Home / Blogs

Comments to ICANN's Whois TF3

Karl Auerbach

My general impression of the Task Force 3 (TF3) output was that it was a prettified way of accusing the community of internet users as being cheats and liars and demanding that the costs of trademark enforcement be offloaded from the trademark owners onto the backs of domain name registrants and the DNS registration industry.

(It is amazing how often the trademark industry forgets that the purpose of trademarks is to protect the consumer's right and ability to identify goods and services and to distinguish such goods and services from one another.. The trademark industry forgets that trademarks are intended to benefit the customer, not the seller, and that any benefit to the seller is merely incidental.)

Here's what I sent in:

Thoughts on the TF3 (accuracy) report (WHOIS TASK FORCE 3 - IMPROVE THE ACCURACY OF DATA COLLECTED FROM GTLD REGISTRANTS PRELIMINARY REPORT)

I find the report to be inadequate and lacking both the factual and logical foundation to support its conclusions and recommendations.

The report begins by failing to comprehend the meaning of "accuracy".

Accuracy is not an absolute term. One definition of accuracy is the absence of incorrect information. In that regard, a blank field on a form is completely accurate. The task force's report makes it clear that this is not the definition of accuracy that is being used by the task force. If the task force wishes its report to itself be able to claim that it is accurate then the task force must necessarily articulate what it means by accuracy.

I submit that accuracy is measured by context. In the case of business data the typical metric of accuracy is whether the data exchanged, in all directions among all parties to the transaction, is whether that data is sufficient to support the business being transacted.

In the case of domain name registrations, the parties to the transaction are the registrar and customer (registrant) or his/her agent. There are no other parties to the transaction. (The report of task force 1 makes it clear that when examined on the basis of real numbers rather than chicken-little-like anecdotes that the interests of trademark owners in domain name transactions are based on events so rare and of such individually miniscule impact on the internet community as to amount to a factor that can be best remedied through recourse to traditional legal processes.)

As measured in the context of the registrar-customer transaction the first metric of accuracy is whether the information conveyed at the time of the registration is sufficient to support that registration. The second metric is whether the information conveyed is sufficient to maintain the relationship. And the final metric is whether the information at the time of potential renewal is sufficient to support renewal, if the potential for such renewal was part of the original understanding.

Before going further it is necessary to distinguish the concept of "accuracy" from that of "precision". It is perfectly accurate for every domain name registrant in existence to indicate that he or she lives on planet Earth. But most would not consider that to be usefully precise.

At the time of the initial registration of a domain name the following information needs to be conveyed:

Customer-to-Registrar:
- Desired domain name
- List of name servers

Registrar-to-Customer:
- Whether the name requested name has been allocated to the customer (implying that the name and customer's name server list have been placed into the appropriate zone file.)

Not all registrations involve money and billing. Nor do all registrations necessarily impute a desire for renewal - one area of domain name businesses that have been arbitrarily foreclosed until now by ICANN have been non-renewable, short term registrations for single-time events, elections, movies, etc.

If a registration involves the payment of a fee, then the exchange of information must be adequate to facilitate the payment of that fee. After that payment, that information is no longer needed to support the registration process. It is a well known principle of privacy that information should be retained only if it is relevant to a transaction. Thus a registrar that is desirous of protecting privacy would be acting quite within reason should it erase transactional information once that information has ceased to be of value.

Maintenance of the relationship between registrar and customer is largely driven by the needs of the customer. For that reason there is no particular reason, in the context of maintenance of the registration information (i.e. the list of name servers) for the registrar to retain precise, that thus privacy infringing, information regarding the customer.

Third parties who today bombard the DNS Whois databases are not parties to the maintenance relationship. As task force 1 indicated, such third parties ought to be required to make a preliminary showing that they have reason to examine the registration data. The degree of precision of the data disclosed must, therefore, vary in conformance with the degree of precision of that showing and of the nature of the purported grievance.

Finally, renewal processing only requires sufficient information to consummate the renewal transaction at the time of the transaction - there is no need for such information to be exchanged in advance of renewal or to be retained after renewal.

Additional data gathering and maintenance burdens the system with additional costs. Absent a clear showing of illegal activity on the part of the majority of domain name registrars and customers it would be improper to impose such costs on all transactions. Yet the task force's report seems to have elevated the ill-actions of a very, very few into a blanket accusation against all domain name registrants as a self-bootstrapping argument to encumber the entire domain registration system with excess costs and an institutional system of excess information disclosure amounting to a wholesale violation of the privacy of every member of the community of internet users.

If the demands of such third parties trigger the gathering and maintenance of data above and beyond the data used for registration, maintenance, and renewal then those third parties ought to pay the costs of such gathering and maintenance.

---
This article originally published in the CaveBear Weblog.

By Karl Auerbach, Chief Technical Officer at InterWorking Labs
Follow CircleID on
Related topics: DNS, Domain Names, ICANN, Privacy, New TLDs, Whois
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: Comments to ICANN's Whois TF3 Daniel R. Tobias  –  Jul 15, 2004 9:34 AM PDT

Good comments, but I feel I must remark on one issue mentioned in passing.  I think the idea of registering a separate domain for a temporary event that is useful only in the short term, and not renewing it, is in general a bad idea.  It promotes "link rot" where all links to the site in question stop working, or (in the worst case) end up going to something distasteful like pornography when somebody else grabs the expired domains.  Such temporary-event sites are better off done as logical subdomains of a more permanent domain of the parent organization.

Re: Comments to ICANN's Whois TF3 Alfonso  –  Jul 16, 2004 12:50 AM PDT

I recently was participating at a discussion forum and as is customary there were differences
of opinion. One particular poster took so much umbrage with my viewpoint that he decided to use WHOIS. 

As customary, WHOIS mindlessly honored the fellow's request for private information and dutifully provided my real name, email address, home address, and phone number as if such information were their private property to do with as they wished.

Well, after getting what he was looking for, the disgruntled fellow went ahead and made
available to everyone what I thought was my private information.

But obviously, if it is available to anyone and everyone regardless of the person's motive in acquiring it, then I guess I was wrong. It isn't private information at all and anyone and everyone is entitled to it because--well,
because WHOIS says it is.

Now I am in fear of opening the door to an unknown face or of being attacked at any moment simply because WHOIS thought it its right to treat my name, address, and phone number as if it were public property.

Funny!
I never gave permission to anyone on the net to use my personal information in this way! So how is it that this company can take it upon itself to do so without my expressed permission and regardless of my wishes? Since when did I
lose my personal right to my personal
information?--since I chose to use the
net?

What makes this company totally innocent of any damages either physical or mental that I might suffer due to its irresponsible abuse of my right to privacy?

If indeed this company is not accountable for its irresponsible actions, and if I or any other family member gets murdered, maimed, or otherwise mangled or abused by someone or a group of people with malicious intents, then who is accountable?

Certainly not me since I never gave any permission for my personal info to be arbitrarily made available and then displayed for public view in that fashion.

In short, this is the most obnoxious blatantly irresponsible disregard for a person's dignity that I have ever come across on the Internet.
A real shame. It has caused me to seriously question whether surfing the NET is worth taking this serious risk.

After all, I never would have exposed myself to such danger if I had not gone on the net with the misguided notion that my private information is--well--private and that it would be respected and not distributed by some unauthorized company as if it were in the public domain.

Re: Comments to ICANN's Whois TF3 Daniel R. Tobias  –  Jul 20, 2004 7:07 AM PDT

Regarding Alfonso's comments, I sympathize, but the public availability of WHOIS information is not some new, sinister, imposition of the evil net cabal (as some commentators seem to imply), but rather, it's been a feature of the system since antiquity (the early 1980s in this case).  You've never had to expose your home address this way; any valid address will work, so you can use a business address, a PO Box, a maildrop, c/o a friend or relative, etc.

To post comments, please login or create an account.

Related

Topics

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC

Domain Names

Sponsored byVerisign