WHOIS Task Forces 1 and 2 minutes

WHOIS Task Forces 1 and 2 Teleconference 5 October, 2004 - Minutes

ATTENDEES:

GNSO Constituency representatives:
gTLD Registries constituency: - Jeff Neuman - Co-Chair
gTLD Registries constituency - David Maher
Commercial and Business Users constituency - David Fares
Registrars constituency - Tom Keller
Intellectual Property Interests Constituency - Steve Metalitz
Intellectual Property Interests Constituency - Niklas Lagergren,
Internet Service and Connectivity Providers constituency: - Antonio Harris
Non Commercial Users Constituency - Marc Schneiders

Liaisons:
At-Large Advisory Committee (ALAC) liaisons - Thomas Roessler


ICANN Staff Manager: Barbara Roseman
GNSO Secretariat: Glen de Saint Géry

Absent:
Registrars constituency - Jordyn Buchanan - Co-Chair - apologies
Registrars constituency - Paul Stahura
Commercial and Business Users constituency - Marilyn Cade, apologies
Internet Service and Connectivity Providers constituency - Maggie Mansourkia
Intellectual Property Interests Constituency - Jeremy Banks
Amadeu Abril l Abril
Non Commercial Users Constituency - Milton Mueller
At-Large Advisory Committee (ALAC) liaisons - Wendy Seltzer

MP3 recording

Jeff Neuman referred to Steve Metalitz's draft procedure for conflicts: step-by-step and encouraged the task force to comment on the list, make revisions and reach a consensus.
Jeff also referred to the work on conspicuous notice proposed by David Maher and encouraged the task force to comment on the list.

Agenda: tiered access
Jeff Neuman suggested the following questions:
Is tiered access feasible?
Who are the experts that could be invited to address the subject?

Steve Metalitz remarked that the common feature was identifying and authenticating Whois data.
In a tiered access system it is necessary to know who the requestor is. Perhaps experts could assist with issues such as reliability and how time consuming it would be.
Tony Harris suggested that people requiring the data should be accredited and that there should be specific qualities that an entity should meet such as, a justification why the full data is required, signing an agreement to ensure that they would only use the data for themselves.
Jeff Neuman commented that task force 1 started discussing the topic and raised such issues as a license to use the data and third party accessing data on behalf of someone else.
Tony Harris mentioned portals where information concerning American companies could only be accessed by American companies. Access to any website should require a password and user name.

Tom Keller and Jeff Neuman both mentioned the new technologies, CRISP and IRIS in identification and that a briefing on the current status would be helpful.
Thomas Roessler commented that it was important to know what one wanted to link to a query, what kind of data elements should be in there. It would be difficult to answer if one did not know what data elements were controlled. Furthermore it depended on the information that was to be protected.
Steve Metalitz suggested:
- that the task force have a briefing on the current status of IRIS
-finding out what the most sensitive piece of data was in the current Whois data elements
- what ought to be required to gain access to this
Tony Harris adding to public key structure, suggested asking companies such as Verisign, Entrust and Baltimore how it could be done.

Jeff Neuman reminded the group that one of the recommendations that came out of the group was that:
- the Requestor needed to identify themselves and provide some sort of justification

In summary:
There were some technologies already there, whether it was PKI, digital certificates or any other that could identify a requestor.
The questions still to be answered were:
- whether the symmetrical approach, that the data provided by the requestor needed to match the data that the requestor was actually seeking to get, should be applied
- whether if there were an accreditation process it should be:
-- a centralized accreditation body or
-- a particular, such as in the case of .name ,
In theory there could be an accreditation process which did not reveal anything about the entity accredited.

Marc Schneiders raised the issue that when an accredited whois user was accessing data , the registrant would be notified that the data is being used.
Jeff Neuman responded that sight had not been lost of the issue, but that would be tackled down the line.
Currently the issues concentrated around feasibility

If there were to be accreditation there could be a short list as to who had access to full data such as a list locating law enforcement, whether ISPs should ask for it, or give associations right of entry.

A view expressed was that it should be feasible for anyone to access data as in the example of the Chilean ccTLD (.cl) which requires an email address and the reason why the data is wanted. It was felt that it was difficult to set up a list of criteria to access data.

In the authentification process there would be information about the person and if there were a problem, the person could be tracked.

Some felt that the reason for accessing the data should not be stated at the beginning of the process but should be stated during the query process.

Assuming there were an accreditation process or verification there would be a need for accountability to be built into the system. If there were abuse, available legal remedies should be sought and there would be information about the abuser. In accountability, the question arises who is going to decide. If it is agreed that notification is necessary, when should that notification be given, before or after.

Next call
Jeff Neuman suggested:
- revising a draft and circulating it to the task force for comments on the list and discussion on the next call
- work on lists of experts
- who could help answer the questions

Comment on two documents that have been circulated:
Conspicuous notice by David Maher
Step by step procedure relating to conflicts with local law by Steve Metalitz

Jeff Neuman thanked everyone for their presence and participation and particularly for the contributions to the mailing list..
The call ended at 12:15 EST, 18:15 CET

Next Call: 19 October 2004
see: GNSO calendar