No Such Weblog

We’re two almost three hours into the GNSO Council session now. After long debate, the GNSO Council has adopted moderately updated versions of the Terms of Reference that the WHOIS Steering Committee had generated, and has also agreed to kick off all three Task Forces at this time.Ultimately, all council members except the ISPCP representatives voted in favor.

I was on the data element review panel of today’s WHOIS Workshop. Unfortunately, that panel was chartered to look at things from a data user point of view only, without space for the data subject perspective.The brief summary is that the usual statements were made.The slightly longer summary: Bruce Tonkin reported about the current data element situation. Jane Mutimear gave the IP perspective, recycling some slides from the Montreal workshop. Marilyn Cade told a story about an abuse case. David Maher noted that registries don’t need personal WHOIS information. I complained a bit about the lack of registrant perspective, pointed to the ALAC’s new WHOIS statement, and noted that individual Internet users really don’t have essential WHOIS uses, and that existing uses can easily be covered by some kind of person directory where information is entered voluntarily. Tom Keller noted that registrar mostly need WHOIS for transfers. Brian Cute confirmed that, and gave some customer quotes on WHOIS privacy.The NCUC’s Kathy Kleiman made the case for registrant privacy, and suggested that a technical contact should essentially be the only thing published in the WHOIS; this technical contact could then be someone at an ISP, not the individual itself.

A large group of NGOs, lead by EPIC, has sent a letter to ICANN that emphasizes the need for moving forward on WHOIS privacy.The letter suggests a number of useful and important principles for dealing with WHOIS. The most critical one: The purposes for which domain name holders’ personal data may be collected and published in the WHOIS database have to be specified; they should, as a minimum, be legitimate and compatible to the original purpose for which this database was created; and this original purpose cannot be extended to other purposes simply because they are considered desirable by some users of the WHOIS database.It’s somewhat unfortunate that the authors of this letter have given in to the very temptation they warn about: In the next bullet point, they suggest that combatting spam should be the most relevant purpose for collecting WHOIS data.

John Klensin points out that whois data in strange languages may quite well kill port 43 whois, and notes that that protocol has outlived its useful life. Some panel discussion about what languages should be where, and about experience in China.

Barbara Roseman joins the meeting. Bruce Tonkin points out Twomey’s broadly-worded core question. Barbara. Have talked to comm. user constituencies; will let GC figure out what’s in scope for ICANN. Will go to outside entity asking about competition/confidentiality aspects; expertise available to GNSO.Should new services or significant changes be reviewed before or after introduction?Contract changes re stabililty/security?Dominant vs. non-dominant registries? Comm. users had asked about differentiation between sponsored/non-sponsored?Who should initiate process? Registry? Notification to ICANN, ICANN initiates? GNSO initiates? External party?Desire to have definition of services provided?Comm. users requested briefing what contracts say today.Discussion ofo time frames? What time scales?Involve other advisory bodies/SOs? Considerations from these overriding?Concern about time frame for this PDP.Time frame concerns?Additional input from registrars?Check or review for determination that something is registry service?Review of anti-trust implications? Roseman: ICANN intends to make experts available.Issues report will be posted CoB Friday, California time.Add. questions: What’s time table when service is not considered as registry service? “Registry service” covered by contract. But for non-registry service change, no contract requirement. Review of stability implications after the fact?Tonkin: Add that issues report is starting point, not end point….Suggestions to Barbara welcome, done by Friday.

Bruce Tonkin: Twomey response to sitefinder — no documented procedure for dealing with new services. Special meeting of council. policy-development process; issues report requested by council. During meeting, Twomey and Jeffreys read letter that clarifies scope. Subtle wording.Not just registry services as defined in contracts — also other services that could have impact on internet stability. Not purely looking at registry services.Other issue towards end of letter: Industry participants might be concerned because of competition issues. In end of Twomey letter, indicated that ICANN should seek external advice from competition authorities.Barbara Roseman in charge of preparing issues report. Questions?Elana Broitman: GNSO to look at definition of service or process? Tonkin: Early discussions with ICANN GC. Want to get away from what a service is, but rather look at impact and effect….Process not about determining good service or not, but about impact on security and stability. GNSO developing process that staff applies on case-by-case basis. Q: Meet 15 January deadline? BT: probably not. But shouldn’t take a year either. Miss 15 january by bit, not much. Q: Look at old requests? BT: Question to board, not to GNSO Council.

Sebastian Bachollet speaks to the registrars’ meeting. Has given presentations to different constituencies. Conducting interviews. 7 new gTLDs. 6 launched, .pro in the middle of the river. Address 12 questions; priority questions set up by NTEPPTF. Evaluation team: Summit Strategies Intl. (Miriam Sapiro); Solucom (?; Michel Briche); Bachollet supervising. Goal: Draft evaluation report at middle January / end January. Draft to TEAC (TLD Evaluation Advisory Committee); final report to TEAC around Rome meeting. Rough overview of questions. For some questions, input from registrars needed since they were between end customers and registry. Would like input about process with different new gTLDs. Difficulties faced? Technologies used by registries? Initial trademark protection? Startup issues? Implementation of registration restrictions? WHOIS and how it was implemented? Competition — how did new gTLD change market, if at all? Effect on scope and competitiveness of domain name market? Effect on existing TLDs and registrants? Service continuity? Legal framework?If anyone wants to be interviewed, please contact Bachollet.Question: Evaluation process further delaying new gTLDs? SB: Question to board, can’t answer that. Dan Halloran points out formal deadline from MoU — September 2004.Bachollet asks that r’ar constituency identify a small, but diverse set of registrars that might serve as interview partners.

ICANN 2.0 is also going to come with a shiny new user interface.Preview here; the new site is being showcased at the Carthage meeting. ICANN’s webmistress is seeking comments.

Vittorio Bertola: Many don’t speak English. Many aren’t even able to deal with latin scripts. Not everything that’s technically allowable should be practically done. Users like it? Correct architecture? Build wildcard in competition-friendly way? Controlled innovation? No. But only by respecting competitive environment. Long-term point. Most unpleasant thing see parts of community fight; fragmentation. IP-addresses hardwired. Protocols agnostic. Collateral damage such as effect on .name worrisome for future of Internet.Nobody else speaks up.

About EPIC. “Where do you want your data to go today?” Impact on privacy tools. Privacy law.Privacy Issues with Wildcard. Data use — Techniques — Laws. E-Mail session. Omniture partnership. Omniture as privacy issue. Looks like doubleclick. No indication to user that data is sent to Omniture; cookie with 5 years lifetime. Information gathered by omniture from wildcard.OECD privacy principles. Try to apply to service as offered by Verisign. Purpose specification principle. Collection limitation principle. Use limitation principle. Openness. Make known to users what is happening to their information. Ability for community to participate in decision-making.Core legal question — is it legal? Interesting question. Maybe it is legal. Consent, lots of notice, learn typing! Maybe it is not legal. Go to classical communications: Have to keep them confidential, either deliver as intended, or return. Essential problem from privacy perspective: Not giving information to person originating communication on where communication ends up.Privacy issues in various categories. Keep in mind while developing policy for wildcard DNS.