WHOIS Hypotheses
WHOIS study hypotheses noted with comments from orig submitters 21 Aug 2008.doc
GAC to ICANN 080419 WHOIS studies.pdf
WHOIS Study Suggestion Report with GAC 2008 Original Hypotheses - 8 JulyWHOIS Study Suggestions
http://forum.icann.org/lists/whois-comments-2008/
__
Meeting Recap*for Whois Hypotheses Group*26 August 2008
1.Alternative wording received from those who proposed the following studies was reviewed and action taken as indicated:
a.Study 8 – The alternative wording was not accepted but the hypothesis was revised to attempt to better reflect the intent communicated; the rationale will be communicated to Chris Paul.
b.Study 13 – The alternatives were accepted.
c.Study 16 - The proposed edit to hypothesis 2 was accepted; proposed additional hypotheses c and d were not accepted and the rationale will be sent to Claudio.
d.Other?
2.The following changes will be made to the list of notes and hypotheses.
a.A general note will added before the table explaining that study proposers were provided the opportunity to comment including recognition of the difficulty for the GAC to respond in such a short timeframe.
b.Four "pearls of wisdom" were added as notes to the table for studies 1, 14, 21 & 16.
3.It was agreed to add an introduction to the report that would include background information, references and the names of group participants.
4.Action items
a.Liz will prepare draft messages to Claudio and Chris per item 1 above and send them to the list for review by the group NLT 12 noon PDT.
b.Liz will prepare a draft final report and distribute to list for final review by group members today.
c.Liz or Chuck will incorporate any final edits and deliver the report to the Council NLT COB 27 August.
5.Thanks to all for the great TEAM work.
^^
Whois Study Hypotheses WG Final Report**
^^^
ICANN Generic Names Supporting Organisation
WHOIS Study Hypotheses Group Report to the GNSO Council
Prepared by the WHOIS Study Hypothesis Group
26 August 2008
WHOIS Study Hypotheses Group Report to the GNSO Council
1.Overview and background.............................................................3
2.Whois Study Hypotheses Table................................................... 5
"1. Overview and background"
On 26 June 2008, the GNSO Council voted to convene a Whois study hypothesis group.The group was charged with reviewing the study recommendations offered through the previous public comment period and the studies requested by the GAC in its letter of 16 April 2008, and, based on those recommendations and that request, prepare a concise list of hypotheses.The group was asked to deliver a report containing the above with any supporting rationale to the Council. The Council will then decide whether any potential studies should be further considered, and if so, determine cost, feasibility, potential methodology, and estimated time frames for testing.The text of the resolution can be found at:http://gnso.icann.org/resolutions/#200806.
Following is the result of the work of that Whois hypotheses study group.Volunteers for the Whois study hypotheses group are listed in the table below; key participants are marked with an asterisk (*).
Chuck Gomes* | GNSO Council vice chair and chair of group | |
Jordi Iparraguirre | gTLD Registry C |
|
Ken Stubbs | gTLD Registry C |
|
David Maher* | gTLD Registry C |
|
Adam Palmer | PIR | |
Steve Metalitz* | IPC |
|
Lee Eulgen* | IPC |
|
Steve DelBianco* | CBUC |
|
Tony Harris* | ISPC |
|
Tim Ruiz* | Registrar C |
|
Paul Stahura | Registrar C |
|
James Bladel* | Registrar C |
|
Stéphane Van Gelder | Registrar C |
|
Eric Brunner-Williams* | Registrar C |
|
Olga Cavalli* | NomCom appointee to GNSO Council | |
Avri Doria | GNSO chair |
|
Bertrand de la Chapelle | GAC | |
Danny Younger |
|
|
Beau Brendler |
|
|
Wendy Seltzer | ALAC Liaison on the ICANN Board |
|
Alan Greenberg* | ALAC Liaison on the GNSO Council | |
Liz Gasster* | staff |
|
Patrick Jones | staff |
|
Glen de Saint Géry* | GNSO Secretariat |
|
"2. Whois Study Hypotheses Table"
Hypotheses for Whois Studies as developed by the Whois Study Hypotheses WG
Notes regarding the hypotheses:
Note (1): throughout this document the term “registrant" or "registrant data” refers to what is sometimes called the "beneficial user" or customer of a proxy/privacy service. In that regard, note the following from the Registrar Accreditation Agreement (RAA) 3.7.7.3: “Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.”Seehttp://www.icann.org/registrars/ra-agreement-17may01.htm.
Note (2): The Hypotheses Table below is intended to categorize, consolidate, and add relevant detail to the hypotheses originally submitted. In some cases, as with the GAC recommendations, the hypotheses needed to be inferred from the information submitted. As Council considers which of these studies should be pursued, it will be helpful to refer to the original study submissions (posted athttp://forum.icann.org/lists/whois-comments-2008/)These original submissions include statements of how study results could lead to an improvement in WHOIS policy. Many submitters also described the type of survey/study needed, including data elements, data sources, population to be surveyed, and sample size. These original submissions should be used by council and its consultants in designing studies and deciding which are worthwhile to pursue. The GAC suggestions can be found at:http://www.icann.org/correspondence/karlins-to-thrush-16apr08.pdf.
Note (3): Further work regarding some of the proposed studies should include consultation with ICANN contract compliance staff to minimize overlap or duplication with their work.
Note (4): The GAC has suggested that we collect two data sets, as follows:
the amount and source of traffic accessing WHOIS servers and the types and numbers of different groups of users and what those users are using WHOIS data for; and
the types and extent of misuses of WHOIS data and what harm is caused by each type of misuse, including economic, use of WHOIS data in SPAM generation, abuse of personal data, loss of reputation or identity theft, security costs and loss of data.
Note (5): In cases where the original hypothesis offered by a submitter was modified by the group, effort was made to contact the submitter for input and feedback, and to incorporate their views where possible.The Whois study group also provided the GAC with draft hypotheses for the proposals they recommended, but given the abbreviated time frame and the fact that the GAC does not meet on an intercession basis, no substantive response was received by the deadline for this report.
Study | Hypotheses |
Area 1 | WHOIS misuse studies |
1 | Public access to WHOIS data is responsible for a material number of cases of misuse that have caused harm to natural persons whose registrations do not have a commercial purpose.http://forum.icann.org/lists/whois-comments-2008/msg00001.html |
14 | The Whois database is used only to a minor extent to generate spam and other such illegal or undesirable activities.http://forum.icann.org/lists/whois-comments-2008/msg00017.html |
15 | Those using Whois data to facilitate illegal or undesirable activities (such as spam) depend on port 43 access to Whois to obtain Whois data.http://forum.icann.org/lists/whois-comments-2008/msg00018.html |
21 & GAC data set 2 | There are significant abuses caused by public display of Whois. Significant abuses would include use of WHOIS data in spam generation, abuse of personal data, loss of reputation or identity theft, security costs and loss of data (note – definition is from GAC recommendation 2).http://forum.icann.org/lists/whois-comments-2008/msg00026.html |
GAC 3 | There are technical measures available that would effectively curtail misuse of data published on WHOIS databases while preserving legitimate use and open access to the databases. |
Area 2 | Compliance with data protection laws and the Registrar Accreditation Agreement |
16 | Two hypotheses: 1. Registrars do not have a uniform method of disclosing or obtaining consent for collection of data for WHOIS purposes. 2. The methods employed by registrars to disclose and obtain consent have not been adjudicated with regard to their consistency with national law. http://forum.icann.org/lists/whois-comments-2008/msg00019.html |
22 | (a) More restrictive Whois policies than the general ICANN Whois requirements have been adopted by some of the 30 top ccTLDs. |
23 | Some national data protection laws explicitly apply, or have been adjudicated to apply, to information submitted by gTLD registrants and made available via Whois.http://forum.icann.org/lists/whois-comments-2008/msg00025.html |
GAC 12, GAC 13, GAC 14 & GAC 15 | GAC 12 - As reported by gTLD registries or registrars, as reflected in their contractual documents, or as adjudicated in relevant fora, the WHOIS contractual obligations of gTLD registries and registrars are governed by:
|
24 | Some Registrars are not obtaining agreement to terms required under section 3.7.7 of the RAA.http://forum.icann.org/lists/whois-comments-2008/msg00013.html |
Area 3 | Availability of privacy services |
2 | The cost of proxy services precludes some registrants from using them.http://forum.icann.org/lists/whois-comments-2008/msg00002.html |
5 | Whois at present allows resellers and registrars to offer privacy services to differentiate themselves on value.http://forum.icann.org/lists/whois-comments-2008/msg00005.html |
GAC 7 | A growing share of registrants is protecting the privacy of their Whois data by using proxy registrations and/or privacy services. |
GAC 8 | A growing share of registrars and affiliates are offering proxy registration and/or privacy services. |
Area 4 | Demand and motivation for use of privacy services |
17 | The majority of domain names registered by proxy/privacy services are used for abusive and/or illegal purposes.http://forum.icann.org/lists/whois-comments-2008/msg00020.html |
18, 19, GAC 9 & GAC 10 | 18 - The majority of domain names registered by proxy/privacy services are used for commercial purposes and not for use by natural persons.http://forum.icann.org/lists/whois-comments-2008/msg00021.html |
Area 5 | Impact of WHOIS data protection on crime and abuse |
6 | There is a statistically significant correlation between more restrictive ccTLD Whois policies and levels of cybercrime in a domain.http://forum.icann.org/lists/whois-comments-2008/msg00006.html |
GAC 1 | The legitimate use of gTLD WHOIS data is curtailed or prevented by the use of proxy and privacy registration services. |
13 & GAC 11 | 13.http://forum.icann.org/lists/whois-comments-2008/msg00016.htmla) The number of proxy registrations is increasing when compared with the total number of registrations. b) Proxy and private WHOIS records complicate the investigation and disabling of phishing sites, sites that host malware, and other sites perpetrating electronic crime as compared with non-proxy registrations and non-private registrations. c) Domain names registered using proxy or privacy services are disproportionately associated with phishing, malware, and other electronic crime as compared with non-proxy registrations or non-private registrations. |
GAC 2 | Restrictions on some or all of the legitimate uses of WHOIS have a negative economic impact. |
Area 6 | Proxy registrar compliance with law enforcement and dispute resolution requests |
3 | Some registrars are not revealing registrant data that is shielded by proxy services when presented with requests that provide reasonable evidence of actionable harm, as required under RAA 3.7.7.3.http://forum.icann.org/lists/whois-comments-2008/msg00003.html |
Metalitz Comment | a. Some registrars operating proxy/privacy services are not revealing registrant data when requested in a UDRP proceeding. b. A party's use of a proxy/privacy registration service reduces the party’s ability to respond to a UDRP proceeding.http://forum.icann.org/lists/whois-comments-2008/msg00012.html |
20 | a. Some proxy and privacy services do not promptly and reliably relay information requests to and from actual registrants. b. Some proxy and privacy services are failing to adhere to RAA 3.7.7.3 – Suggest that this be consolidated with study suggestion #3.http://forum.icann.org/lists/whois-comments-2008/msg00023.html |
12 | Registrants would be less likely to falsify their Whois data if the sensitive information of private persons can be secured while giving law enforcement access.http://forum.icann.org/lists/whois-comments-2008/msg00015.html |
Area 7 | WHOIS data accuracy |
8 | Some Registrars knowingly tolerate inaccurate or falsified Whois data so as to attract and retain registrations by spammers and other bad actors, and do not face deterrent consequences for doing so. |
11 | The use of non-ASCII character sets in Whois records will detract from data accuracy and readability. |
GAC 4 | A significant number of Registrars do not apply effective methods to detect fraudulent domain name registrations, and do not take adequate corrective measures when fraudulent information is detected. |
GAC 5 | A significant percentage of registrants who are legal entities are providing inaccurate Whois data that implies they are natural persons. Furthermore the percentage of registrants with such inaccuracies will vary significantly depending upon the nation or continent of registration. (These hypotheses could be combined with GAC 6.) |
GAC 6 | A significant percentage of registrants who are operating domains with a commercial purpose are providing inaccurate Whois data that implies they are acting without commercial purposes. Furthermore the percentage of registrants with such inaccuracies will vary significantly depending upon the nation or continent of registration. (These hypotheses could be combined with GAC 5.) |
__
WG Membership
name | affiliation | new volunteer |
Chuck Gomes | GNSO Council vice chair | new volunteer |
Jordi Iparraguirre | gTLD Registry c | |
Ken Stubbs | gTLD Registry c | |
David Maher | gTLD Registry c | |
Adam Palmer | PIR | new volunteer |
Steve Metalitz | IPC | |
Lee Eulgen | IPC | |
Steve DelBianco | CBUC | |
Tony Harris | ISP | |
Tim Ruiz | Registrar C | |
Paul Stahura | Registrar C | |
James Bladel | Registrar C | |
Stéphane Van Gelder | Registrar C | |
Eric Brunner-Williams | Registrar C | |
Norbert Klein | NCUC | |
Robin Gross | NCUC | |
Olga Cavalli | NomCom appointee to Council | new volunteer |
Avri Doria | GNSO chair | |
Bertrand de la Chapelle | GAC | new volunteer |
Danny Younger | ||
Beau Brendler | ||
Wendy Seltzer | ALAC Liaison on the ICANN Board | |
Alan Greenberg | ALAC Liaison on the GNSO Council | new volunteer |
Liz Gasster | staff support | |
Denise Michel | staff | |
Robert Hoggarth | staff | |
Patrick Jones | staff | |
Glen de Saint Géry | GNSO Sec. |