From our very own Karl Auerbach
Here's what I sent to ICANN's Task Force 3. My general impression of the TF 3 output was that it was a prettified way of accusing the community of internet users as being cheats and liars and demanding that the costs of trademark enforcement be offloaded from the trademark owners onto the backs of domain name registrants and the DNS registration industry.
(It is amazing how often the trademark industry forgets that the purpose of trademarks is to protect the consumer's right and ability to identify goods and services and to distinguish such goods and services from one another.. The trademark industry forgets that trademarks are intended to benefit the customer, not the seller, and that any benefit to the seller is merely incidental.)
Here's what I sent in:
Thoughts on the TF3 (accuracy) report (WHOIS TASK FORCE 3 - IMPROVE THE
ACCURACY OF DATA COLLECTED FROM GTLD REGISTRANTS PRELIMINARY REPORT)
I find the report to be inadequate and lacking both the factual and logical
foundation to support its conclusions and recommendations.
The report begins by failing to comprehend the meaning of
"accuracy".
Accuracy is not an absolute term. One definition of accuracy is the
absence of incorrect information. In that regard, a blank field on a form
is completely accurate. The task force's report makes it clear that this
is not the definition of accuracy that is being used by the task force. If
the task force wishes its report to itself be able to claim that it is accurate
then the task force must necessarily articulate what it means by accuracy.
I submit that accuracy is measured by context. In the case of business
data the typical metric of accuracy is whether the data exchanged, in all
directions among all parties to the transaction, is whether that data is
sufficient to support the business being transacted.
In the case of domain name registrations, the parties to the transaction are
the registrar and customer (registrant) or his/her agent. There are no
other parties to the transaction. (The report of task force 1 makes it
clear that when examined on the basis of real numbers rather than
chicken-little-like anecdotes that the interests of trademark owners in domain
name transactions are based on events so rare and of such individually miniscule
impact on the internet community as to amount to a factor that can be best
remedied through recourse to traditional legal processes.)
As measured in the context of the registrar-customer transaction the first
metric of accuracy is whether the information conveyed at the time of the
registration is sufficient to support that registration. The second metric
is whether the information conveyed is sufficient to maintain the
relationship. And the final metric is whether the information at the time
of potential renewal is sufficient to support renewal, if the potential for such
renewal was part of the original understanding.
Before going further it is necessary to distinguish the concept of
"accuracy" from that of "precision". It is perfectly
accurate for every domain name registrant in existence to indicate that he
or she lives on planet Earth. But most would not consider that to be
usefully precise.
At the time of the initial registration of a domain name the following
information needs to be conveyed:
Customer-to-Registrar:
Desired domain name
List of name servers
Registrar-to-Customer:
Whether the name requested name has been allocated to
the customer (implying that the name and customer's name server list have been
placed into the appropriate zone file.)
Not all registrations involve money and billing. Nor do all
registrations necessarily impute a desire for renewal - one area of domain name
businesses that have been arbitrarily foreclosed until now by ICANN have been
non-renewable, short term registrations for single-time events, elections,
movies, etc.
If a registration involves the payment of a fee, then the exchange of
information must be adequate to facilitate the payment of that fee. After
that payment, that information is no longer needed to support the registration
process. It is a well known principle of privacy that information should
be retained only if it is relevant to a transaction. Thus a registrar that
is desirous of protecting privacy would be acting quite within reason should it
erase transactional information once that information has ceased to be of value.
Maintenance of the relationship between registrar and customer is largely
driven by the needs of the customer. For that reason there is no
particular reason, in the context of maintenance of the registration information
(i.e. the list of name servers) for the registrar to retain precise, that thus
privacy infringing, information regarding the customer.
Third parties who today bombard the DNS whois databases are not parties to
the maintenance relationship. As task force 1 indicated, such third
parties ought to be required to make a preliminary showing that they have reason
to examine the registration data. The degree of precision of the data
disclosed must, therefore, vary in conformance with the degree of precision of
that showing and of the nature of the purported grievance.
Finally, renewal processing only requires sufficient information to consummate
the renewal transaction at the time of the transaction - there is no need for
such information to be exchanged in advance of renewal or to be retained after
renewal.
Additional data gathering and maintenance burdens the system with additional
costs. Absent a clear showing of illegal activity on the part of the
majority of domain name registrars and customers it would be improper to impose
such costs on all transactions. Yet the task force's report seems to have
elevated the ill-actions of a very, very few into a blanket accusation against
all domain name registrants as a self-bootstrapping argument to encumber the
entire domain registration system with excess costs and an institutional system
of excess information disclosure amounting to a wholesale violation of the
privacy of every member of the community of internet users.
If the demands of such third parties trigger the gathering and maintenance of
data above and beyond the data used for registration, maintenance, and renewal
then those third parties ought to pay the costs of such gathering and maintenance.