if the inability for a registry  to comply with ICANN's generally accepted whois requirement could be  used as an eliminating criterion in the comparative evaluation process  under new gTLD program. If this were the case, the ALAC fears it would  distort the evaluation process in favour of registries located in  countries or regions with less stringent privacy laws. &nbsp; &nbsp; &nbsp; \\
Area 3 &nbsp;Availability of privacy services \\
With regard to the cost of proxy services, it should be noted some  registrars may be mandated to offer free proxy services to private  individuals under local law. \\
\*Area 5 Impact of WHOIS data protection on crime and abuse\* |
| | |
| Regarding GAC comment 1, it is important to define what is "the  legitimate use of gTLD WHOIS data" and who are those entities, who can  invoke it and how. | Regarding GAC comment 1, it is important to define what is "the  legitimate use of gTLD WHOIS data" and who are those entities, who can  invoke it and how. |
| | |
| \*Area 6 Proxy registrar compliance with law enforcement and dispute resolution requests\* | \*Area 6 Proxy registrar compliance with law enforcement and dispute resolution requests\* |
| | |
| Regarding Metalitz comment:  It may be true that some registrars operating proxy/privacy services  are not revealing registrant data when requested in a UDRP proceeding.  These registrars may be prevented to do so under local law. UDRP is an arbitral, not a legal, process.  Different rules may apply, depending on local law. Further analysis is  needed to see if the UDRP process is compatible with the laws the  registrars have to comply with. \\ | Regarding Steve Metalitz' comment:  It may be true that some registrars operating proxy/privacy services  are not revealing registrant data when requested in a UDRP proceeding.  These registrars may be prevented to do so under local law. UDRP is an arbitration process, not a legal process.  Different rules may apply, depending on local law. Further analysis is  needed to see if the UDRP process is compatible with the laws the  registrars have to comply with. \\ |
| \*Area 7 WHOIS data accuracy and general considerations\* \\ | \*Area 7 WHOIS data accuracy\* \\ |
| As noted in the report, "The use of non-ASCII character sets in Whois  records will detract from data accuracy and readability". This matches  the comments we made in the preliminary note above. The whois hypotheses study group should investigate if alternative systems would allow  better support for non-ASCII character sets, both in the domain names  themselves and in the registrant data. \\ | As noted in the report, "The use of non-ASCII character sets in Whois  records will detract from data accuracy and readability". This matches  the comments we made in the preliminary note above. The Whois Hypothesis study group should investigate if alternative systems would allow  better support for non-ASCII character sets, both in the domain names  themselves and in the registrant data. \\ |
| \--\- \\
I reaffirm these concerns: 1) The existing text-based whois  service is unfit to purpose 2) Introducing non-ASCII characters in whois  data tends to muddle rather than give clarity 3) there should be a  minimum set of whois data that is required by solemn agreement and  enforced by the RAA 4) All access to whois data must be auditable. | \---\- \\
\---\- \\
I reaffirm these concerns: 1) The existing text-based whois  service is unfit to purpose 2) Introducing non-ASCII characters in whois  data tends to muddle rather than give clarity 3) there should be a  minimum set of whois data that is required by solemn agreement and  enforced by the RAA 4) All access to whois data must be auditable. |
| | |
| Carlton Samuels | Carlton Samuels |
| | |
| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 13:20:43 GMT}_ | \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 13:20:43 GMT}_ |
| | |
| \--\- | \--\- |
| A comment such as this would have far more impact if it included  somewhere, the lineage of the comment. That is, how was it created and  by whom. | A comment such as this would have far more impact if it included  somewhere, the lineage of the comment. That is, how was it created and  by whom. |
| | |
| \_contributed by {user: alan.greenberg@mcgill.ca} on {date: 2008-10-03 14:54:34 GMT}_ | \_contributed by {user: alan.greenberg@mcgill.ca} on {date: 2008-10-03 14:54:34 GMT}_ |
| | |
| \--\- | \--\- |
| There are technical and legal methods in reducing the bulk data abuse of  whois (port 43). But, what about 'legitimate' bulk access? Ie. I have a  bunch of spam, I want to a program to check the whois data on the links  so I can identify if it is from the same spammer? By blocking port 43  access, I cannot do that. | There are technical and legal methods in reducing the bulk data abuse of  whois (port 43). But, what about 'legitimate' bulk access? Ie. I have a  bunch of spam, I want to a program to check the whois data on the links  so I can identify if it is from the same spammer? By blocking port 43  access, I cannot do that. |
| | |
| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 15:19:45 GMT}_ | \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 15:19:45 GMT}_ |
| | |
| \--\- | \--\- |
| Having participated in the Council's Working Group, allow me to  reiterate the conclusion reached: &nbsp;"There was not agreement in the Whois  Studies volunteer group regarding whether or not any studies should be  conducted." &nbsp;I was part of the contingent opposed to the notion of  further studies for the following reasons: | Having participated in the Council's Working Group, allow me to  reiterate the conclusion reached: &nbsp;"There was not agreement in the Whois  Studies volunteer group regarding whether or not any studies should be  conducted." &nbsp;I was part of the contingent opposed to the notion of  further studies for the following reasons: |
| | |
| 1. &nbsp;Studies are being used as a delaying tactic by parties unwilling to  accept the Council's duly-voted-upon WHOIS definition: &nbsp;"The purpose of  the gTLD Whois service is to provide information sufficient to contact a  responsible party for a particular gTLD domain name who can resolve, or  reliably pass on data to a party who can resolve, issues related to the  configuration of the records associated with the domain name within a  DNS nameserver." | 1. &nbsp;Studies are being used as a delaying tactic by parties unwilling to  accept the Council's duly-voted-upon WHOIS definition: &nbsp;"The purpose of  the gTLD Whois service is to provide information sufficient to contact a  responsible party for a particular gTLD domain name who can resolve, or  reliably pass on data to a party who can resolve, issues related to the  configuration of the records associated with the domain name within a  DNS nameserver." |
| 2. &nbsp;We have now wasted 2 1/2 years since the definition was adopted instead of moving forward with policy development. | 2. &nbsp;We have now wasted 2 1/2 years since the definition was adopted instead of moving forward with policy development. |
| 3. &nbsp;Even when the ICANN Board resolves to commence studies (such as via  the 18 October 2006 Resolution on Economic Studies), those studies never  seem to see the light of day. | 3. &nbsp;Even when the ICANN Board resolves to commence studies (such as via  the 18 October 2006 Resolution on Economic Studies), those studies never  seem to see the light of day. |
| | |
| Approving more studies is nothing but a poorly-disguised effort to  further delay policy development activities. &nbsp;If you are someone who  wants no changes in the WHOIS for the next several years, then feel free  to ask for more studies that will only tell us what we already know. | Approving more studies is nothing but a poorly-disguised effort to  further delay policy development activities. &nbsp;If you are someone who  wants no changes in the WHOIS for the next several years, then feel free  to ask for more studies that will only tell us what we already know. |
| | |
| Danny Younger | Danny Younger |
| | |
| \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 20:29:39 GMT}_ | \_contributed by {user: guest@socialtext.net} on {date: 2008-10-03 20:29:39 GMT}_ |
| | |
| \--\- | \--\- |
| Hypothesis: | Hypothesis: |
| | |
| With regard to the process to select new gTLD operators, there may be  requirements in the RFP that new gTLD operators have to provide whois  services similar to those the incumbents already provide. A problem may  arise if a potential gTLD operator is based in a country where privacy  laws restrict the amount and type of data provided through whois  services. | With regard to the process to select new gTLD operators, there may be  requirements in the RFP that new gTLD operators have to provide whois  services similar to those the incumbents already provide. A problem may  arise if a potential gTLD operator is based in a country where privacy  laws restrict the amount and type of data provided through whois  services. |
| | |
| Utility: | Utility: |
| | |
| If the potential operator does not meet the requirements, he could be  eliminated during the selection process. This would effectively distort  the selection process in favour of those operators located in countries  with weak or no privacy laws. | If the potential operator does not meet the requirements, he could be  eliminated during the selection process. This would effectively distort  the selection process in favour of those operators located in countries  with weak or no privacy laws. |
| | |
| How the hypothesis could be falsified: | How the hypothesis could be falsified: |
| | |
| If the RFP for new gTLD submissions includes provisions that whois  services need to be offered only to the extent allowed by local and  international laws, and that this criterion will not be used to  eliminate applicants, especially in case of string contention. | If the RFP for new gTLD submissions includes provisions that whois  services need to be offered only to the extent allowed by local and  international laws, and that this criterion will not be used to  eliminate applicants, especially in case of string contention. |
| | |
| \_contributed by {user: patrick@vande-walle.eu} on {date: 2008-10-04 17:20:11 GMT}_ | \_contributed by {user: patrick@vande-walle.eu} on {date: 2008-10-04 17:20:11 GMT}_ |
| | |

Content

Space Tools

Versions Compared

Old Version 1

New Version 2

Key