No Such Weblog

I'm at the ICANN meetings in Rome, and it seems like this is a bad place for anonymity, and, for that matter, the end-to-end Internet. Not only do you have to present a photo ID when purchasing a pre-paid GSM card (+39-3394227447) -- access to the wireless network at the meeting is also designed to prevent anonymous access to communications from happening. Standard at ICANN meetings (delivered by organizers even in China and Tunisia) is open Wi-Fi, with routed IP addresses and fully transparent access. In Italy, we're told, that can't be provided because of some obscure law, so we get individual user IDs and passwords for logging into a 10.* network that's hidden behind a NAT box and a couple of more or less transparent proxies that get into peoples' way when, for instance, securely connecting to a home mail server, and inject silly service provider logos while surfing the web.

Security scanning devices photo taken in Vatican yesterday, where airport-like screening is applied to visitors to St. Peter's cathedral; more tourist photos here.

Update, Monday morning: Network connectivity looks much more transparent now.

The non-commercial constituency is visiting the registrars; the meeting is joined by George Papapavlou from the European Commission. Papapavlou tries to explain main legal conocepts that determine European approach to WHOIS. One of the task forces of GNSO has asked GAC some questions. Papapavlou will try to give replies in this meeting. Main starting point for European thinking on WHOIS: "What is the purpose of WHOIS?" Answer this question, then you can answer second question: "What data are we talking about?" In European legal framework, processing of personal data is possible for specific purpose. Once purpose has been defined, you know what data is relevant. Purpose of WHOIS is not really clear. Initial idea: Need contact data on specific domain names in case something gets wrong -- reach technical contact point. If this is purpose of WHOIS, that's good starting point.

It's workshop day in Rome today, and we're through the new registry services session and WHOIS Task Force 1.

The biggest news from the registry services session was a constituency statement submitted by the gTLD registries' constituency. At the TF1 session, there was some interesting discussion about possible approaches for tiered access. It appears like the basic concept of having an anonymous tier and an authenticated tier of access with different data sets displayed in each is gaining some traction.

I'm told that the Rome webcast is now supposed to be up and running. Go to http://media.icann.org/ramgen/encoder/rome.rm to tune in to the realmedia webcast.

WHOIS Task Force #3 is now holding its workshop. Bernard Turcotte is presenting on the verification mechanisms employed by CIRA, the .ca registry. My point in response to that, from the floor, is that by requiring "accurate" or at least plausible contact information bad actors are being driven underground, and that there are then incentives for them to use the contact details of innocent third parties. Similar experience exists elsewhere: In the fields of money laundering, where we have identity theft, and in the spam area, where plausibility filters on readers' inboxes have brought us "joe jobs" in which a third party's e-mail address is being abused. And the crack-down on open e-mail relays has brought us the abuse of home computers hijacked by worms and viruses for sending out spam.

It's not inconsistent with this that .ca is not experiencing identity theft cases, as Turcotte reported in response to a follow-up question by Sarah Deutsch: As long as there are places where bad actors can register domain names without giving "accurate" contact information, it's rational for a bad actor to simply go there, and not bother stealing someone else's contact information.

The non-commercial users' constituency has arranged a session on privacy laws and whois with Giovanni Buttarelli, secretary general of the Italian Data protection authority. The session will take place from 0930 until 1030 in Room Velazquez.

(Note the room change from earlier announcements!)

Paul Twomey is giving his report to the public forum in Rome, and just discussed the memorandum of understanding. He reports that there are statements from the highest levels in the US department of commerce that the US government believes that ICANN's functions should be performed in a multi-stakeholder, private-sector body, and not by the US government, and that the USG would like to see the MoU concluded and the transfer of responsibility take place.

Elliot Noss at the microphone in Rome: Increase in registrar accreditation, but not showing up in marketing data. "Other reasons" for registrar accreditation? Twomey: There are incentives in the market that reward having more accreditation, relating to the batch pool operations around dot-com etc. Cerf: Gaming the system?

Bruce Tonkin's GNSO report at the public forum was a masterpiece both in terms of public speaking and analysis.

Tonkin starts by noting that litigation is moving decision-making to a different forum. It means decision-making mechanisms within ICANN failed. Why did the Roman Empire fail? Watch some movies. Also: Star Wars. Jedi Council eliminated, hope that does not happen here. ... Public input: Too little data, too much speaking. Registrar won best actor and best supporting actor awards at public forum. Don't behave like used car dealers.

WHOIS -- try to collect actual data. No responses. Why not? Manager of public participation. Bring more actors for the awards, or analyze? Policy development and analysis: Less public speaking. More analysis. Need staff support with strong analytical and writing skills. Spend money now and properly resource the analysis and policy development -- or spend money later; spend it in another decision-making process.

Seek return of the Jedi to ICANN. What does that mean? Analysis skills. Too much public speaking skills.

Decisions. Clear criteria. Measurable objectives. There have been decisions, but there are no success metrics. Clearly document basis for decisions, so they can stand up to a separate decision-making process outside of ICANN.

Wait Listing Service. 2001 -- issue first raised. 2002 -- General Counsel, Names Council, Transfers TF analyses, Council resolution on WLS: Don't implement. But no clear set of criteria established. Seeking to get these criteria in the new registry services process.

Appeals.

Implementation: Less public speaking. Not an extended appeal process. Little experience on this in ICANN. Get people in there who actually implement, not policy developers.

Compliance -- worth trying. Not in the used cars sales industry. Review outcomes. Define success metrics. Review. Look at new TLDs: Reviewing now, but no review criteria developed at time of implementation. Resource process from public import through to implementation up front instead of spending on litigation later.

Hope ICANN survives, does not share fate of other empires. Finally, thanks to one of the Jedi: Elizabeth Porteneuve. Extended applause.