[ALAC] Analysis of WHOIS AoC RT Recommendations.

Alan Greenberg alan.greenberg at mcgill.ca
Tue Sep 4 22:05:30 UTC 2012


Sala, my comments below.

At 04/09/2012 02:34 PM, Salanieta T. Tamanikaiwaimaro wrote:

>Dear Alan, and fellow ALAC,
>
>I find that the fact that the controversy within the GNSO where they 
>questioned your standing as improper. Since this is the second 
>incident at least that I have become aware of, I would suggest that 
>the ALAC Chair has a chat with the GNSO Chair to raise our concerns. 
>My view is that ALAC liaisons represent the ALAC and act as a bridge 
>and to insult Alan is to insult us all. This can be done 
>diplomatically of course. As promised, I found the time, lost a few 
>hours but all for a good cause...
>[]
> Well I am off to breakfast...got something else due today.

Although at times individuals have questions whether I am properly 
representing the ALAC, that has not happened in regard to this topic, 
and it has never happened at a formal GNSO level, always by individuals.


>After reading the Whois Report (92 pages) [referred to as "Report" 
>in my comments] and your assessment of which recommendations do not 
>require any prior Policy development. These are my comments in 
>response to your call for feedback.
>
>Recommendation1: To make Whois a Strategic Priority
>The commissioning of the Review by ICANN is an indication of the 
>strategic importance and manner in which the Review Team was 
>constituted. However, ICANN needs to  monitor and evaluate the 
>implementation process. As far as the GNSO is concerned they have 
>following advice from the GAC undertaken to do four studies namely 
>the Whois Misuse Study; Whois Proxy and Privacy Abuse; Whois 
>Registrant Identification and Whois Proxy & Privacy Relay and Reveal 
>Study which the Report says is due for completion in 2012. I am not 
>sure what the status of the Studies are but I can only hypothesize 
>that to the extent that this would affect existing consensus 
>Policies, then parts of the PDP may apply. However, if the existing 
>consensus policies address in principle areas that may require a PDP 
>process then we should be open to that. I understand that this may 
>be a negligible caveat.

It is correct that addressing the substantive Whois issues may well 
require (well, almost surely require) GNSO policy development, that 
is not the subject of this Rec. It is solely that the ICANN go on 
records as saying it is important and conveying that message out to 
the GNSO as well as other parts of the wider ICANN community.


>Recommendation 2 Single Whois Policy
>I agree with your assessment. The Report mentions that there is a 
>current gTLD Policy as set out in the gTLD Registry and Registrar 
>contracts and GNSP Consensus Policies and Procedures. So there is no 
>need for the PDP to be initiated.
>
>Recommendation 3 Outreach
>
>I agree with your assessment that there is no need for a gNSO Policy 
>development. Whilst there may not be need for a gNSO Policy for 
>Outreach the Report does identify the need to move beyond the 
>confines of the ICANN community to involve them. Although I read the 
>report, I did not read the Appendix and note that in terms of 
>studies done on consumers from 8-10 countries, it was unclear from 
>the report which countries were selected and it would have been good 
>to have it footnoted like the rest of the other stuff. Consumer 
>groups like Consumer International etc. I found it interesting given 
>the wake of the Ottawa Principles by the OECD countries on taxation 
>that they did not make submissions given that they have a stake in 
>it as well.  It is possible that they made submissions and I missed it.
>
>Recommendation 4 Compliance
>
>I agree with your assessment that there is no need for a GNSO Policy 
>to be initiated. My view is that there only needs to be self 
>regulatory measures put in place by Registrars and I commend the 
>CINC for reporting 97% accuracy levels. My view is that there needs 
>to be gold stars
>[]
>[]
> handed out by ICANN to Registrars and Resellers who comply. This 
> can be published and verified independently on the ICANN 
> website.There can also be incentives such as if you don't meet 
> acceptable compliance levels and don't have clear plans that meet 
> ICANN's satisfaction, please don't bother applying for a gTLD. I 
> would also hasten to endorse the findings within the Report to 
> review and improve all relevant compliance tools and create new 
> ones where necessary before the gTLDs are assigned and become 
> operational. Who knows maybe this lag time of waiting can be put to good use.
>
>Recommendation 5 Data Accuracy [Communicate Need]
>The outcomes of the Studies currently being undertaken by the GNSO 
>coupled with the NORC Study will definitely form the empirical basis 
>necessary for further policy development in this area both by the 
>GNSO and also by ICANN. Data Accuracy is critical in order to 
>navigate through the Internet with ease. To a large extent, this is 
>self regulatory and with countries all around the world creating 
>Strategies to secure their Cyber Environment, it is only a matter of 
>time before it is legislated. To avoid external regulations forcing 
>data accuracy it is much more easier and productive to ensure that 
>there is data accuracy. It is of great concern that the NORC Report 
>shows a 23% no failure rate and 20% full failure and I wonder about 
>the 57%. I think Data Accuracy is all our responsibility and not 
>just Registrars but a collective corporate responsibility issue. I 
>agree with the suggestion by the Business Community (see page 85 of 
>the Report) that the RAA should be amended to make it mandatory for 
>contracted parties to verify WHOIS information when registration 
>occurs and when domain names are renewed. I would add though that is 
>and when there are planned transitions where there are cut off dates 
>for renewing and updating their information that this can also be 
>worded into the RAA to enable Registrars to have sufficient room to 
>issue notices of that nature. For this to work, it will require a 
>Policy and yes either from the GNSO or ICANN so that this can be 
>referred to in the contractual arrangements.
>
>Recommendation 6 Data Accuracy:
>I would say that there is a need for the GNSO to create a PDP to 
>ensure that there is Data Accuracy. To a large extent compliance in 
>relation to data accuracy has been self regulatory and dependent on 
>the Registrars. Were this to be taken away and (best case scenario: 
>ICANN Compliance; worst case scenario: legislated) it would mean 
>transition to increasing accuracy, voluntary or otherwise would be 
>enforced. It follows that as per the recommendation in report (see 
>page 87 para 11], "ICANN should take appropriate measures to reduce 
>the number of WHOIS registrations that fall into the accuracy groups 
>Substantial Failure and Full Failure (as defined by the NORC Data 
>Accuracy Study, 2009/10) by 50% within 12 months and by 50% again 
>over the following 12 months", it is far more beneficial and useful 
>to manage this process internally.

The registrars and registries have taken the position "that the 
recommendation to undertake "appropriate measures" to reduce the 
number of WHOIS registrations that fall into these accuracy groups 
may require a PDP depending on what these measures are."

I would not advocate taking a stronger position that a PDP is 
definitely needed.


>Recommendation 7 Measure and Report Whois Accuracy
>My comments remain the same as for Recommendation 6

The RySG and RrSG are apparently so far not worried about this one.


>Recommendation 8 Ensure that Compliance has tools to enforce Whois
>
>There was a comment made by the Commercial Stakeholders Group in 
>Singapore where they raised and in my view correctly the fact that 
>private regulations are based on the ability to self regulate and 
>enforce contractual obligations. There has been much debate and 
>discussion in relation to strengthening the Compliance Team and 
>giving them tools. My personal view is that all you need is a MS 
>Excel spreadsheet, a phone, a clear tangible strategy for various 
>regions in the world and they have more than enough tools necessary 
>to get the job done. In simple speak, if they can't enforce 
>compliance change the team. It is not an extraordinarily complex 
>thing to enforce contracts. I am also not sure whether you need a 
>policy for this. Do we need a policy to show us how to clean our 
>kitchen? Incremental sanctions that are mentioned in page 68 of the 
>Report are relevant. [Please excuse the sarcasm, it's the lack of 
>sleep talking] Yes whilst I agree that the stick approach which is 
>de-registration and de-accreditation, I personally feel that even 
>without these additional revisions and provisions expressly woven 
>into the contract by virtue of ICANN issuing a Notice to all 
>Registrars to update their records is the equivalent of a legal 
>notice as "someone" who is assigning names and numbers.
>
>Recommendation 9 Data Accuracy: Track Impact of Whois Data Reminder 
>Policy and Possible Replacement
>
>The Report clearly outlines the fact that the Whois Data Reminder 
>Policy so without a doubt there is need to review and revise the 
>Policy. I would say, yes GNSO much initiate discussions. To save 
>time there may be things within the Reminder Policy that do not need 
>to be debated again although there is always the exception. There 
>are many models of doing things and Registrars can select what works 
>for them and it would help to at least outline a few generic ones. 
>At the moment, I can deduce that the focus has been based on the 
>actual "data" and if one methodology does'nt work, there should be 
>enough innovation to suggest alternative methods that can be either 
>customer centric or otherwise.

The current WDRP is a Consensus Policy and as such must be adhered to 
by registrars. The report suggest that we first try to develop 
metrics to gauge's its effectiveness. If that is not possible, or 
implicitly if the metrics say it is not effective, a new policy 
shouldbe developed.


>Recommendation 10 Data Access, Privacy and Proxy Services
>
>There is much discussion and debate around the area and I would that 
>a Draft Policy should be created by the GNSO modelled around the 
>findings Council of European National TLD Registries as a starting 
>point for policy discussion.
>
>Recommendation 11 Internic
>I think that this should be factored into the Strategy for 
>Transition. I am not sure whose responsibility this is whether this 
>is ICANN's or the GNSO or the entire community.

It is purely an internal ICANN issue,of course with whatever input 
they solicit or is contributed.

Alan


>Recommendations 12-14 IDNs
>
>It would be good to get some feedback on current work being done 
>within the IETF on whether the Whois Protocol has been revised or 
>modified. I have noted the comments that the Whois Protocol has no 
>support for non-ASCII characters (see page 91) and also note the 
>Review Team's comments that the failure to maintain registration 
>data is not attributed to the failure of IDNs but just management of 
>registration data.
>
>Recommendation 15 Detailed and Comprehensive Plan
>
>I gather that ICANN has yet to produce this Detailed and 
>Comprehensive Plan. I do not think that PDP is needed. However, I 
>could be wrong. I would suggest that in the event that ICANN has yet 
>to draft one, why don't we initiate drafting this plan and handing 
>it to the community. Should'nt take more than a week to produce a 
>first draft. All the materials and resources needed are available already.
>
>Recommendation 16 Annual Report
>The recommendation within the report is too ambigious and perhaps it 
>was meant to be that way so that it is broad and you can include 
>anything you like. The downside is that if you don't spell out what 
>you want precisely, you can also get nothing. So there's a question 
>of balance.
>
>On Mon, Sep 3, 2012 at 1:24 PM, Alan Greenberg 
><<mailto:alan.greenberg at mcgill.ca>alan.greenberg at mcgill.ca> wrote:
>You will recall that at its last meeting, the ALAC unanimously 
>approved a statement to the Board reiterating its position that all 
>16 recommendations be implemented, and stressed that several were 
>very important and clearly did not require any prior GNSO policy 
>development. That ALAC statement can be found at 
><http://tinyurl.com/ALAC-WHOIS-Advice>http://tinyurl.com/ALAC-WHOIS-Advice.
>
>Based on further discussions, and in light of a controversy that has 
>arisen in the GNSO, it was suggested that the ALAC explicitly 
>identify which recommendations do not require any prior policy 
>development, and which might required GNSO policy development.
>
>I had already done a brief review looking at which recommendations 
>might require policy development. I have since revised this and 
>present it to you here.
>
>In summary, of the 16 recommendations, 12 do not require GNSO policy 
>development, 3 *might* require policy development, but that would 
>depend on work carried out over the coming months and years, and 1 
>does require policy development by the GNSO along with the rest of 
>the community, but in my opinion, does not require a formal PDP.
>
>The detailed analysis is attached. The report with the 
>recommendations in detail can be found at 
><http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf>http://www.icann.org/en/about/aoc-review/whois/final-report-11may12-en.pdf.
>
>It is essential that this analysis reach the Board before the Board 
>Workshop scheduled for September 12-13.
>
>I am not sure if Olivier wants to hold a formal vote on this, or for 
>the ALAC to just reach consensus, but regardless, the first step if 
>for anyone who does not agree with this analysis to speak up.
>
>Alan
>
>_______________________________________________
>ALAC mailing list
><mailto:ALAC at atlarge-lists.icann.org>ALAC at atlarge-lists.icann.org
>https://atlarge-lists.icann.org/mailman/listinfo/alac
>
>At-Large Online: <http://www.atlarge.icann.org>http://www.atlarge.icann.org
>ALAC Working Wiki: 
><https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)>https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
>
>
>
>
>--
>Salanieta Tamanikaiwaimaro aka Sala
>P.O. Box 17862
>Suva
>Fiji
>
>Twitter: @SalanietaT
>Skype:Salanieta.Tamanikaiwaimaro
>Fiji Cell: +679 998 2851
>
>
>
>
>Content-Type: image/gif; name="1E3.gif"
>X-Attachment-Id: 1E3 at goomoji.gmail
>Content-ID: <1E3 at goomoji.gmail>
>
>Content-Type: image/gif; name="B68.gif"
>X-Attachment-Id: B68 at goomoji.gmail
>Content-ID: <B68 at goomoji.gmail>
>


More information about the ALAC mailing list