July 5, 2004

Comments to ICANN's TF3

Here's what I sent to ICANN's Task Force 3.  My general impression of the TF 3 output was that it was a prettified way of accusing the community of internet users as being cheats and liars and demanding that the costs of trademark enforcement be offloaded from the trademark owners onto the backs of domain name registrants and the DNS registration industry.

(It is amazing how often the trademark industry forgets that the purpose of trademarks is to protect the consumer's right and ability to identify goods and services and to distinguish such goods and services from one another..  The trademark industry forgets that trademarks are intended to benefit the customer, not the seller, and that any benefit to the seller is merely incidental.)

Here's what I sent in:

Thoughts on the TF3 (accuracy) report (WHOIS TASK FORCE 3 - IMPROVE THE ACCURACY OF DATA COLLECTED FROM GTLD REGISTRANTS PRELIMINARY REPORT)

I find the report to be inadequate and lacking both the factual and logical foundation to support its conclusions and recommendations.

The report begins by failing to comprehend the meaning of "accuracy".

Accuracy is not an absolute term.  One definition of accuracy is the absence of incorrect information.  In that regard, a blank field on a form is completely accurate.  The task force's report makes it clear that this is not the definition of accuracy that is being used by the task force.  If the task force wishes its report to itself be able to claim that it is accurate then the task force must necessarily articulate what it means by accuracy.

I submit that accuracy is measured by context.  In the case of business data the typical metric of accuracy is whether the data exchanged, in all directions among all parties to the transaction, is whether that data is sufficient to support the business being transacted.

In the case of domain name registrations, the parties to the transaction are the registrar and customer (registrant) or his/her agent.  There are no other parties to the transaction.  (The report of task force 1 makes it clear that when examined on the basis of real numbers rather than chicken-little-like anecdotes that the interests of trademark owners in domain name transactions are based on events so rare and of such individually miniscule impact on the internet community as to amount to a factor that can be best remedied through recourse to traditional legal processes.)

As measured in the context of the registrar-customer transaction the first metric of accuracy is whether the information conveyed at the time of the registration is sufficient to support that registration.  The second metric is whether the information conveyed is sufficient to maintain the relationship.  And the final metric is whether the information at the time of potential renewal is sufficient to support renewal, if the potential for such renewal was part of the original understanding.

Before going further it is necessary to distinguish the concept of "accuracy" from that of "precision".  It is perfectly accurate for every domain name registrant in existence to indicate that  he or she lives on planet Earth.  But most would not consider that to be usefully precise.

At the time of the initial registration of a domain name the following information needs to be conveyed:

  Customer-to-Registrar:
      Desired domain name
      List of name servers

   Registrar-to-Customer:
     Whether the name requested name has been allocated to the customer (implying that the name and customer's name server list have been placed into the appropriate zone file.)

Not all registrations involve money and billing.  Nor do all registrations necessarily impute a desire for renewal - one area of domain name businesses that have been arbitrarily foreclosed until now by ICANN have been non-renewable, short term registrations for single-time events, elections, movies, etc.

If a registration involves the payment of a fee, then the exchange of information must be adequate to facilitate the payment of that fee.  After that payment, that information is no longer needed to support the registration process.  It is a well known principle of privacy that information should be retained only if it is relevant to a transaction.  Thus a registrar that is desirous of protecting privacy would be acting quite within reason should it erase transactional information once that information has ceased to be of value.

Maintenance of the relationship between registrar and customer is largely driven by the needs of the customer.  For that reason there is no particular reason, in the context of maintenance of the registration information (i.e. the list of name servers) for the registrar to retain precise, that thus privacy infringing, information regarding the customer.

Third parties who today bombard the DNS whois databases are not parties to the maintenance relationship.  As task force 1 indicated, such third parties ought to be required to make a preliminary showing that they have reason to examine the registration data.  The degree of precision of the data disclosed must, therefore, vary in conformance with the degree of precision of that showing and of the nature of the purported grievance.

Finally, renewal processing only requires sufficient information to consummate the renewal transaction at the time of the transaction - there is no need for such information to be exchanged in advance of renewal or to be retained after renewal.

Additional data gathering and maintenance burdens the system with additional costs.  Absent a clear showing of illegal activity on the part of the majority of domain name registrars and customers it would be improper to impose such costs on all transactions.  Yet the task force's report seems to have elevated the ill-actions of a very, very few into a blanket accusation against all domain name registrants as a self-bootstrapping argument to encumber the entire domain registration system with excess costs and an institutional system of excess information disclosure amounting to a wholesale violation of the privacy of every member of the community of internet users.

If the demands of such third parties trigger the gathering and maintenance of data above and beyond the data used for registration, maintenance, and renewal then those third parties ought to pay the costs of such gathering and maintenance.

Update: July 6, 2004: ICANN's submission software decided to deep-six my comments.  Fortunately the GNSO folks, who have been unsung wonderworkers several times in the past, noticed.  Hopefull my comments will show up in the official archives.  I am, however, feeling a bit of deja vu: during my entire term as a Director of ICANN ICANN's so-called "webmaster" silently ignored every request to post any of my writings onto the webpages on which ICANN posted the writings of other directors and officers.

Posted by karl at July 5, 2004 3:44 PM