Hello, this is just a first draft. The key element of my approach to all the Whois Task Forces is that we insist on getting ICANN to define the purpose of the Whois database. This means that TF2 is primary, and must be completed first, and the others are secondary. ========= Proposed NCUC statement on Whois Task force 1 Whois Task Force 1 (TF1) deals with the relatively narrow issue of restricting marketing users' access to Whois data through means other than bulk access under license. This Task Force is mainly of interest to registrars and registries, whose facilities and customer lists are exploited by automated processes. Users of course have some interest in protecting access to their contact data, but this interest extends well beyond the narrow remit of TF1. NCUC notes, however, that the results of Whois TF1 may have implications for the other task forces. Our approach to TF1 takes this into account, and will be guided by the following principles: First, NCUC thinks it imperative that ICANN recognize the well- established data protection principle that the purpose of data and data collection processes must be well-defined before policies regarding its use and access can be established. Therefore we believe that TF1 should await the outcome of Whois Task Force 2 (TF2), which will determine what data elements belong in Whois. That determination of TF2 must be based on a definition of the purpose of the Whois database. In other words, we cannot know whether or not to restrict port 43 and port 80 access until TF2 has completed its work. Second, NCUC does not believe it is possible to develop technical or policy mechanisms that can restrict port 43 or port 80 access only to a specific type of user; e.g., marketers. Access restrictions imposed by TF1 will inevitably apply to all users and uses. The policies developed by TF1 must keep this in mind. Third, given the limited scope of TF1, we think it important for the task force to refrain from making judgments about the legitimacy of, justifications for, or "need" for any non-marketing uses. It is outside the scope of TF1 to make any such determinations. Accordingly, we will oppose any access restriction policy based on classification of users. Fourth, we note as a principle that the best way to stop abuse of port 43 is to get data that is valuable to spammers out of the public Whois database. Data that is in Whois will be accessible to lots of people; therefore, privacy concerns require getting data out of Whois or reducing access to it for all. This is, of course, a matter for Whois Task force 2, dealing with data elements. Fifth, our participation in TF1 will try to make sure that minor modifications in port 43 (or other) access do not become an excuse for doing nothing else to protect Internet users' privacy.