[NA-Discuss] WHOIS study group...NA RALO weigh in?

[Brendler, Beau]

Danny Younger, Wendy Seltzer and I are in a WHOIS study group with a
really tight time frame, like three weeks, before it has to report back
to the GNSO council on whether further study of WHOIS is needed, along
with other issues. 

I think opinions differ among the three of us in the group, which has
about a dozen members. Opinions aside, I wanted to see if the NA RALO
would like to convey either as a group or as individuals their opinions
on the issues presented to the WHOIS working group. 

This morning, it seemed as though there was consensus that yes, more
study (provided it's circumscribed and directed at yielding some sort of
action on the issue) is required. Wendy took an opposing view, which I'm
sure she would be glad to share with you. WebWatch's view is that more
study is needed, and in fact we are studying the issue ourselves. We are
about to put a survey into the field that will be statistically
representative of New York State only (because it is being funded by the
NY State Attorney General's office). The survey is about online fraud in
general, but of the 30 questions, I have put in some related to ICANN
and WHOIS, for instance, have you ever registered a domain name, have
you ever heard of the WHOIS database, have you ever used it to help you
make a decision about whether to use a Web site's services or not, was
it useful, etc.

Below is our (WebWatch's) response, then below that are the action steps
for the study group, if you want to use that as a template.

Beau Brendler

-----Original Message-----
From: Brendler, Beau 
Sent: Tuesday, April 15, 2008 1:57 PM
To: 'GNSO.SECRETARIAT at GNSO.ICANN.ORG'; gnso-whois-study at icann.org
Subject: Whois study group -- category rankings

>From Beau Brendler and Consumer Reports WebWatch

We believe all seven categories are worth further study. Here's how we
think they should be ranked in order of priority:

1. (5) Impact of WHOIS data protection on crime and abuse.
2. (7) WHOIS data accuracy.
3. (1) WHOIS misuse.
4. (4) Demand and motivation for use of privacy services.
5. (2) Compliance with data protection laws/registrar accreditation
agreements.
6. Proxy registrar compliance with law enforcement/dispute resolution
requests.
7. (3) Availability of privacy services.

WebWatch's perspective on WHOIS could be almost characterized as similar
to that of law enforcement or the FTC. Oversimply stated, we are
interested in seeing a compromise that would allow a consumer to use
accurate WHOIS data to help determine the credibility of a Web site with
which the consumer is about to do business, while not compromising, say,
the right of Burmese citizens to create Web sites to describe the
conditions within their country without fear of being tracked down and
harmed by their government via WHOIS data.

I will also ask the ALAC to weigh in and report back offline with any
additional information. The north American region seems to have the
strongest feelings on this issue.

Beau Brendler

____________________________________________________
From: owner-gnso-whois-study at icann.org
[mailto:owner-gnso-whois-study at icann.org] On Behalf Of Liz Gasster
Sent: Tuesday, April 08, 2008 2:56 PM
To: GNSO.SECRETARIAT at GNSO.ICANN.ORG; gnso-whois-study at icann.org
Subject: RE: [gnso-whois-study] WHOIS study group call Tuesday 8 April
2008 at 15:00 UTC]


Thanks to all who could make our short-notice kick-off call on WHOIS
studies.  We will be meeting on Tuesdays at the same time and we have a
short window by which to recommend to the GNSO Council areas for further
study (if any) on WHOIS (currently due to the Council by 24 April). 
Following is a short overview of our call, key deliverables for next
week and next steps.

1. Overview

The group discussed how to proceed.  We first discussed whether studies
should be commissioned at all, and confirmed that one option could be
deciding to recommend to the GNSO Council that no studies of WHOIS be
done.  This view was supported by some participants who are skeptical
that the outcome of any study would change the views of entrenched
parties on WHOIS issues.  We also discussed certain areas that might be
studied further, such as the potential impact on registrars operating in
countries with strict privacy laws if those countries were to begin
enforcing those laws (in the gTLD space).  There was the concern that
new WHOIS-related issues will arise that will require consideration
notwithstanding the current WHOIS "stalemate", such as issues related to
IDNs, greater privacy enforcement by countries, etc..., that may warrant
further study.

I described the format and content of the summary "Report on Public
Suggestions on Further Studies of WHOIS" of Feb. 25, 2008.  Note in
particular that the study suggestions are grouped into seven topic
areas.

1. WHOIS misuse
2. Compliance with data protection laws and registrar accreditation
agreements 3. Availability of privacy services 4. Demand and motivation
for use of privacy services 5. Impact of WHOIS data protection on crime
and abuse 6. Proxy registrar compliance with law enforcement and dispute
resolution requests 7. WHOIS data accuracy

These seven areas can be thought of as topical questions for further
study.  If the consensus of the group is to proceed to identify specific
areas for further study (meaning rather than recommending that studies
not be conducted), the group might find it useful to decide first which
of these groupings address questions you think having data about would
inform the debate (see Key Deliverables below).

There was one question about whether a budget exists to conduct studies.

  I responded that there is no pre-set budget but there is a place
holder in the budget that the policy development group has submitted,
and there is the understanding and expectation that the Council may
request studies that ICANN would engage in.  Also, I noted that there is
a gating process -- the Council has specifically noted in its
resolutions that it would first identify certain studies that it thought
should then be priced out, and then, after those estimates are provided,
make any specific requests with those estimates in mind.  We also note
that costs for various studies could vary significantly based on size,
scope, complexity, etc.

2. Key deliverables

- Everyone will read the summary "Report on Public Suggestions on
Further Studies of WHOIS" - link provided by Glen and below

- Everyone will consider the threshold question of whether WHOIS should
be studied further -- whether any studies of WHOIS would make a
meaningful impact.  We will discuss this further on the next call.

- Everyone will review the suggestions with an eye to whether/or which
proposed studies would rise to your short favorites list -- or those you
think should not be done.  We did not discuss this on the call, but if
the group would like to email these to me ahead of time, say by Friday,
I could total up the results of this initial view for the call.

Again, as I suggested on the call, to approach the question of which of
25 suggestions you might support, you may find it useful to first
consider which of the groupings address questions you think that having
data about would inform the debate. Once you have identified which
questions you want to answer, then you could focus on only those
particular groupings and consider which study approach (or combination
of approaches) will best answer your questions. In some cases we have
indicated that the different study proposals answer slightly different
questions. In some cases we indicate that some of the approaches are
likely to give better data, or that some of the approaches are likely to
be less expensive.  When you think about the fundamental questions asked
by each grouping, you may find it more useful to consider the questions
asked by each grouping as follows:


1.       How big is the WHOIS misuse problem that may need to be solved?

2.       Is there a non-compliance with data protection laws problem 
that needs to be solved?

3.       Are there already market-driven solutions available?

4.       Is there demand for market-driven solutions, and are they being

used for legitimate or illegitimate purposes?

5.       Do WHOIS data protections lead to abuse and misuse?

6.       Are provisions for providing protected WHOIS data to law 
enforcement for investigation of crime and abuse effective?

7.       Is WHOIS data accurate?

- Staff will check on the status of an earlier study on the economics of
the DNS that we understand to have been approved by the ICANN Board but
not completed to-date.

- Recruit ISP representative -- in process

3. Next steps

- Next call Tuesday April 15 (a yucky day in the US, I note)
- See tasks listed in "key deliverables" above.
- Email with any questions.

Also, please feel free to correct or add to my summary.

Thanks, Liz