[At-Large] [APAC-Discuss] [ALAC] Thick Whois PDP

Salanieta T. Tamanikaiwaimaro salanieta.tamanikaiwaimaro at gmail.com
Thu Sep 20 05:50:11 UTC 2012

Dear Holly,

I hear you and recognise the hard slog and toil that has been done by At
Large. Whilst the Analysis on the recommendations from the Whois Review
Final Report ("Report") has been done, there is still a huge delay in the
implementation of its recommendations.

Alan has advised me that the PDP for the Thick Whois will be after Toronto.
There may be things that the Working Group can start doing now prior to the
initiation of the PDP whether it means consolidation of material etc.

Of critical importance in my view is to gather feedback from the At Large
in terms of:-

   - Whois Misuse
   - Whois Proxy and Privacy Abuse;
   - Whois Registrant Identification;
   - Whois Proxy and Privacy Relay and Reveal

Noting that there are currently Studies being carried out by the GNSO which
the Report had mentioned would conclude in 2012 but we are finding out will
conclude in 2013. No  doubt, this will affect the PDP as we can reasonably
forecast that any PDP will wait for these Reports to come out.

As you can imagine, I would assume that the Studies would be published and
call for comments may be invited that could only potentially serve to delay
the process. To help quicken this process, if the GAC and the ALAC got
their act together and strategically sent "Input" as far as these focal
areas are concerned, it could only serve to expedite the process.

My view is that  we can start building on what we already have (and we have
alot, including the things that Carlton had pointed to), identify and
gather what we don't have and prepare for the PDP. I am of the belief that
whilst alot has been done, there is still alot to be done.

Kind Regards,

P.S I am enclosing my review of the recommendations of the Report as I
received requests offlist to clarify some of the things I had raised.

These are my personal views on the Recommendations within the *Whois Review
Final Report 2010*. I had shared this with the ALAC when we were asked for
feedback and thought it would be appropriate to share this here as well. I
have modified this slightly.

*Recommendation1: To Make Whois a Strategic Priority*

The commissioning of the Review by ICANN is an indication of the strategic
importance and manner in which the Review Team was constituted. However,
ICANN needs to monitor and evaluate the implementation process. As far as
the GNSO is concerned they have following advice from the GAC undertaken to
do four studies[1]<https://mail.google.com/mail/u/0/?ui=2&view=bsp&ver=ohhl4rw8mbn4#139a4561c7e803d8__ftn1>
the Whois Misuse Study; Whois Proxy and Privacy Abuse; Whois Registrant
Identification and Whois Proxy & Privacy Relay and Reveal Study which the
Report says is due for completion in 2012 and cost $530,000.

 I would recommend that issues that At Large has aerated relating to any of
these areas that are currently being studied be consolidated and sent to
those carrying out these Studies. We do not have to wait for the Studies to
be finalized before we realize that they may be missing certain things. I
know that Garth Bruen has for years alongside others such as Beau Brendtler
been consistently through NARALO and At Large been raising these issues
with Compliance.

I note that the website says that some of these Studies will conclude in
2013. On the same token, if the Affirmation of Commitment is followed to
the letter, the next Whois Review is in 2013.

 I can only hypothesize that to the extent that this would affect existing
consensus Policies, then parts of the PDP may apply. However, if the
existing consensus policies namely:-

   - ·       Whois Data Reminder Policy (2003);
   - ·         The Restored Name Accuracy Policy (2004); and
   - ·         Whois Marketing Restriction Policy (2004)

address in principle areas that may require a PDP process then we should be
open to that. I understand that this may be a negligible caveat.

*Recommendation 2 Single Whois Policy*

The Report mentions that there is a current gTLD Policy as set out in the
gTLD Registry and Registrar contracts and GNSP Consensus Policies and
Procedures. So there may be no need for the PDP to be initiated.

*Recommendation 3 Outreach*

There is no need for a gNSO Policy development. Whilst* *there may not be
need for a gNSO Policy for Outreach the Report does identify the need to
move beyond the confines of the ICANN community to involve them. Although I
read the report, I did not read the Appendix and note that in terms of
studies done on consumers from 8-10 countries, it was unclear from the
report which countries were selected and it would have been good to have it
footnoted like the rest of the other stuff. Whilst I note that OECD is an
observer in the GAC, they did not make submissions to the Whois Review
Team. The OECD Ottawa principles on taxation make mention of Whois.

See: OECD Ottawa Principles here:
http://www.oecd.org/tax/taxadministration/20499630.pdf on

Report on page 27 that makes reference to Whois data, here is a snapshot:

*" Revenue authorities are encouraged to work with relevant government *

*regulatory agencies, business associations and other organisations to *

*ensure businesses engaged in  e-commerce provide and maintain *

*complete and accurate information to the Internet registrar with which *

*they register.  *

*Revenue authorities are encouraged to work with relevant government *

*regulatory agencies, business associations and other organisations to *

*ensure that country code Top Level Domain registrars for their *

*geographic jurisdictions abide by internationally recognised registrar *

*requirements in respect to the collection, verification and global *

*availability of WHOIS data for business registrations.  *

*Revenue authorities are encouraged to work with relevant government *

*regulatory agencies, business associations and other organisations to *

*ensure that the Internet Corporation for Assigned Names and *

*Numbers (ICANN) considers on a periodic basis whether regular pre *

*or post verification of WHOIS data by registrars is warranted in *

*certain circumstances.  "*

I assume that the definition of law enforcement covers Revenue Authorities,
if it does not then that is something which should be considered.

*Recommendation 4 Compliance*

There is no need for a GNSO Policy to be initiated. My view is that there
only needs to be self regulatory measures put in place by Registrars and I
commend the CINC for reporting 97% accuracy levels. My view is that there
needs to be gold stars [image: https://mail.google.com/mail/e/B68][image:
https://mail.google.com/mail/e/B68] handed out by ICANN to Registrars and
Resellers who comply. This can be published and verified independently on
the ICANN website. There can also be incentives such as if you don't meet
acceptable compliance levels and don't have clear plans that meet ICANN's
satisfaction, please don't bother applying for a gTLD. I would also hasten
to endorse the findings within the Report to review and improve all
relevant compliance tools and create new ones where necessary before the
gTLDs are assigned and become operational. Who knows maybe this lag time of
waiting can be put to good use.

The recommended revisions made in the WHOIS Review Final Report about
adjustments to the Registrar Accredited Agreements should also be factored
into our discussions.

*Recommendation 5 Data Accuracy [Communicate Need]*

The outcomes of the Studies currently being undertaken by the GNSO coupled
with the NORC Study will definitely form the empirical basis necessary for
further policy development in this area both by the GNSO and also by ICANN.
Data Accuracy is critical in order to navigate through the Internet with
ease. To a large extent, this is self regulatory and with countries all
around the world creating Strategies to secure their Cyber Environment, it
is only a matter of time before it is legislated. To avoid external
regulations forcing data accuracy it is much more easier and productive to
ensure that there is data accuracy. It is of great concern that the NORC
Report shows a 23% no failure rate and 20% full failure and I wonder about
the 57%. I think Data Accuracy is all our responsibility and not just
Registrars but a collective corporate responsibility issue. I agree with
the suggestion by the Business Community (see page 85 of the Report) that
the RAA should be amended to make it mandatory for contracted parties to
verify WHOIS information when registration occurs and when domain names are
renewed. I would add though that is and when there are planned transitions
where there are cut off dates for renewing and updating their information
that this can also be worded into the RAA to enable Registrars to have
sufficient room to issue notices of that nature. For this to work, it will
require a Policy and yes either from the GNSO or ICANN so that this can be
referred to in the contractual arrangements.

*Recommendation 6 Data Accuracy:*

I would say that there is a need for the GNSO to create a PDP to ensure
that there is Data Accuracy. To a large extent compliance in relation to
data accuracy has been self regulatory and dependent on the Registrars.
Were this to be taken away and (best case scenario: ICANN Compliance; worst
case scenario: legislated) it would mean transition to increasing accuracy,
voluntary or otherwise would be enforced. It follows that as per the
recommendation in report (see page 87 para 11], "ICANN should take
appropriate measures to reduce the number of WHOIS registrations that fall
into the accuracy groups Substantial Failure and Full Failure (as defined
by the NORC Data Accuracy Study, 2009/10) by 50% within 12 months and by
50% again over the following 12 months", it is far more beneficial and
useful to manage this process internally.

*Recommendation 7 Measure and Report Whois Accuracy*

My comments remain the same as for Recommendation 6

*Recommendation 8 Ensure that Compliance has tools to enforce Whois*

There was a comment made by the Commercial Stakeholders Group in Singapore
where they raised and in my view correctly the fact that private
regulations are based on the ability to self regulate and enforce
contractual obligations. There has been much debate and discussion in
relation to strengthening the Compliance Team and giving them tools. My
personal view is that all you need is a MS Excel spreadsheet, a phone, a
clear tangible strategy for various regions in the world and they have more
than enough tools necessary to get the job done. In simple speak, if they
can't enforce compliance change the team. It is not an extraordinarily
complex thing to enforce contracts. I am also not sure whether you need a
policy for this. Do we need a policy to show us how to clean our
kitchen? Incremental sanctions that are mentioned in page 68 of the Report
are relevant. [Please excuse the sarcasm, it's the lack of sleep talking]
Yes whilst I agree that the stick approach which is de-registration and
de-accreditation, I personally feel that even without these additional
revisions and provisions expressly woven into the contract by virtue of
ICANN issuing a Notice to all Registrars to update their records is the
equivalent of a legal notice as "someone" who is assigning names and

*Recommendation 9 Data Accuracy: Track Impact of Whois Data Reminder Policy
and Possible Replacement*

The Report clearly outlines the fact that the Whois Data Reminder Policy so
without a doubt there is need to review and revise the Policy. I would say,
yes GNSO much initiate discussions. To save time there may be things within
the Reminder Policy that do not need to be debated again although there is
always the exception. There are many models of doing things and Registrars
can select what works for them and it would help to at least outline a few
generic ones. At the moment, I can deduce that the focus has been based on
the actual "data" and if one methodology does'nt work, there should be
enough innovation to suggest alternative methods that can be either
customer centric or otherwise.

*Recommendation 10 Data Access, Privacy and Proxy Services*

Aside from the legitimate privacy and data protection arguments which were
raised by virtually everyone that participated, there was only one instance
in my view of reading the Whois Final Review where a common sense
sustainable approach could form the baseline of discussions.

 To this end, I had suggested to the ALAC that a Draft Policy should be
created by the GNSO modelled around the findings Council of European
National TLD Registries as a starting point for policy discussion. As I
read the updates of the Negotiations on the RAA. Negotiations and all
negotiations involving the RAA are legitimate but there should not be
unnecessary delay in adopting what are accepted baselines in domestic and
national laws. It is not only a waste of time but “stalling the inevitable”
on one view.

*Recommendation 11 Internic*

I think that this should be factored into the Strategy for Transition. I am
not sure whose responsibility this is whether this is ICANN's or the GNSO
or the entire community.

*Recommendations 12-14 IDNs*

It would be good to get some feedback on current work being done within the
IETF on whether the Whois Protocol has been revised or modified. I have
noted the comments that the Whois Protocol has no support for non-ASCII
characters (see page 91) and also note the Review Team's comments that the
failure to maintain registration data is not attributed to the failure of
IDNs but just management of registration data.

*Recommendation 15 Detailed and Comprehensive Plan*

I gather that ICANN has yet to produce this Detailed and Comprehensive
Plan. I do not think that PDP is needed. However, I could be wrong. I would
suggest that in the event that ICANN has yet to draft one, why don't we
initiate drafting this plan and handing it to the community. Should'nt take
more than a week to produce a first draft. All the materials and resources
needed are available already.

*Recommendation 16 Annual Report*

The recommendation within the report is too ambigious and perhaps it was
meant to be that way so that it is broad and you can include anything you
like. The downside is that if you don't spell out what you want precisely,
you can also get nothing. So there's a question of balance.



On Thu, Sep 20, 2012 at 5:16 PM, Holly Raiche <h.raiche at internode.on.net>wrote:

> Hi Everyone
> If we have anything to say, it should deep disappointment and deep
> frustration at the delay in the GNSO doing anything on this issue.  Carlton
> has referred to the ALAC statement on the think Whois.  We also commented
> on the .com and .net contracts - decrying the fact that they did not
> require a think Whois, even through all new gTLDs require it. We have also
> urged (and continue to urge) implementation of the Final Final Whois report
> (we replied to the Board with a list of recommendations that should be
> implemented ASAP). Yes, there are outstanding pieces to the Whois issue.
>  But if you read the motion - it is a litany of calls for action, and
> delays by GNSO.  Isn't it time to say enough is enough.  No more analysis,
> no more comment.  We have done that. Maybe something planted under every
> seat of every GNSO member so that something happens.
> Holly
> On 20/09/2012, at 9:19 AM, Salanieta T. Tamanikaiwaimaro wrote:
> > Dear All,
> >
> > For consideration of the working group:
> >
> > Given the GNSO Council Motion which I have copied below where it was
> > resolved that the Thick Whois PDP would be delayed following the first
> > Council meeting after 30 November 2012, I thought I would suggest the
> > following:-
> >
> >
> >   - Preparing and Receiving Community Input;
> >   - Analysis of Recommendations made by the Whois Review Final Report;
> >   - Channelling issues raised within the At Large on Thick Whois into the
> >   Wiki space;
> >   - Requesting for feedback on current studies carried out by GNSO and
> >   give input into current studies being carried out.
> >
> >
> > *20120412 - 1*
> >
> > Motion to delay the 'thick' Whois Policy Development Process
> >
> > Whereas the GNSO Council requested an Issue Report on 'thick' Whois at
> its
> > meeting on 22 September 2011 (see
> http://gnso.icann.org/resolutions/#201109
> > );
> >
> > Whereas a Preliminary Issue Report on 'thick' Whois was prepared by staff
> > and posted on 21 November 2011 for public comment (see
> > http://www.icann.org/en/announcements/announcement-2-21nov11-en.htm);
> >
> > Whereas a Final Issue Report on 'thick' Whois was published on 2 February
> > 2012 (see
> >
> http://gnso.icann.org/issues/whois/final-report-thick-whois-02feb12-en.pdf
> );
> >
> > Whereas the Final Issue Report recommends that the GNSO Council proceed
> > with a Policy Development Process limited to consideration of the issues
> > discussed in this report, and the General Counsel of ICANN has indicated
> > the topic is properly within the scope of the ICANN policy process and
> > within the scope of the GNSO;
> >
> > Whereas the GNSO Council initiated a Policy Development Process at its
> > meeting of 14 March 2012 (seehttp://
> gnso.icann.org/resolutions/#20120314-1);
> >
> > Whereas at its wrap up session on 15 March, taking into account the
> current
> > workload of the GNSO community, the GNSO Council voiced support for a
> delay
> > in the start of the PDP until both ICANN staff and GNSO resources are
> > available to deal with this.
> >
> >
> > Resolved, the next step (creating a drafting team to develop a charter)
> of
> > the 'thick' Whois PDP will be delayed until the first GNSO Council
> meeting
> > after 30 November 2012.
> >
> >
> >
> > Thanks and Kind Regards,
> > Sala
> >
> >
> > --
> > Salanieta Tamanikaiwaimaro aka Sala
> > P.O. Box 17862
> > Suva
> > Fiji
> >
> > Twitter: @SalanietaT
> > Skype:Salanieta.Tamanikaiwaimaro
> > Fiji Cell: +679 998 2851
> > _______________________________________________
> > ALAC mailing list
> > ALAC at atlarge-lists.icann.org
> > https://atlarge-lists.icann.org/mailman/listinfo/alac
> >
> > At-Large Online: http://www.atlarge.icann.org
> > ALAC Working Wiki:
> https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
> _______________________________________________
> APAC-Discuss mailing list
> APAC-Discuss at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/apac-discuss
> Homepage for the region: http://www.apralo.org

Salanieta Tamanikaiwaimaro aka Sala
P.O. Box 17862

Twitter: @SalanietaT
Fiji Cell: +679 998 2851

More information about the At-Large mailing list