Milton--thanks for keeping us posted. You're right about the "white list" issue--among other things, we still need to make sure people who are actually allowed access to Whois don't abuse such data, rather than giving them carte blanche over such information. Moreover, the recipients of Whois data should prove why they need the information in the first place.

Sincerely,
Christopher Chiu
Technology Policy Analyst
American Civil Liberties Union

-----Original Message-----
From: Milton Mueller [mailto:[log in to unmask]]
Sent: Thursday, April 08, 2004 1:44 PM
To: [log in to unmask]
Subject: Re: [NCUC-DISCUSS] [dow1tf] Summary of Major Points from the
Last Call


Members:
Here is one of the issues that Whois Task Force 1 is discussing.
Most aspects of TF1 are going well, for example there is a 
recognition that sensitive data elements might need to be
restricted and that those who request sensitive data need
to identify themselves. However, I am concerned about this
suggestion of a "white list:" (Jeff Neuman is chair of the TF 1)

comments welcome --MM

>>> "Neuman, Jeff" <[log in to unmask]> 04/06/04 10:12AM >>>
>7)  Other Ideas
>In addition, if Port 43 were retained, the group discussed the 
>possibility of having a central authority (not a registry or registrar) 
>to approve entities that could use Port 43 (i.e., a "White List" of IP
> addresses).  In this scenario, a White List would be created of 
>Requestors that have proven themselves as "legitimate users" 
>of Whois information (i.e.,  Law Enforcement, Consumer 
>organization, Intellectual Property Organizations, etc.)  This list 
>would be provided to the registries and registrars and only
>those Requestors sending requests through Port 43 would be 
>allowed to access the Whois information.  Questions arose 
>concerning (a) who would operate this White List, (b) what 
>would be the criteria for being on this White List, and (c) whether 
>it was actually feasible to implement.

>Please feel free to comment.