[APAC-Discuss] ICANN proposed EWG - APRALO views?
h.raiche at internode.on.net
Mon Jul 29 12:19:36 UTC 2013
Those of you who were in Durban would have heard the presentation Carlton and I did on the Initial report of the Expert Working Group on what is called an Aggregated Registrants Data Service. (ARDS). Essentially, the idea would be to have a repository of Whois data. It is the repository that holds unauthorised data, verifies the data and then provides access to that data - on a 'gated' basis (members of the public have access to limited data, registered users have access to more data that is relevant to the use they will have for that data). The steps are:
•Registrar collects registrant data – gTLD registry. gTLD registries hold authoritative data
•ARDS (or other repository) as non-authoritative repository of all all collected data elements
•Requestors apply for access to data – obtain access to non-authoritative, or special cases, authoritative data
•ARDS repository provides validation of data, handling and auditing access, handling complaints and imposing penalties for inappropriate access
At this stage, the ARDS suggestion is at the concept state. The Expert Working Group is seeking feedback of what people think of the idea - of whether to proceed with development of a more detailed proposal - with feedback due by mid August. (For the full proposal, go to the ICANN site and put EWG report in the search function).
Carlton, EVan, Rinalia and I spent some time after the presentation discussing what we thought of the proposal - in light of two things: the fact that the RAA and related documents have just been passed by the Board and have not been given time to see if they will improve issues like access to Whois, and the accuracy of Whois data while embedding privacy protections.
After that discussion, I made some dot point notes on what I think we were all saying.
Concerns ALAC has had with the RAA, and in particular, Whois Accuracy (reflected in final WHois Report)
- inaccuracy of Whois data
- aligned with it, unenforceable requirements on registrars
- complete failure of compliance
- abuse of privacy/proxy
- lack of accreditation process for privacy/proxy service
Changes to the RAA and accompanying documents
- Applaud many of the changes including
- Stronger obligations on registrars for verification
- Stronger accuracy requirements
- Stronger language for enforcement
- At least a skeleton framework for privacy/proxy services – noting lack of details
Concerns with June changes and related issues
- With compliance – will have an even bigger task – many new gTLDs, new metrics etc so resources already stretched
- Don’t know outcome of audit – and what action will be taken
- Still a requirement for open access for all Whois data – unless is hidden behind a privacy/proxy service – so doesn’t recognise graduated needs to Whois data
- Still some concerns with RAA language
Response to EWG proposal
- RAA changes haven’t been given a chance to work – BUT
- It addresses many issues
- Compliance – right now little if any faith in current department but concerns if moved – power to enforce? Resources to enforce
- Does allow gated access to data
- Would provide mechanism for protection of privacy – recognising the outstanding issues of who can be protected, for what, and who has access
- In general – welcome the concept and welcome that it potentially addresses issues – but are concerns (as above)
So please - Carlton and I would appreciate any feedback on the proposal. Is it worth proceeding with development of the concept?
More information about the APAC-Discuss