[At-Large] [ALAC-Announce] GNSO Council Request for Input: WHOIS Studies

Nick Ashton-Hart Nick.Ashton-Hart at icann.org
Mon Sep 8 06:50:15 EDT 2008 

You are in danger of having just written the core of the ALAC reply on this
matter ;)

To answer the question of how the ALAC responds to requests like this, I¹ve
attached a document outlining the process today, and a proposal for a
process for Œtomorrow¹ which has been introduced to the ALAC but not debated
much yet.


On 08/09/2008 12:40, "Patrick Vande Walle" <patrick at vande-walle.eu> wrote:

> 
> 
> Being new to the ALAC, I am not sure what the process is to reply to this
> document from the ALAC side or if we want to reply at all.
> Actually, this is the study I would have liked to see years ago, when the
> whois issues were first discussed in ICANN circles.
> 
> Here are some concerns I have. Free to read it, keep it or trash it as you
> see fit.
> 
> Patrick
> 
> Area 1  WHOIS misuse studies
> 
> Altough some registrars prevent automated email harvesting by allowing
> public web-based access to Whois registrant data only after the user
> deciphers a "captcha" image, it has been demonstrated in other contexts
> that captchas are now able to be machine deciphered, making them mostly
> useless against serious attacks.
> 
> While it is commonly mentioned that whois data is used for spamming
> purposes, other cases have been reported like identifying opponents and
> other people persecuted for their opinions.
> 
> Area 2 Compliance with data protection laws and the Registrar Accreditation
> Agreement
> 
> If local laws allow a registrant (natural person) to oppose the publication
> of his/her data in the whois, he/she should still be allowed to register a
> domain name. It should not be a prerequisite to surrender one's privacy to
> "gain the right" to buy a domain name.
> 
> Further analysis is needed regarding the export of registrant data from one
> country to another. It may be the case that a registrar located in country
> X is not allowed by law to export natural persons data to a registry in
> country Y. This matter is further complicated if the registry subcontracts
> the technical backend to an operator with its registered address in country
> Z and its data operations in yet another country.
> 
> Area 5 Impact of WHOIS data protection on crime and abuse
> 
> It is important to define what is "the legitimate use of gTLD WHOIS data"
> and who are those entities, who can invoke it and how. Again, this is often
> dependent on local law.
> 
> Area 6 Proxy registrar compliance with law enforcement and dispute
> resolution requests
> 
> It may be true that some registrars operating proxy/privacy services are
> not revealing registrant data when requested in a UDRP proceeding. These
> registrars may be prevented to do so under local law. UDRP is an arbitral,
> not a legal, process. Different rules may apply, depending on local law.
> 
> Area 7 WHOIS data accuracy and general considerations
> 
> As mentioned in RFC 3912: "The WHOIS protocol has not been
> internationalised.  The WHOIS  protocol has no mechanism for indicating the
> character set in use.[...] This inability to predict or express text
> encoding has  adversely impacted the interoperability (and, therefore,
> usefulness) of the WHOIS protocol."
> 
> RFC 3912 further elaborates that: "The WHOIS protocol has no provisions for
> strong security. WHOIS lacks mechanisms for access control, integrity, and
> confidentiality. Accordingly, WHOIS-based services should only be used for
> information  which is non-sensitive and intended to be accessible to
> everyone. The absence of such security mechanisms means this protocol would
> not normally be acceptable to the IETF at the time of this writing."
> 
> While this is outside the scope of the comments request, ALAC might suggest
> now or later that those who think the whois has some usefulness to actually
> eat their own dogfood and go through the process of redesigning the whole
> whois protocol, rather than (ab)using the security holes in its current
> incarnation to serve their business inerests.
> 
> 
> 
> On Mon, 8 Sep 2008 01:02:15 -0700, Nick Ashton-Hart
> <Nick.Ashton-Hart at icann.org> wrote:
> 
>> > The GNSO Council has requested the ALAC's views on the report recently
>> > prepared by the Whois Study Hypothesis Group.
>> >
>> > The Council has requested that, if possible, comments should be sent by
>> > 16th October 2008, in order for them to be discussed in the Council
> meeting
>> > on that date.
>> >
>> > The Report may be found at:
>> >
> http://gnso.icann.org/issues/whois/whois-study-hypothesis-group-report-to-coun
> cil-26aug08.pdf
> 
> 
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> http://atlarge-lists.icann.org/mailman/listinfo/at-large_atlarge-lists.icann.o
> rg
> 
> At-Large Official Site: http://atlarge.icann.org
> 

-- 
Regards,

Nick Ashton-Hart
Director for At-Large
Internet Corporation for Assigned Names and Numbers (ICANN)
Main Tel: +33 (450) 40 46 88
USA DD: +1 (310) 578-8637
Fax: +41 (22) 594-85-44
Mobile: +41 (79) 595 54-68
email: nick.ashton-hart at icann.org
Win IM: ashtonhart at hotmail.com / AIM/iSight: nashtonhart at mac.com / Skype:
nashtonhart
Online Bio:   https://www.linkedin.com/in/ashtonhart 

-------------- next part --------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: AL-ALAC-MT-32-6-1 Policy Advice Development Process Outline -	EN.doc
Type: application/msword
Size: 165888 bytes
Desc: not available
Url : http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.org/attachments/20080908/81ed9058/attachment-0001.doc 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: not available
Url : http://atlarge-lists.icann.org/pipermail/at-large_atlarge-lists.icann.org/attachments/20080908/81ed9058/attachment-0001.p7s

More information about the At-Large mailing list