Some brief observations about yesterday's WHOIS conference call (for those who find my earlier notes too lengthy ;): The discussions on the call were clearly dominated by IP interests and registrars. Registries were on the call, but silent. Various parts of the USG were represented on the call and participated; other governments or governmental entities didn't even listen in (or didn't announce themselves during the role call).
Registrars seem to have the strongest problems with everything which gives access to large quantities of WHOIS data to arbitrary data users, i.e., bulk access and machine-driven queries to port 43 WHOIS. There seems to be a perception with some that web-based access can be defused by adding some kind of a Turing test to it, to make sure that only humans use it. (See GoDaddy's web-based WHOIS for an example.) Interestingly, compliance concerns were only mentioned by Netsol's Brian Cute who pointed to the EU commission's note to the WHOIS Task Force.
IP finds the current contractual environment adequate, but wants stronger enforcement; opposition against any changes to the RAA's bulk access regime came from both INTA's Mike Heltzer and Markmonitor's Margie Milam. IP perceives itself to be close to governmental law enforcement agencies, and would like similar or equal access. This perception was met with some disagreement by others; the disagreement would probably have been even stronger had there been stronger European participation.
Privacy concerns were raised by Barbara Simons, Karl Auerbach, Ruchika Agrawal (EPIC) and Rob Courtney (CDT). Auerbach talked about purpose of data disclosure from data subject's point of view: Just to register a domain name. Simons, Agrawal pointed to OECD privacy principles (FTC's Maneesha Mithal pointed to OECD principles on consumer protection in response); Courtney talked about tiered access which would give casual users appropriate data, and would make more available to IP and law enforcement.
Besides some creative suggestions on how to design WHOIS systems which are hard to use for machines (but still usable for humans), the call was quite helpful in understanding the different positions.
In order to make the next conference call and the Montreal discussions even more productive, it would be extremely helpful if both IP and privacy advocates involved would move away from just stating general principles (be it "access to everything" or "OECD privacy guidelines"), and would turn to articulating more detailed requirements and concerns which might actually be useful in designing a future WHOIS policy which does attack today's problems.
