Versions Compared

Version Old Version 21 New Version Current
Changes made by

Terri Agnew

Aleksey Khapchenko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fix links.

...

Proposed Agenda for RDS PDP WG Call 9 August
1) Roll call/SOI updates
2) Brief status update on problem statement, possible requirements & triage
3) Continue review of example use cases:
    13-Services required by Registry agreement (Maxim Alzoba)
    16-WHOIS misused to shame, anger, or scare a registrant (Ayden Ferdeline)
    12-Trademark Infringement (Mark Svancarek)
    08-Real-World Contact (Fabricio Vayra)
    15-Fraudulent contact information (Susan Kawaguchi)
    18-Business Intelligence (Elaine Pruis)
    All posted here: https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg
4) Plan to complete use case drafting/discussion
5) Confirm Next Meeting - Wednesday 17 August 05.00 UTC

...

3) Continue review of example use cases:

 

13-Services required by Registry agreement (Maxim Alzoba)

  • See use case submitted (linked above, posted at https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg)
  • Questions/comments: have providers same access? Each of 4 types of parties have contracts at hand which describe what they can and cannot do. Not same level of access that public will have. Registry escrow provider has one contract with registry and one with ICANN. Audit company also have contract for this kind of access. Assume that all these parties have NDAs in place and what they can access as well as what to do with the date after the activity has been completed (e.g. audit). Looking at URS and UDRP - where does the complainant fit in? Don't they need access to this type of information to prepare their case? Is that a different use case or does it belong here? Probably registrant should be added as a stakeholder as well. URS and UDRP complainants could use public RDS, similar to third parties as they do not have any contractual obligation with regards to Ry/Rr or ICANN. Does escrow provider have access and look at data or only confirms receipt of data? Key to encrypted files are sent with the data files. Might be three use cases interwined in this use case - escrow, audit and UDRP/URS, including related use cases. Maybe would be worth identifying what data is needed for each of these use cases and whether that information comes from the current WHOIS. Publication of information in relation to UDRP case could also result in disclosure of personal information, even if defendant is not found at fault. Escrow agents are not obligated to confirm that any of the records which appear in the deposit actually exist or that they match what is in the RDS.

...

  • See use case submitted (linked above, posted at https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg)
  • Questions/comments: what does 'repeating to obtain information about the registrant's friends or family'? How does this relate to the registration data? Only be if friends or family would be a domain name registrant and present in RDS. Useful to separate use case and proposed solution. Conclusion could also be that there need to be limitations to how much data is made available and to whom instead of not including any PII. The following study might also be of interest in this context: WHOIS misuse study link http://whois.icann.org/sites/default/files/files/misuse-study-final-13mar14-en.pdf.  For example, looks at which specific data elements are misused. Certain elements may have a higher level impact, for example, spam is caught by spam filters, while phone numbers might have a higher level impact on someone's life. Certain information will need to be available to address a number of issues that come up, such as transfers. Need to distinguish "getting data out easily/freely/without authentication" and "whether the data is in there". Important to balance the different needs that may be competing - that balance will hopefully result in finding solutions.

...

  • See use case submitted (linked above, posted at https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg)
  • Questions/comments: are those data elements of the registrant, admin contact, tech contact, or all of those? Likely collects everything that is available and uses what is appropriate. Not clear whether the ultimate "success rate" in variant 2 is relevant -- the requirement to identify/contact the registrant is the same -- isn't it? Merely to show that success may be limited, just a data point. When doing trademark infringement analysis, need more data than just contactability. Need to go into who it is, how long have they been doing it, where they are. If you are operating in a jurisdiction that has data protection law, information may need to be available as part of disclosure requirements to individual under investigation. Wide variety around the world - in certain cases you may need to contact individuals whose data is being held in others you may not.

...

  • See use case submitted (linked above, posted at https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg)
  • Questions/comments: might be limited use of this use case, but that does not mean it could not be used widely, for example app or web-sites providing consumer info. Might also be of interest to the seller to have this information publicly available - if this is of use to consumers. EV certificates serve the function of ensuring that the person who says they are in control of the name servers are in control. Using this data for this purpose may be misleading. Additional education may be necessary, especially in relation to certifications. WHOIS is used to create reputation metrics (e.g. web of trust, browser-add ins). This also includes correlation searches which may result in downgrading if other registrations with same information where found to be not trustworthy.

...

  • See use case submitted (linked above, posted at https://icann-community.icannatlassian.orgnet/wiki/x/JA6bAw8gCGBg)
  • Questions / comments: not that data was invalid, it is valid, but it belongs to someone else. This is possible because anyone can add anyone's information to date as there is currently no verification that the person entering the information is entitled to enter that information (e.g. related to company they work for or represent).

...