Hi Shane, These are very good points. Within the working group, we're still deciding on the best path forward, and what I (and others in the NCSG) are advocating for is to first decide if there is even a basis for collecting registration data. I tend to think there is not, and the only reason WHOIS exists at the moment is because of historical accidents left uncorrected because of endless contention. At the moment WHOIS records are publicly accessible — there's no gated access, let alone records kept on how frequently a particular record is viewed (though I understand some registrars do voluntarily collect this information). If we do decide that personally identifiable data must be collected, even if access is restricted to law enforcement or similar parties, I would hope we could have some transparency around who is accessing data, for what purposes, and which records. There are a few requirements flagged at the moment in the list to do with knowing the purpose of why a record is queried, but I agree with you that we should be asking for stronger audits and the timely publication of transparency reports. I write this, of course, on the proviso that there even is a need to collect personally identifiable information in the first place — which I do not think is a given, and do not think should be happening. So yes. I think this is something that Farell should be taking back to the working group as of concern to one of our members :-) Best wishes, Ayden
On Wed, Jun 15, 2016 12:56 PM, Shane Kerr [log in to unmask]
wrote:
Ayden Férdeline |