Received: from mailbox.syr.edu [128.230.18.5] by gwia201.syr.edu; Thu, 18 Sep 2003 07:34:27 -0400 Received: from greenriver.icann.org (greenriver.icann.org [192.0.35.121]) by mailbox.syr.edu (8.12.9/8.12.9) with ESMTP id h8IBYJcJ026668 for <[log in to unmask]>; Thu, 18 Sep 2003 07:34:20 -0400 (EDT) Received: (from majordomo@localhost) by greenriver.icann.org (8.11.6/8.11.6) id h8IBX8k20280; Thu, 18 Sep 2003 04:33:08 -0700 Received: from pechora.icann.org (pechora.icann.org [192.0.34.35]) by greenriver.icann.org (8.11.6/8.11.6) with ESMTP id h8IBX8b20277 for <[log in to unmask]>; Thu, 18 Sep 2003 04:33:08 -0700 Received: from melbourneit.com.au (mail.melbourneit.com.au [203.31.199.194]) by pechora.icann.org (8.11.6/8.11.6) with ESMTP id h8IBYqW21691 for <[log in to unmask]>; Thu, 18 Sep 2003 04:34:52 -0700 Received: from phoenix.mit (localhost.mit [127.0.0.1]) by melbourneit.com.au (8.11.6/8.9.3) with ESMTP id h8IBX1W28980 for <[log in to unmask]>; Thu, 18 Sep 2003 21:33:02 +1000 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Subject: [whois-sc] Draft terms of reference for task force to prevent data mining for marketing purposes Date: Thu, 18 Sep 2003 21:31:18 +1000 Message-ID: <[log in to unmask]> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Draft terms of reference for task force to prevent data mining for marketing purposes Thread-Index: AcN92GDWpBRVuT02Tw2FI/8QFZVrXQ== From: "Bruce Tonkin" <[log in to unmask]> To: <[log in to unmask]> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by greenriver.icann.org id h8IBX8b20278 Sender: [log in to unmask] Precedence: bulk Title: Restricting bulk access to WHOIS data for marketing purposes Participants: - 1 representative from each constituency - ALAC liaison - GAC liaison - ccNSO liaison - SECSAC liaison - liaisons from other GNSO WHOIS task forces Description of Task Force: ========================== In the recent policy recommendations relating to WHOIS: (see http://www.icann.org/gnso/whois-tf/report-19feb03.htm) it was decided that the use of bulk access WHOIS data for marketing should not be permitted. Bulk access need not be the entire database (millions of records) of contact information but could also be considered to be hundreds of WHOIS data records. The current registry and registrar contracts provide for third parties to obtain access to bulk WHOIS information via an agreement that limits the use of the information for marketing purposes (the number of these agreements in existance is probably less than 10 for each large registrar). However most collections of bulk WHOIS data are currently obtained by a combination of using free zonefile access (via signing a registry zonefile access agreement - the number of these in existance approaches 1000 per major registry) to obtain a list of domains, and then using anonymous (public) access to either port-43 or interactive web pages to retrieve large (great than 100 records) volumes of contact information. Once the information is initially obtained it can be kept up-to-date by detecting changes in the zonefile, and only retrieving information related to the changed records. This process is often described as "data mining". The net effect is that bulk access to WHOIS data is easily available for marketing purposes, and is generally anonymous (the holders of this information are unknown). The purpose of this task force is to determine what contractual changes (if any) are required to allow registrars to protect domain name holder data from data mining for the purposes of marketing. In-scope ======== The purpose of this section to clarify the issues should be considered in proposing any policy changes. The task force must ensure that groups such as law enforcement, intellectual property, internet service providers, and consumers can continue to retrieve information necessary to perform their functions. In some cases this may require the provision of searching facilities (e.g that can return more than one record in response to a query) as well as look-up facilities (that only provide one record in response to a query). The task force must ensure that any access restrictions do not restrict the competitive provision of services using WHOIS information (for example ensure that intellectual property protection can be provided competitively), nor restrict the transfer of domain name records between registrars. Out-of-scope ============ To ensure that the task force remains narrowly focussed to ensure that its goal is reasonably achievable and withina reasonable time frame, it is necessary to be clear on what is not in scope for the task force. The task force should not aim to specify a technical solution. This is the role of registries and registrars in a competitive market, and the role of technical standardisation bodies such as the IETF. Note the IETF presently has a working group called CRISP to develop an improved protocol that should be capable of implementing the policy outcomes of this task force. The task force should not review the current bulk access agreement provisions. These were the subject of a recent update in policy in March 2003. The task force should not study the amount of data available for public (anonymous) access for single queries. Any changes to the data collected or made available will be the subject of a separate policy development process. Tasks/Milestones ================ - collect requirements from non-marketing users of contact information (this could be extracted from the Montreal workshop and also by GNSO constituencies, and should also include accessibility requirements (e.g based on W3C standards) [milestone 1 date] - review general approaches to prevent automated electronic data mining and ensure that the requirements for access are met (including accessibility requirements for those that may for example be visually impaired) [milestone 2 date] - determine whether any changes are required in the contracts to allow the approaches to be used above (for example the contracts require the use of the port-43 WHOIS protocol and this may not support approaches to prevent data mining) [milestone 3 date] Each milestone should be subject to development internally by the task force, along with a public comment process to ensure that as much input as possible is taken into account.