ICANN Meetings in Rome
GNSO Whois Task Force 1 Meeting
Wednesday, 3 March 2004
The following is the un-edited raw output of the real-time captioning taken during the meeting identified above. Although the captioning output is largely accurate, in some cases it is incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
SO AT THIS POINT I WILL HAND OVER TO THE CHAIR OF TASK FORCE 1, WHICH IS JEFF
NEUMAN, TO INTRODUCE THE TOPIC, TERMS OF REFERENCE OF THE TASK FORCE, INTRODUCE
ITS MEMBERS, AND THEN ALLOW PUBLIC COMMENTS ON THIS TOPIC.
THANKS, JEFF.
>>JEFF NEUMAN: THANKS, BRUCE. WHAT I WANT TO DO FIRST IS WE HAVE A NUMBER OF MEMBERS OF TASK FORCE 1 UP HERE ON THE PANEL. WE'RE A LITTLE BIT SPREAD OUT. WE DON'T HAVE AS MANY MEMBERS HERE AS THE COUNCIL. I DON'T KNOW WHY SO MANY CHOSE TO STAY SO FAR AWAY, BUT I WON'T READ ANYTHING INTO THAT.
SO I WANT TO GO AROUND THIS TABLE FIRST AND SO EVERYONE CAN INTRODUCE THEMSELVES,
WHERE THEY'RE FROM, AND WHAT CONSTITUENCY THEY'RE WITH.
FOR THOSE THAT DON'T KNOW ME, MY NAME IS JEFF NEUMAN. I'M WITH NEUSTAR. NEUSTAR
IS THE OPERATOR OF -- IS IN A JOINT VENTURE WITH MELBOURNE I.T. TO OPERATE DOT
BIZ AND IS ALSO THE OPERATOR OF DOT US.
>>DAVID FARES: GOOD MORNING, DAVID FARES FROM THE UNITED STATES COUNCIL FOR INTERNATIONAL BUSINESS AND I'M REPRESENT THE BUSINESS CONSTITUENCY.
>>PAUL STAHURA: MY NAME IS PAUL STAHURA. I'M THE CEO OF ENOM ICANN (INAUDIBLE) OF REGISTRARS AND I'M REPRESENTING THE REGISTRAR CONSTITUENCY.
>>THOMAS ROESSLER: GOOD MORNING, MY NAME IS THOMAS ROESSLER FROM THE AT-LARGE ADVISORY COMMITTEE. I'M HERE AS AN ALTERNATE MEMBER OF TASK FORCE ONE BECAUSE THE PRIMARY MEMBER COULD NOT COME TO THIS MEETING.
>>MILTON MUELLER: I'M MITT TON MUELLER, WITH THE NONCOMMERCIAL USERS CONSTITUENCY.
>>TONY HARRIS: I'M TONY HARRIS AND I WORK FOR ISPCP, THE ARGENTINE INTERNET ASSOCIATION.
>>JEFF NEUMAN: THANK YOU. ONE OF THE THINGS I WANT TO STRESS IS THAT THIS IS MEANT TO BE A WORKSHOP, AND I'LL START BY GIVING AN INITIAL PRESENTATION, AND THEN AFTER, I'M GOING TO THROW OUT QUESTIONS FOR EITHER ANYONE ON THIS PANEL UP HERE OR ANYONE DOWN THERE TO ANSWER. ONE OF THE MOST IMPORTANT FUNCTIONS OF OUR TASK FORCE IS TO COLLECT INFORMATION. WE ARE NOT DOING ANY KIND OF STATISTICALLY SIGNIFICANT SURVEY. WE HAVE PUT OUT A QUESTIONNAIRE AND WE WILL PUT OUT ANOTHER QUESTIONNAIRE. BUT ONE OF THE THINGS THAT WE'RE REALLY SEEKING FROM EVERYONE, NOT JUST THE CONSTITUENCIES BUT ANYONE THAT WE CAN GET INPUT FROM, IS THE ANSWERS TO SOME OF THE QUESTIONS THAT WE POSTED.
SO LET ME START BY GIVING YOU A LITTLE BIT OF BACKGROUND ON OUR PARTICULAR TASK FORCE.
ON FEBRUARY 19TH, 2003, THE COUNCIL -- I'M SORRY, THE BOARD APPROVED OF A RESOLUTION BY THE COUNCIL TO BASICALLY REAFFIRM THE PROPOSITION THAT THE USE OF BULK WHOIS DATA FOR MARKETING PURPOSES SHOULD NOT BE PERMITTED. BULK WHOIS DATA IS GENERALLY THOUGHT OF AS THE DATA WITHIN EACH REGISTRAR THAT IT COULD MAKE AVAILABLE THROUGH ITS CONTRACT TO ANY PARTY THAT IT DESIRES FOR A CERTAIN FIXED FEE.
ONE OF THE ISSUES IS THAT THE RECOMMENDATIONS OF THAT -- THAT NONE OF THE RECOMMENDATIONS AT THAT TIME ADDRESS THE ACTUAL MARKETING USE OF WHOIS INFORMATION ACQUIRED THROUGH OTHER REQUIRED MEANS OF ACCESS. UNDER BOTH THE CONTRACTS FOR THE REGISTRY AND THE REGISTRAR, WE ARE ALL REQUIRED TO PROVIDE ACCESS TO WHOIS INFORMATION THROUGH WEB-BASED ACCESS, BUT ALSO THROUGH SOMETHING KNOWN AS PORT 43 ACCESS. PORT 43 IN SIMPLEST TERMS IS A MECHANISM TO ACCESS THE REGISTRY OR REGISTRAR SYSTEM THROUGH A SPECIFIED PORT NUMBER. AND EACH -- THERE ARE A NUMBER OF DIFFERENT SERVICES THAT USE DIFFERENT PORTS. PORT 43 HAS BEEN ASSIGNED FOR WHOIS INFORMATION.
SO THERE WERE PREVIOUS WORKSHOPS BEFORE OUR TASK FORCE WAS PUT INTO PLACE THAT ADDRESSED A NUMBER OF WHOIS ISSUES. THERE WAS THE MONTREAL WORKSHOP IN 2003 WHERE THERE WAS A SERIES OF SHORT TUTORIAL STYLE PRESENTATIONS THAT DEALT WITH CURRENT WHOIS POLICY AND PRACTICE. THERE WERE A NUMBER OF PANEL DISCUSSIONS THAT -- IN WHICH A NUMBER OF DIFFERENT COMMUNITIES CAME UP TO REPRESENT THEIR DIFFERENT POINTS OF VIEW ON WHOIS. YOU HAD INTELLECTUAL PROPERTY OWNERS, YOU HAD CCTLDS, LAW ENFORCEMENT AND A NUMBER OF OTHER COMMUNITIES THAT CAME TO THESE PRESENTATIONS AND GAVE THEIR VIEWPOINTS.
IN TUNISIA, IN OCTOBER 2003, THERE WAS A SECOND WORKSHOP, AND THE PRIMARY PURPOSE OF THAT WORKSHOP WAS REALLY TO IDENTIFY AND PRIORITIZE WHOIS ISSUES.
OUT OF THOSE TWO WORKSHOPS CAME A SUGGESTION BY THE COUNCIL TO DIVIDE INTO THREE TASK FORCES DIFFERENT ISSUES. ONE OF THE ISSUES THAT GAVE RISE TO THIS TASK FORCE IS THAT A REGISTRY IS REQUIRED TO, UNDER ITS CONTRACT, TO PROVIDE WHAT IS KNOWN AS A ZONE FILE WHICH IS BASIC INFORMATION ABOUT DOMAIN NAME REGISTRATIONS, INCLUDING THE DOMAIN NAME ITSELF, THE REGISTRAR THAT THE DOMAIN NAME IS ASSOCIATED WITH, AND SOME OTHER ELEMENTS INCLUDING A CREATION DATE, EXPIRATION DATE, NAME SERVER INFORMATION.
THIS IS DIFFERENT THAN THE WHOIS WHICH PROVIDES OBVIOUSLY, MORE INFORMATION AS FAR AS CONTACT INFORMATION ON THE REGISTRANT, THE TECHNICAL CONTACT, ADMIN CONTACT, AND IN SOME CASES THE BILLING CONTACT.
WHAT SEVERAL PEOPLE WERE ABLE TO DO, MARKETERS WERE ABLE TO DO AS WELL AS NONMARKETERS, WERE ABLE TO TAKE THE ZONE FILE PROVIDED BY THE REGISTRY, COMBINE THAT WITH SEARCHING ON PORT 43 THROUGH A REGISTRAR OR REGISTRY ALL OF THOSE NAMES. BECAUSE WHEN IT GETS THE ZONE FILE, WHAT THE PERSON GETS IS A LIST OF ALL THE DOMAIN NAMES IN THAT PARTICULAR TLD. THEY COULD USE THAT LIST OF NAMES, SEARCH FOR ALL AND CREATE AUTOMATED SCRIPT TO SEARCH THOSE NAMES WITHIN EACH OF THE REGISTRARS, OR IF IT WAS A THICK REGISTRY WHICH HAS ALL THE INFORMATION IN ONE CENTRALIZED DATABASE IT COULD HAVE AUTOMATED SCRIPTS THAT PULLED ALL THIS INFORMATION. SO ALTHOUGH THERE WAS A CONSENSUS POLICY THAT SAID THAT APPLIED TO BULK ACCESS WHICH IS JUST A STRAIGHT FILE FROM THE REGISTRAR, THERE WAS NO POLICY THAT DEALT WITH MARKETING USES OF WHOIS INFORMATION THAT ARE ACHIEVED OR RECEIVED THROUGH OTHER REQUIRED MEANS.
JUST AS ANOTHER BACKGROUND, THERE'S NO FEE CHARGED BY THE REGISTRY FOR ZONE FILE ACCESS. AND AGAIN, THE MAIN POINT HERE IS THAT THE COMBINATION OF DOWNLOADING A ZONE FILE AND HAVING -- THROUGH AN AUTOMATED SCRIPT, OBTAINING ACCESS TO WHOIS INFORMATION THROUGH PORT 43, YOU COULD GET ALL THE SAME INFORMATION FOR ALL THE SAME PURPOSES AS YOU COULD HAVE THROUGH BULK WHOIS BUT GETTING AROUND THE CONSENSUS POLICY OF NOT USING THE INFORMATION FOR MARKETING PURPOSES.
SO OUT OF THAT ISSUE AROSE OUR TASK FORCE, AND ACCORDING TO THE TERMS OF REFERENCE IS TO DETERMINE WHAT CONTRACTUAL CHANGES IF ANY ARE REQUIRED TO ALLOW REGISTRARS AND REGISTRIES TO PROTECT DOMAIN NAME HOLDER DATA FROM DATA MINING FOR THE PURPOSES OF MARKETING. THE FOCUS OF THIS TASK FORCE IS ON THE TECHNOLOGICAL MEANS THAT MAY BE APPLIED TO ACHIEVE THESE OBJECTIVES AND WHETHER ANY CONTRACTUAL CHANGES ARE NEEDED TO ACCOMMODATE THEM.
THERE WERE SEVERAL MILESTONES THAT WERE SET IN TERMS OF REFERENCE. THE FIRST MILESTONE IS TO ESTABLISH OR TO DETERMINE THE NEEDS AND JUSTIFICATIONS OF THE VARIOUS GROUPS, OF VARIOUS GROUPS THAT NEED THIS WHOIS INFORMATION FOR WHAT'S KNOWN AS NONMARKETING PURPOSES. AND I'M SURE WE COULD GET INTO HOURS' LONG CONVERSATION ABOUT WHAT EXACTLY THAT MEANS, NONMARKETING PURPOSES. BUT THAT'S NOT REALLY, AT THIS POINT, WITHIN THE PURVIEW OF OUR TASK FORCE.
THE SECOND MILESTONE IS TO REVIEW GENERAL APPROACHES TO PREVENT AUTOMATED DATA MINING. AND THE THIRD IS TO DETERMINE WHETHER ANY CHANGES ARE REQUIRED IN THE CONTRACTS TO IMPLEMENT AN APPROACH TO PREVENT AUTOMATED DATA MINING.
ONE THING I WANT TO MAKE VERY CLEAR IS THERE ARE A NUMBER OF THINGS THAT ARE OUT OF SCOPE AND THERE ARE A NUMBER OF ASSUMPTIONS THAT THIS TASK FORCE HAS TO MAKE IN ORDER TO DO ITS WORK. IT'S NOT TO SAY THAT SOME OF THESE SUBJECTS ARE NOT IMPORTANT. IN FACT, MANY OF THEM ARE VERY IMPORTANT, AND IT'S JUST SAY TO SAY OUR TASK FORCE HAD TO MAKE SOME ASSUMPTIONS AND LET OTHER TASK FORCES DEAL WITH MANY OF THE OTHER ISSUES.
SO THE GOAL IS NOT -- OF THIS TASK FORCE IS NOT TO PROVIDE THE TECHNICAL SOLUTION. THAT'S BEING DONE BY STANDARDS BODIES INCLUDING THE IETF AND OTHER STANDARDS BODIES THAT ARE TRYING TO COME UP WITH SOME SORT OF TECHNICAL SOLUTIONS.
AGAIN, OUR TASK FORCE ASSUMES THAT THERE WILL BE A WHOIS DATABASE AND THAT IN SOME FORM, WHOIS INFORMATION WILL BE DISPLAYED TO SOMEONE, WHETHER IT'S THE PUBLIC AT LARGE, WHETHER IT'S INDIVIDUAL GROUPS, WHETHER IT'S TIERED ACCESS. THE BASIC POINT IS THE ASSUMPTION IS THAT THERE WILL BE A WHOIS, AND THAT INFORMATION WILL BE DISPLAYED.
AGAIN, OUR TASK FORCE DOES NOT ADDRESS WHICH FIELDS, DATA FIELDS, SHOULD BE INCLUDED IN WHOIS, WHICH SHOULD BE REQUIRED AND WHICH SHOULD NOT BE REQUIRED.
VERY IMPORTANT QUESTION, ONE THAT OUR TASK FORCE DOES NOT ADDRESS, ONE WHICH
IS ADDRESSED BY, I BELIEVE, TASK FORCE 2.
AND AGAIN, WE DO NOT ADDRESS THE ACCURACY OF DATA IN THE WHOIS DATABASE OR MECHANISMS
FOR VERIFICATION. THAT IS TASK FORCE 3.
SO NOW WHAT HAVE WE LEARNED FROM PAST WORKSHOPS? WELL, I THINK THERE IS DEFINITELY A LOT OF INFORMATION THAT, IN THE LAST SEVERAL YEARS WHILE THIS ISSUE HAS BEEN DEBATED, AS TO WHAT SOME OF THE NEEDS AND JUSTIFICATIONS ARE FOR WHOIS DATA IN GENERAL. FOR EXAMPLE, COMMERCIAL AND BUSINESS USERS HAVE STATED THAT THEY NEED WHOIS DATA TO ASSESS IN CASE OF ANY NETWORK PROBLEMS SO THEY CAN CONTACT THE APPROPRIATE ENTITIES, FOR SPAM PURPOSES, FOR DENIAL OF SERVICE ATTACKS AND VIRUSES, FRAUD PROBLEMS, AND COOPERATION WITH LAW ENFORCEMENT.
IP OWNERS HAVE STATED ON A NUMBER OF OCCASIONS THAT THEY NEED WHOIS INFORMATION FOR CYBERSQUATTERS OR IN CASES OF WHERE THERE'S WEB SITES THAT OFFER COUNTERFEIT OR PIRATED GOODS, THAT THERE'S A NEED TO ACCESS WHOIS INFORMATION.
AGAIN, KIND OF LOOKING OUT INTO THE CROWD AS I'M SAYING THIS, AND I SEE A NUMBER OF FACES SHAKING. THE ROLE OF OUR TASK FORCE IS TO MAKE SOME ASSUMPTIONS AND TO, AGAIN, THAT THERE IS A WHOIS AND THAT DATA WILL BE DISPLAYED. THERE ARE CERTAINLY PLENTY OF FORUMS TO DEBATE WHETHER THESE ARE ACTUALLY LEGITIMATE PURPOSES OR NOT.
LAW ENFORCEMENT AGAIN HAVE STATED THAT THEY NEED WHOIS INFORMATION TO IDENTIFY WHERE A PERPETRATOR IS LOCATED. THEY HAVE ASSERTED IT IS NEEDED FOR CASES WHERE THEY HAVE TO SERVE PROCESS ON AN INDIVIDUAL AND IT MAY BE COMPLETELY UNRELATED TO WHAT'S ON THE WEB SITE. BUT IT TURNS OUT THAT THAT PARTY HAS A WEB SITE AND THEY HAVE INFORMATION THAT'S IN THE WHOIS.
THEY'VE ALSO ASSERTED THAT THEY NEED THE INFORMATION TO GET INVESTIGATIVE LEADS AND IN GENERAL TO FIND E-MAIL ADDRESSES.
IN SUMMARY N THE PAST WORKSHOPS, THERE HAS BEEN A LOT OF INFORMATION SUBMITTED ON WHY -- ON THE NONMARKETING USES OF WHOIS INFORMATION. BUT VERY LITTLE INFORMATION FROM THE PAST WORKSHOPS HAVE ADDRESSED THE ISSUE OF HOW THEY ACCESS WHOIS INFORMATION, WHETHER IT BE THROUGH THE WEB OR WHETHER IT BE THROUGH PORT 43 OR EVEN WHETHER IT BE THROUGH BULK ACCESS.
THESE ARE THE ISSUES THAT THIS TASK FORCE HAS BEEN ASSIGNED TO LOOK AT.
THROUGHOUT OUR SEVERAL MONTHS OF THIS TASK FORCE, WE HAVE ESTABLISHED A QUESTIONNAIRE. AND WE INITIALLY SENT THE QUESTIONNAIRE TO APPROXIMATELY 30 TO 40 GROUPS THAT WE'VE IDENTIFIED AS GROUPS THAT WE KNOW ARE USING THE INFORMATION FOR NONMARKETING PURPOSES.
THOSE INCLUDED NOT JUST INTELLECTUAL PROPERTY OWNERS, BUT ALSO CERTAIN SERVICES.
FOR EXAMPLE, THERE ARE A NUMBER OF SERVICES, NAME INTELLIGENCE IS ONE COMPANY,
FOR EXAMPLE, THAT PROVIDES AGGREGATED WHOIS INFORMATION.
THERE ARE A NUMBER OF OTHERS.
THERE IS SEVERAL REGISTRARS THAT PROVIDE INTELLECTUAL PROPERTY-RELATED SERVICES
THAT RELY ON WHOIS INFORMATION, MARK MONITOR BEING ONE OF THEM, AND A NUMBER
OF OTHERS THAT WE HAVE IDENTIFIED.
IN ADDITION TO IDENTIFYING THOSE GROUPS, WE'VE ALSO PLACED THE QUESTIONNAIRE ONTO THE GNSO WEB SITE IN THE HOPES THAT GROUPS THAT THE REST OF US EITHER DIDN'T BRAINSTORM OR WEREN'T AWARE OF COULD RESPOND TO THIS SURVEY -- EXCUSE ME, THIS QUESTIONNAIRE.
AND, AGAIN, THE QUESTIONNAIRE FOCUSES ON THE USE OF WHOIS INFORMATION, AND ALSO, MORE IMPORTANTLY, THE MECHANISMS TO ACCESS THE WHOIS INFORMATION.
SO JUST TO GIVE YOU KIND OF A SUMMARY OF THE QUESTIONS THAT WE HAD IN THIS QUESTIONNAIRE OR HAVE IN THIS QUESTIONNAIRE, FOR EXAMPLE, ONE OF THE QUESTIONS IS VERY GENERAL, IT JUST ASKS, "HOW DO YOU OBTAIN WHOIS INFORMATION?"
AND PROVIDES SEVERAL MULTIPLE-CHOICE DIFFERENT WAYS TO GET THAT WHOIS INFORMATION.
AND IT ALSO ASKS, YOU KNOW, THROUGH WHOM DO YOU GET THIS INFORMATION, WHETHER
IT'S THROUGH A REGISTRAR, THROUGH A REGISTRY, OR SOME VALUE-ADDED SERVICE.
HOW OFTEN DOES THAT PERSON RESPONDING TO THE QUESTIONNAIRE ACCESS WHOIS INFORMATION,
WHAT'S THE GENERAL PURPOSES FOR WHICH THEY ACCESS THE WHOIS INFORMATION.
AND THEN A VERY IMPORTANT QUESTION IS, AND AN ISSUE THAT WAS FLOATED WELL BEFORE
THIS TASK FORCE WAS EVEN CREATED, WAS, LET'S SAY THAT THERE WERE JUST WEB-BASED
ACCESS TO WHOIS AND PORT 43, FOR WHATEVER REASON, WERE UNAVAILABLE, WHAT OTHER
SOURCES WOULD YOU USE TO OBTAIN THAT DATA?
IN ADDITION, WE'RE DEVELOPING A SECOND QUESTIONNAIRE.
NOW, THIS QUESTIONNAIRE IS REALLY MEANT FOR REGISTRIES AND REGISTRARS.
IT'S TO ASSESS HOW -- THE IMPACT OF PROVIDING PORT 43 ACCESS AND WEB-BASED ACCESS
TO WHOIS INFORMATION, HOW THAT AFFECTS THEM AND THEIR CUSTOMERS.
IN ADDITION, WE WANT TO KNOW HOW THEIR WHOIS SERVERS ARE AFFECTED BY THE USE
OF AUTOMATED PROCESSES THAT OBTAIN LARGE AMOUNTS OF WHOIS DATA.
TO THE EXTENT POSSIBLE, IF REGISTRARS AND REGISTRIES COULD QUANTIFY THE NUMBER
OF PORT 43 QUERIES, AND ADDITIONAL QUESTIONS INCLUDE, HAS THAT REGISTRY OR REGISTRAR
IMPLEMENTED ANY KINDS OF MECHANISMS TO BLOCK AUTOMATED ACCESS.
THERE ARE A NUMBER OF SITUATIONS THAT MANY OF YOU MAY KNOW ABOUT WHERE REGISTRARS
HAVE, FOR EXAMPLE, THROUGH WEB-BASED ACCESS, HAVE TEXT BOXES.
SO WHEN YOU GO TO THAT WEB SITE, YOU HAVE TO NOT ONLY TYPE THE DOMAIN NAME THAT
YOU'RE SEARCHING, BUT YOU -- IN A GRAPHICS BOX, YOU WILL SEE A COUPLE LETTERS,
NUMBERS, SOME SORT OF PASSWORD THAT YOU WILL THEN HAVE TO TYPE INTO THE WEB
SITE AS WELL.
THE INTENT OF THAT WAS TO, AS BEST AS POSSIBLE, TO PREVENT COMPUTER SCRIPTS FROM ACCESSING THE INFORMATION.
FROM WHAT I UNDERSTAND, HOWEVER, WHENEVER YOU DEVELOP A MECHANISM TO TRY TO
PREVENT AUTOMATED SCRIPTS, YOU HAVE JUST AS CLEVER PEOPLE ON THE OTHER SIDE
FIGURING OUT WAYS AROUND THAT.
AND TO THE EXTENT THAT THAT HAS HAPPENED, WE'RE TRYING TO SOLICIT INFORMATION
ABOUT THAT AS WELL.
SO WHAT THE RESULTS OF THIS QUESTIONNAIRE HAVE BEEN, WELL, WE SENT OUT THE
QUESTIONNAIRE AT THE BEGINNING OF FEBRUARY.
AND TO DATE, THERE HAVE ONLY BEEN SEVEN WHAT I CALL NON-SPAM RESPONSES ON THE
LIST.
WE'VE GOTTEN PLENTY OF SPAM, BUT VERY FEW SUBMISSIONS TO DATE ON THE QUESTIONS
THAT WE HAVE ASKED.
AND ONE OF THE REASONS WE'RE HERE HOLDING A PUBLIC WORKSHOP IS TO REALLY EMPHASIZE THAT WE DESPERATELY NEED MORE INFORMATION ON HOW ANY ENTITIES THAT USE WHOIS INFORMATION ACCESS THAT WHOIS INFORMATION.
SO ONE OF THE THINGS I WANT TO ROLL OUT TO ANYBODY HERE IS, I WANT TO TRY
AND ASK SOME OF THESE QUESTIONS AND OPEN UP THE MICROPHONE FOR PEOPLE WHO HAVE
ANY ANSWERS TO THESE QUESTIONS, AND, AGAIN, THIS IS JUST A SAMPLING OF THE QUESTIONS
THAT WE ASKED.
BUT TO GET INPUT SO WE HAVE A RECORD OF OTHER THINGS WE CAN CONSIDER.
WE UNDERSTAND THAT, YOU KNOW, OBVIOUSLY, THIS IS A LIMITED SAMPLE OF PEOPLE, BECAUSE WE ARE IN ROME, AND, OBVIOUSLY, NOT EVERYONE COULD BE HERE.
BUT WE'RE HOPING, THROUGH MAKING THIS AVAILABLE TO ALL OF YOU, THAT YOU CAN GO BACK AND IF YOU CAN THINK OF ANY GROUPS THAT WOULD WANT TO RESPOND TO SUCH A QUESTIONNAIRE, THAT YOU COULD GET THEIR INVOLVEMENT AS WELL.
SO I WANT TO OPEN UP THE FLOOR TO SOME OF THESE QUESTIONS AND SEE IF ANYONE WANTS TO COME UP TO KIND OF ADDRESS THESE.
SO HERE ARE THE QUESTIONS THAT WE'VE ASKED.
AND IF ANYONE WANTS TO COME UP.
OR EVEN RESPONSES TO THE SECOND QUESTIONNAIRE, WHICH WE HAVEN'T SENT OUT, WHICH
WILL BE SENT OUT IN THE NEXT WEEK OR SO, FROM REGISTRIES OR REGISTRARS.
I KNOW THAT CERTAINLY THE SUBJECT HAS DEFINITELY BEEN DISCUSSED AT MANY OF THE
CONSTITUENCY MEETINGS.
IS THERE ANYONE THAT WANTS TO COME ON UP?
GREAT.
TOM.
IF ANYONE WHO COMES UP TO THE MIKE CAN IDENTIFY THEIR FULL NAME FOR THE SCRIBE AND THE COMPANY THEY WORK FOR.
>> TOM BARRETT: SURE, TOM BARRETT, FROM ENCIRCA, ICANN REGISTRAR.
AND I APPRECIATE THAT OVERVIEW, JEFF.
I WANTED TO ASK A QUESTION TO CLARIFY WHAT YOU SAID.
I THINK YOU PUT UP THERE THAT ONE OF THE INTENTS WAS TO PREVENT AUTOMATED
DATA MINING OF THE PORT 43 WHOIS.
IS THAT CORRECT?
>>JEFF NEUMAN: ONE OF THE ISSUES THAT WE ARE ADDRESSING IS HOW -- IS HOW TO PREVENT DATA MINING THROUGH ANY TYPE OF ACCESS, WHETHER IT BE THROUGH PORT 43 OR WEB-BASED ACCESS.
>> TOM BARRETT: SO, TO ASK IT DIFFERENTLY, IS THERE ANY ALLOWED LEGITIMATE USE FOR AUTOMATED DATA MINING OF PORT 43?
>>JEFF NEUMAN: DOES ANYBODY -- MILTON.
>>MILTON MUELLER: THE QUESTION WAS, IS THERE ANY ALLOWANCE FOR LEGITIMATE
DATA MINING VIA PORT 43?
WE HAVEN'T DECIDED THAT YET.
WE HAVEN'T DECIDED ANYTHING ABOUT WHAT WE'RE DOING ABOUT PORT 43 YET.
WE'RE JUST TRYING TO AT THIS STAGE COLLECT INFORMATION ABOUT HOW PEOPLE USE
PORT 43 FOR NONMARKETING PURPOSES.
SO IF YOU HAVE A PARTICULAR USE THAT YOU HAVE IN MIND AND YOU'RE WORRIED ABOUT IT BEING BLOCKED, THEN YOU SHOULD TELL US ABOUT IT NOW.
>>JEFF NEUMAN: AND JUST TO ADD TO THAT, YOU KNOW, AGAIN, I SAID AT THE VERY BEGINNING, YOU KNOW, THE PURVIEW OF OUR TASK FORCE WAS TO LOOK AT THE NON- -- IS TO, BASICALLY, GET INFORMATION ON NONMARKETING USES, BUT ALSO TO FIGURE OUT WAYS TO PREVENT THE DATA MINING FOR MARKETING USES.
AS I SAID AT THE VERY BEGINNING, IT'S DIFFICULT TO DETERMINE WHAT IS -- FITS INTO MARKETING AND NONMARKETING.
BUT TO THE EXTENT THAT YOU CAN HELP US PROVIDE DEFINITION OR YOU CAN PROVIDE SOME INPUT --
>> TOM BARRETT: WELL, I THINK THE HEADLINE IS, WHOIS IS BROKEN.
AND I THINK THAT IF YOU TRY TO QUALIFY YOUR MISSION AND LIMIT IT TO AUTOMATED DATA MINING FOR MARKETING USE, THEN YOU ARE SIMPLY CONTINUING THE PROBLEM.
YOU NEED TO DECIDE IF YOU WANT TO ALLOW DATA MINING OR NOT.
THERE'S NO WAY FOR COMPUTERS TO TELL IF IT'S FOR MARKETING USE.
SO YOU'RE SIMPLY, YOU KNOW, NOT ADDRESSING THE ISSUE ABOUT WHETHER OR NOT YOU WANT TO ALLOW DATA MINING.
AND I THINK YOU SHOULD DROP THE PHRASE "FOR MARKETING USE" AND ADDRESS THE LARGER ISSUE, DO YOU WANT TO ALLOW DATA MINING.
>>THOMAS ROESSLER: JUST TO ASK A CLARIFYING QUESTION.
WHEN YOU SAY WHOIS IS BROKEN, YOU MEAN THE PORT 43 PROTOCOL OR DO YOU MEAN THE
POLICY?
>> TOM BARRETT: I THINK THE POLICIES ARE BROKEN.
BUT, SURELY -- ONE WAY TO ADDRESS THIS IS, LET'S TRY TO IDENTIFY IF THERE'S
ANY LEGITIMATE USE FOR AUTOMATED DATA MINING.
SO IF LAW ENFORCEMENT HAS A LEGITIMATE USE TO AUTOMATE DATA MINING, THAT SHOULD BE PUT ON THE TABLE.
AND THE SAME THING WITH OTHER REGISTRARS OR IP ADDRESSES.
BUT CERTAINLY OUR SCOPE SHOULD BE, DO WE WANT TO ALLOW DATA MINING OR NOT.
AND IF YOU MAKE IT TOO NARROW, I DON'T THINK YOU WILL SOLVE ANY PROBLEMS.
>>JEFF NEUMAN: YEAH, I -- I THINK --
>>PAUL STAHURA: I HAVE SOMETHING, TOO.
>>JEFF NEUMAN:I WILL THEN I'LL GO TO PAUL.
ONE OF THE THINGS WE ARE TRYING TO ASSESS IN OUR QUESTIONNAIRE IS THE NONMARKETING
NEEDS FOR WHOIS INFORMATION.
AND CERTAINLY INTELLECTUAL PROPERTY OWNERS AND COMMERCIAL AND BUSINESS USERS, LAW ENFORCEMENT, HAVE COME FORTH WITH NEEDS.
AND I THINK ONE OF YOUR QUESTIONS IS EXACTLY RIGHT AS TO WHETHER THEY CAN GET THAT INFORMATION THROUGH WEB-BASED AND WHETHER THAT INFORMATION IS NECESSARILY NEEDED TO BE PROVIDED THROUGH PORT 43.
AND SO I'LL TURN IT OVER TO PAUL NOW.
>> TOM BARRETT: THERE'S ALSO BULK WHOIS.
>>PAUL STAHURA: PART OF THE ANSWER, I THINK -- MY FEELING IS THAT THERE
ARE LEGITIMATE USES FOR THE DATA.
THEN THE QUESTION IS, HOW DO YOU GET THE DATA, YOU KNOW, BY POUNDING WHOIS SERVERS
OF A LARGE NUMBER OF REGISTRARS, I'M NOT SURE THAT'S THE BEST WAY OF GETTING
IT, FOR WHATEVER LEGITIMATE PURPOSE THE DATA IS NEEDED FOR.
SO, YOU KNOW, AS A REGISTRAR, MY BIGGEST CONCERN WITH THE AUTOMATED DATA MINING IS AROUND PORT 43.
BECAUSE THAT'S -- JUST BECAUSE OF THE TECHNICAL WAY IT WORKS, IT'S HARD TO PREVENT MINING.
ON WEB SITES, SOME REGISTRARS HAVE IMPLEMENTED, YOU KNOW, WHAT JEFF SAID, YOU KNOW, TESTS FOR HUMAN TESTS, WHERE YOU INPUT A CODE AND WHATEVER.
SO THAT HELPS PREVENT AUTOMATED ACCESS BY OTHER COMPUTERS TO THE WEB SITES, WHOIS SERVERS.
BUT THE PORT 43 IS A DIFFICULT PROBLEM TO CRACK JUST BECAUSE THE WAY THE TECHNICAL SPECIFICATION IS.
>>JEFF NEUMAN: IS THERE ANYONE ELSE ON THE PANEL THAT WANTED -- MILTON.
AND THEN THOMAS.
>>MILTON MUELLER: YEAH, I REALLY APPRECIATE YOUR BRINGING THIS DISTINCTION UP, BECAUSE IT'S A PROBLEM THAT I'VE HAD TROUBLE WITH AS WE HAVE GONE THROUGH THIS.
YOU KNOW, WE ARE TRYING TO DISTINGUISH BETWEEN MARKETING VERSUS NONMARKETING USES.
AND THEN WITHIN THE NONMARKETING USES, SOMETIMES WE'RE TRYING TO DISTINGUISH BETWEEN LEGITIMATE AND ILLEGITIMATE USES.
FIRST OF ALL, THE TASK FORCE HAS NO MANDATE TO DETERMINE WHAT IS AN ILLEGITIMATE USE OR NOT.
AND WE KEEP SORT OF EDGING INTO THAT.
AND AS YOU POINT OUT, EVEN IF WE DID MAKE CLEAR, FINE DISTINCTIONS IN OUR OWN HEADS BETWEEN WHAT WE CONSIDER MARKETING VERSUS NONMARKETING, THE ISSUE OF ACCESS IS STILL NOT RESOLVED.
THAT IS, WE CANNOT DETERMINE WHETHER THESE PARTICULAR USES CAN BE DISTINGUISHED IN TERMS OF USING PORT 43.
SO I THINK THAT YOU PHRASE A -- THE QUESTION CORRECTLY, THAT WE BASICALLY HAVE TO DECIDE WHETHER WE WANT TO ALLOW AUTOMATED DATA MINING AT ALL.
AND IN TERMS OF DEVELOPING OUR SURVEY, THERE WAS A QUESTION WHERE WE ASKED PEOPLE, IF YOU COULDN'T GET THIS DATA VIA PORT 43, WHERE WOULD YOU GET IT?
WE HAD A BIG DEBATE ABOUT THAT ON THE COMMITTEE.
BECAUSE SOME PEOPLE WANTED TO SAY SOMETHING LIKE WHAT WOULD HAPPEN, YOU KNOW,
HOW BAD WOULD IT BE IF YOU COULDN'T GET IT THROUGH PORT 43?
AND I SAID, NO, YOU'VE GOT TO ASK THEM WHERE ELSE THEY WOULD GET IT.
BECAUSE WE KNOW YOU CAN GET THE DATA IN OTHER WAYS.
THE QUESTION IS JUST HOW AND HOW COSTLY WOULD IT BE AND WHO WOULD BE HURT
BY THAT AND WHAT WOULD THE ASSERTED HARMS BE.
SO I THINK THAT, AGAIN, TO REITERATE, YOU HAVE REPHRASED THE QUESTION CORRECTLY.
WE SIMPLY NEED TO DETERMINE, YOU KNOW, WHO'S USING AUTOMATED DATA MINING, WHAT WOULD HAPPEN IF IT WERE CUT OFF, AND WE NEED TO DO OUR SECOND SURVEY ON THE REGISTRARS AND REGISTRIES FINDING OUT, YOU KNOW, HOW MUCH OF A BURDEN IS BEING IMPOSED ON THEM BY THESE AUTOMATED DATA PROCESSES.
>>JEFF NEUMAN: THOMAS.
>>THOMAS ROESSLER: SEVERAL POINTS.
LET ME BEGIN WITH THAT BOTH PAUL AND MILTON, ESSENTIALLY, THAT IT IS POSSIBLE TO PREVENT AUTOMATED DATA MINING FROM HAPPENING.
WE ARE TALKING ABOUT SOME KIND OF A SERVICE OR SOME KIND OF A PROGRAM TALKS TO A DIFFERENT PROGRAM AT THE PORT.
AND WE HAVE TWO PROBLEMS AT HAND.
ONE PROBLEM IS RATE-LIMITING.
YOU CANNOT (INAUDIBLE) RATE-LIMITING BY DISTRIBUTING THE CLIENTS.
THE OTHER PROBLEM IS A HUMAN -- THERE'S A HUMAN DRIVING THIS PROGRAM.
SO WE ARE GOING INTO REVERSE TURING TESTS.
FIRST OF ALL, TURING TESTS AND REVERSE TURING TESTS ARE VERY HARD PROBLEMS.
AND IT'S KNOWN THAT TESTS ARE GETTING MORE AND MORE COMMON IN THE TRADE CAN
BE CIRCUMVENTED.
JUST ONE ANECDOTE, SIMILAR TESTS ARE BEING USED BY HOT MAIL AND OTHER MAIL SERVICES IN ORDER TO KEEP SPAMMERS FROM AUTOMATICALLY GENERATING ACCOUNTS THERE.
WHAT'S HAPPENING NOW IS THAT THE PROGRAMS THAT DROP OFF THE SPAMMER GOES TO THAT PAGE, TAKES THE CHALLENGE, AND THIS IS A CHALLENGE TO A HUMAN VISITOR ON A PORN SITE.
PLEASE, IF YOU WANT TO GET INTO THIS PORN SITE, PLEASE SOLVE THIS CHALLENGE.
HUMAN VISITOR, CHALLENGE, ANSWER IS PASSED ON TO HOT MAIL, ACCOUNT IS CREATED.
WE ARE IN ARMS RACE MODE HERE.
AND THAT'S A DANGEROUS THING TO DO IF YOU WANT TO DESIGN POLICY.
I WOULD NOT -- I WOULD RECOMMEND STRONGLY AGAINST COMING DOWN IN POLICY DIRECTIONS WHEN YOU, ESSENTIALLY, JUST START AN ARMS RACE WITH THE BAD GUYS.
THEY ARE VERY INVENTIVE AND JUST ABOUT ANYTHING YOU WOULD COME UP WITH IN TERMS OF REVERSE-TIERING TESTS CAN BE CIRCUMVENTED BY GETTING SOME UNSUSPECTED HUMAN TO SOLVE THE RIDDLE.
SO THE QUESTION, THEN, DOES NOT SO MUCH BECOME CAN WE PREVENT DATA MINING, BUT, RATHER, IS THERE A WAY TO RESTRICT THE POSSIBILITY FOR DATA MINING, PARTY THAT ARE SOMEHOW TRUSTED.
AND MAYBE JUST TO THROW A BALL INTO THE ROOM, WHY NOT THINK ABOUT A -- AN APPROACH WHERE YOU HAVE TWO TIERS, AN ANONYMOUS TIER WITH LITTLE INFORMATION, WHERE WE DON'T REALLY CARE IF IT'S BEING DATA-MINED BY ANONYMOUS PARTIES, AND AN AUTHENTICATED TIER WHERE THE DATA USER IS RELIABLY IDENTIFIED, WHERE THIS DATA USER EITHER CAN GET TO MARKET, CAN GET ACCESS, OR CAN BE HELD ACCOUNTABLE FOR BREAKING RULES.
JUST AS A SUGGESTION IN THIS ROOM.
AND I WOULD LIKE TO HEAR YOUR COMMENTS ABOUT THAT.
>>JEFF NEUMAN: THANKS, THOMAS.
I SEE MARGIE MILAM.
>> MARGIE MILAM: THANK YOU.
I'M MARGIE MILAM WITH MARK MONITOR, ONE OF THE SERVICE PROVIDERS AND A REGISTRAR THAT DEVELOPS REPORTS USING WHOIS INFORMATION.
WE REPRESENT PROBABLY 30% OF THE FORTUNE 100 COMPANIES IN AMERICA.
AND WE ALSO REPRESENT A LOT OF INTERNATIONAL COMPANIES.
AND WE'VE BEEN VERY INTERESTED IN THIS ISSUE BECAUSE WE WANT TO GET AS MUCH INFORMATION FROM OUR CUSTOMERS AS TO WHAT THEY NEED AND HOW WE CAN SERVICE THEIR NEEDS.
SO WHAT WE DID A WEEK BEFORE THE ICANN MEETING WAS CONDUCT A WEBINAR.
WE SENT OUT AN E-MAIL TO OUR CUSTOMERS TO SEE IF THEY HAD ANY INTEREST IN
LEARNING WHAT WAS GOING ON WITHIN THE ICANN PROCESS.
WE WERE SURPRISED TO GET A PRETTY SIGNIFICANT INTEREST.
WE HAD 65 COMPANIES PARTICIPATE IN A WEBINAR SPECIFICALLY ON THIS ISSUE.
AND WE CONDUCTED A SURVEY ABOUT THE WHOIS INFORMATION AND WHAT THEIR NEEDS WERE
(INAUDIBLE) TO PROVIDE YOU GUYS A LITTLE UNDERSTANDING AS TO THE CORPORATE NEEDS
FOR WHOIS.
AND LET ME GIVE YOU A LITTLE BIT OF A FLAVOR OF THE RESULTS, BECAUSE I THINK
IT ADDRESSES SOME OF THE ISSUES THAT YOU GUYS HAVE RAISED.
WE ASKED THEM WHAT THEY USE WHOIS DATA FOR.
AND AN OVERWHELMING AMOUNT OF THE RESPONSES, 65% OF THEM, WERE FOR INTELLECTUAL
PROPERTY ENFORCEMENT, WHICH IS NO SURPRISE, GIVEN OUR CUSTOMER BASE.
WE ALSO DID FIND THAT THEY USE -- 30% OF OUR CUSTOMERS USE THE WHOIS INFORMATION
FOR DOMAIN CONSOLIDATION PURPOSES.
AND I THINK THAT THIS HAS BEEN BROUGHT UP BEFORE IN PRIOR HEARINGS.
A LOT OF OUR CUSTOMERS, A LOT OF CORPORATIONS DO NOT KNOW WHAT DOMAIN NAMES
THEY OWN.
AND IN ORDER TO DO SO, THEY HAVE TO SEARCH THE WHOIS INFORMATION TO FIND OUT
WHAT DOMAIN NAMES THEIR COMPANY ACTUALLY OWNS.
AND OTHER THAN THOSE TWO CATEGORIES, THE REST OF THE RESPONSES WERE FAIRLY MINIMAL.
ONLY 2% CLAIMED TO USE THE INFORMATION FOR MARKETING PURPOSES.
AND 1% -- OR 2% INDICATED THAT THEY USED IT FOR SPAM PREVENTION.
THE OTHER QUESTIONS WE ASKED WERE A LITTLE SIMILAR AND I THINK WILL PROVIDE
YOU SOME ADDITIONAL INFORMATION.
WE ASKED THEM IF THEY EVER HAD ANY PROBLEMS IDENTIFYING DOMAIN OWNERS BECAUSE
OF FALSE OR MISLEADING INFORMATION.
AND 78% OF THEM SAID THAT THEY HAD.
SO I KNOW THIS ISN'T YOUR TASK FORCE, IT'S ANOTHER TASK FORCE.
BUT CERTAINLY IDENTIFYING DOMAIN NAME HOLDERS IS A PROBLEM.
WHEN WE ASKED THEM IF WHOIS RECORDS SHOULD CONTINUE TO BE FREELY AVAILABLE TO THE PUBLIC IN THE CURRENT FORMAT, 94% OF THEM SAID THAT THEY THOUGHT THAT THE WHOIS INFORMATION SHOULD BE FREELY AVAILABLE IN THE MANNER THAT IT'S CURRENTLY AVAILABLE.
WE ALSO ASKED THEM IF THEY EVER USED THE WHOIS RECORDS TO SUPPORT A UDRP PROCEEDING,
BECAUSE THAT, AGAIN -- YOU KNOW, UDRP IS AN ICANN POLICY.
AND WE WANTED TO GET A FEEL FOR WHETHER THEY USED WHOIS RECORDS FOR THAT.
75% OF THEM SAID, INDEED, THEY DO USE WHOIS RECORDS TO SUPPORT THEIR UDRP
PROCEEDINGS.
SO THEY WERE -- YOU KNOW, WANTED TO MAKE SURE THAT THE INFORMATION WOULD STILL
BE AVAILABLE FOR THAT PURPOSE.
AND THEN WE ASKED A QUESTION SIMILAR TO THE QUESTIONS THAT WERE IN YOUR QUESTIONNAIRE, IF THE WHOIS RECORDS WERE NOT FREELY AVAILABLE, WOULD THEIR ABILITY TO PROTECT THEIR BRANDS, THEIR COMPANIES' BRANDS, BE HAMPERED?
AND 97% OF THEM DID SAY THAT THEIR ABILITY TO PROTECT THEIR BRANDS WOULD BE HAMPERED IF THEY WEREN'T ABLE TO ACCESS THE WHOIS INFORMATION.
SO I HAVE A SUMMARY OF THE REPORT.
I DON'T KNOW IF YOU GUYS WOULD BE INTERESTED IN RECEIVING ALL OF THE DETAILS.
BUT I THOUGHT IT WAS INSIGHTFUL FOR YOU TO UNDERSTAND THE CORPORATE PERSPECTIVE.
>>JEFF NEUMAN: YEAH, I THINK THE -- ABSOLUTELY, WE'D LIKE TO SEE IT
IF YOU WANT TO MAKE IT AVAILABLE.
ONE OF THE QUESTIONS I HAVE IS, DID YOU ASK ANY KIND OF QUESTION IN THERE ON
HOW THEY OBTAINED IT, WHETHER IT WAS WEB-BASED OR WHETHER THEY USE PORT 43?
BECAUSE I THINK -- I THINK THERE HAVE BEEN A NUMBER OF GOOD CASES MADE AS TO WHY WHOIS INFORMATION IS NEEDED BY A NUMBER OF DIFFERENT TYPES OF ENTITIES.
I DON'T THINK ANYONE HERE IS KIND OF -- WELL, THERE MAY BE SOMEONE, BUT I
DON'T THINK TOO MANY PEOPLE ARE QUESTIONING THE FACT THAT PEOPLE USE WHOIS INFORMATION
FOR LEGITIMATE PURPOSES.
THE QUESTION THAT WE'RE REALLY TRYING TO FOCUS ON IS, DO THEY USE PORT 43 --
COULD THEY USE ANOTHER SOURCE FOR THAT INFORMATION?
FOR EXAMPLE, COULD THEY JUST USE THE WEB?
>> MARGIE MILAM: AND THE PROBLEM WE HAVE IS, A LOT OF OUR CUSTOMERS DON'T EVEN KNOW WHAT PORT 43 IS OR, YOU KNOW, THEY DON'T UNDERSTAND THE (INAUDIBLE) THAT YOU, THE COMMITTEE, IS FACING.
SO WE TRY TO KEEP IT HIGH LEVEL. AT THE END OF OUR SURVEY, WE ENCOURAGED THEM
TO FILE ANSWERS TO THE QUESTIONNAIRES THAT ICANN HAS THAT I THINK THAT YOUR
COMMITTEE HAS POSTED.
BUT I DO THINK THAT YOU HAVE THAT -- THE PROBLEM THAT A LOT OF CUSTOMERS ARE
TOO BUSY TO FILL OUT THE FORM.
THEY DON'T UNDERSTAND WHAT PORT 43 IS.
ALL THEY KNOW IS THEY NEED THE INFORMATION. AND THAT'S WHY THEY RELY ON SERVICE
PROVIDERS OR GO DIRECTLY TO A REGISTRAR'S WEB SITE.
BUT WE'LL CERTAINLY ENCOURAGE THEM TO FILE ANSWERS TO THE QUESTIONNAIRES IF
YOU'RE STILL SOLICITING INFORMATION.
>>JEFF NEUMAN: YES, WE ARE.
AND, ACTUALLY, JUST MAYBE TO REWORD THE QUESTION, BECAUSE I -- YOU KNOW, OUR COMMITTEE FULLY UNDERSTANDS THAT MOST PEOPLE DON'T KNOW WHAT PORT 43 IS, BUT MAYBE YOU CAN ASK THE QUESTION, WHERE DO THEY GET THE INFORMATION FROM?
AND IF THEY NAME A SERVICE, THEN IT'S POSSIBLE FOR US TO LOOK INTO THE SERVICE
AND CONTACT THAT SERVICE DIRECTLY TO SEE WHAT THEY USE.
BECAUSE CHANCES ARE, WHAT SERVICE THEY USE KNOWS WHAT PORT 43 OR WEB ACCESS
WOULD BE.
SO I THINK IF PEOPLE UP HERE AGREE, COMPLETELY UNDERSTAND THAT VERY FEW PEOPLE
KNOW WHAT PORT 43 IS.
BUT IF WE CAN PINPOINT THE SERVICES THAT THEY -- WHERE THEY GET THE INFORMATION,
THEN WE CAN DO THE FURTHER WORK, OR YOU CAN HELP US DO THE FURTHER WORK IN DETERMINING
HOW THEY ACCESSED IT.
WE HAVE COMMENTS UP HERE, THOMAS, MILTON, AND PAUL.
>>THOMAS ROESSLER: OKAY.
SO I WILL JUST BEGIN.
I HAD A FLASH BACK TO MONTREAL WHILE I LISTENED TO YOU.
YOU BROUGHT UP A POINT OF USING WHOIS FOR ASSET MANAGEMENT.
WE HEARD THAT ALSO FROM JANE MUTIMEAR IN MONTREAL.
AND WHILE I CERTAINLY WON'T DISPUTE THAT THAT'S A PRACTICAL USE OF WHOIS, THERE
ARE ALSO PEOPLE WHO ARE REPORTED TO DRIVE IN SCREWS WITH A HAMMER.
IT MAKES ME A LITTLE NERVOUS WHEN I HEAR THAT FIRMS ARE RELYING ON A PUBLIC
DATABASE WITH A BUNCH OF DIFFERENT PROVIDERS IN ORDER TO TRACK THEIR ASSETS.
A COLLEAGUE OF MINE ON THE SAME COMMITTEE MADE A GOOD ANALOGY IN MONTREAL.
THIS IS LIKE MANAGING YOUR CARS BY DOING REVERSE LOOKUPS IN THE MOTOR VEHICLE
REGISTRATION DATABASE.
IT'S JUST ABOUT THE SAME.
THIS WAS APPARENTLY (INAUDIBLE) FOR THE SYSTEM.
IT'S JUST ABOUT THE SAME KIND OF USE OF THE BROAD TOOL IN THIS CASE.
>> MARGIE MILAM: I THINK I CAN EXPLAIN THE DIFFERENCE.
BECAUSE IT'S SO INEXPENSIVE TO PURCHASE A DOMAIN NAME AND ANYONE CAN PURCHASE
IT FOR A CORPORATION, THE REASON WHY IT'S DIFFICULT FOR A CORPORATION TO FIGURE
OUT WHAT ASSETS THEY OWN IS BECAUSE IT MAY BE A TECHNICAL PERSON WHO NO LONGER
WORKS AT THE COMPANY WHO REGISTERED THE NAME ON BEHALF OF THE COMPANY.
AND THERE'S NO WAY THE COMPANY CAN EVEN TRACE THAT.
WITH SOMETHING AS SIGNIFICANT AS A CAR, CLEARLY, IT WOULD BE UNLIKELY THAT, YOU KNOW, THE PURCHASER WOULD -- IF IT ISN'T THE COMPANY, WOULD ALLOW AN INDIVIDUAL TO SPEND THAT MUCH MONEY ON A CAR.
AND I THINK THAT'S REALLY THE PROBLEM, THAT SO MANY -- WITHIN AN ORGANIZATION, THERE ARE VERY MANY LEVELS OF PEOPLE WHO CAN REGISTER A DOMAIN NAME, AND IT IS DIFFICULT TO TRACK.
>>JEFF NEUMAN: OKAY, THANKS.
MILTON NEXT.
>>MILTON MUELLER: YEAH, I JUST WANT TO REITERATE THAT, REALLY, THE SURVEY THAT YOU PRESENTED IS NOT REALLY DIRECTLY -- DOES NO REALLY DIRECTLY BEAR ON THIS TASK FORCE AT ALL.
BECAUSE WHAT YOU'RE TALKING ABOUT ARE USES AND NOT ABOUT ACCESS VENUES.
SO THAT IT'S REALLY QUITE -- I WOULD SUSPECT THAT OF ALL OF THE PEOPLE WHO TALK
ABOUT USING IT FOR DOMAIN CONSOLIDATION, FOR EXAMPLE, NONE OF THEM ARE USING
PORT 43.
I DON'T UNDERSTAND HOW THEY WOULD BE QUERYING DATABASES.
MAYBE THEY ARE, IF THEY'RE VERY SOPHISTICATED.
BUT, REALLY, REALLY UNLIKELY THAT THEY'RE USING PORT 43 OR AUTOMATED DATA MINING
PROCESSES TO DO DOMAIN CONSOLIDATION.
AND IT'S NOT TOO LIKELY THAT THEY THEMSELVES, THE CORPORATIONS, ARE USING
AUTOMATED DATA MINING PROCESSES FOR IP ENFORCEMENT.
THEY MAY BE RELYING ON A SERVICE THAT GETS THAT INFORMATION FOR THEM.
SO WE HAVE TO BE VERY CLEAR ABOUT WHAT WE'RE TALKING ABOUT HERE.
IT'S NOT -- IF WE GET INTO A DEBATE HERE ABOUT, YOU KNOW, WE LIKE TO HAVE WHOIS
DATA AND THEN THE PEOPLE WHO DON'T LIKE TO HAVE WHOIS DATA, WE'RE JUST, YOU
KNOW, SHOUTING AT EACH OTHER FROM THE ROOFTOPS AGAIN.
WHAT THIS TASK FORCE HAS NARROWED THE TOPIC DOWN TO IS THE AUTOMATED DATA MINING PROCESSES FOR ACCESSING THE WHOIS DATA.
>> MARGIE MILAM: THE TASK FORCE ISN'T ADDRESSING BULK WHOIS, IT'S ONLY PORT 43 AT THIS POINT?
>>JEFF NEUMAN: WE ARE ADDRESSING PORT 43 AND WEB-BASED ACCESS, NOT BULK
ACCESS.
THERE'S ALREADY A CONSENSUS POLICY ADDRESSING BULK ACCESS.
AND IT'S BEEN CLEARLY STATED THAT BULK -- THE USE OF BULK WHOIS INFORMATION
FOR MARKETING PURPOSES ARE PROHIBITED.
SO THAT'S ALREADY BEEN ADDRESSED.
WHAT WE'RE REALLY NARROWLY FOCUSING ON IS PORT 43 AND WEB-BASED.
AND SO LET ME GO UP HERE TO PAUL, AND THEN DAVID'S GOT A COMMENT AS WELL.
>>PAUL STAHURA: I WANT TO GET BACK TO WHAT TOM SAID.
I DO AGREE THAT THOSE METHODS YOU SAID ABOUT THE REVERSE TURING TESTS AND THE
SPEED BUMPS ARE POSSIBLE TO GET AROUND AND WOULD CREATE AN ARMS RACE AND SO
ON.
BUT I THINK THAT AT LEAST GOING BY MY EXPERIENCE AS A REGISTRAR, IT DOES HELP
TO PREVENT DATA MINING.
I KNOW IT'S NOT THE FINAL SOLUTION.
BUT, YOU KNOW, IT'S NOT THE END-ALL SOLUTION, BUT DOES LIMIT DATA MINING ON
MY WEB-BASED WHOIS TO A GREAT DEGREE.
I WANT TO GET TO -- AND WE DID TALK ABOUT THE TIERED ACCESS IN THE REGISTRARS'
CONSTITUENCY MEETING YESTERDAY.
AND IT SEEMS, JUST FROM MY IMPRESSION OF WHAT WE TALKED ABOUT, THAT THAT IS
A GOOD APPROACH.
MY QUESTION IS, ON THE TIERED ACCESS, ARE YOU SUGGESTING THAT WE GET, FOR
EXAMPLE, CERTIFICATES OR SOMEHOW IDENTIFY THE PEOPLE WHO ACCESS THE INFORMATION?
OR DO THEY JUST HAVE TO BE ABLE TO BE KNOWN?
>>JEFF NEUMAN: THOMAS, DO YOU WANT TO ADDRESS THAT QUESTION.
>>THOMAS ROESSLER: THE IDEA WOULD BE, I SUPPOSE, THAT YOU WILL LET PEOPLE INTO THE PRIVILEGED AREA WHO PRESENT YOU WITH, SAY, A RELATIVELY HIGH-CLASS CLIENT CERTIFICATE, SO YOU CAN GET -- HAVE THE POSSIBILITY TO TRACK THEM DOWN RELIABLY.
MAYBE YOU ASK THEM FOR THE PURPOSE, WHY THEY ARE ACCESSING THE DATA.
YOU COULD RECORD THAT.
YOU COULD THINK ABOUT MAKING THE PRIVILEGED INFORMATION AND IDENTITY AVAILABLE
TO CUSTOMERS.
>>PAUL STAHURA: I SEE THAT.
SO THEY COULD STILL --
>>THOMAS ROESSLER: THAT'S THE IDEA.
>>PAUL STAHURA: THE QUESTION I GOT IS, IF YOU DON'T VETTE THEM, AND EVEN IF YOU DO, I BELIEVE THEY COULD STILL MINE THE DATA.
SO THERE WOULD STILL HAVE -- EVEN IF YOU KNOW WHO THEY WERE, THERE WOULD STILL HAVE TO BE SOME KIND OF SPEED BUMPS OR MECHANISM SO THEY DON'T TAKE ALL THE DATA.
>>THOMAS ROESSLER: YOU MAY WISH TO PUT IN SPEED BUMPS, YES.
AND THEN AGAIN, IF YOU TIE ACCESS TO CERTIFICATES THAT COME FOR A NON-ZERO COST,
THEN IT BECOMES COSTLY FOR THEM TO GET A DIFFERENT CERTIFICATE EACH TIME, SO
YOU CAN BLOCK CERTIFICATES AND ABUSE.
YOU CAN HOLD THEM ACCOUNTABLE.
>>PAUL STAHURA: THAT'S TRUE.
>>THOMAS ROESSLER: SO THE ECONOMY OF MINING STARTS TO CHANGE WHEN YOU GET THESE CERTIFICATES.
>>PAUL STAHURA: WE WANT THE COST TO GO UP TO MINE.
>>THOMAS ROESSLER: SORRY?
>>PAUL STAHURA: WE WANT THE COSTS TO INCREASE IN ORDER TO MINE.
>>THOMAS ROESSLER: YES.
ONE OF THE INCENTIVES FOR MINING IS YOU GET THE ADDRESSES FOR FREE.
>>JEFF NEUMAN: OKAY.
I WANT TO TURN IT OVER TO DAVID.
HE HAS A COMMENT AS WELL.
>>DAVID FARES: THANKS, JEFF.
AS JEFF SAID, I WOULD WELCOME, TOO, THE INPUT FROM YOUR SEMINAR.
AND WE CAN THEN ASSESS THE INFORMATION AND DETERMINE HOW IT'S MOST APPROPRIATE
FOR US.
AND WHAT I WOULD LIKE TO REITERATE, I BELIEVE, IS A LIMITED MANDATE FOR OUR
TASK FORCE.
OUR TASK FORCE IS LIMITED TO ANALYZING THE USE OF THESE ACCESS POINTS FOR MARKETING
PURPOSES.
AND THEN WHETHER THE CONTRACTS NEED TO BE REVISED, SO THAT THERE CAN BE TECHNOLOGY
DEPLOYED TO ADDRESS THESE CONCERNS.
AND I THINK THE MEANS AND JUSTIFICATIONS OF LEGITIMATE-PURPOSE USES OF WHOIS IS GOING TO BE VERY HELPFUL FOR US IN ANALYZING THE CONTRACTS IN THAT REGARD, DETERMINING WHETHER THERE'S GOING TO BE ANY NEEDED CHANGE.
SO I JUST WOULD LIKE TO REITERATE, I THINK WE ALL WOULD WELCOME YOUR INPUT
ON THE ENTIRE DISCUSSION.
BUT WE HAVE A VERY LIMITED MANDATE THAT WE NEED TO FOCUS ON.
>> MARGIE MILAM: THANK YOU.
AND JUST ONE POINT ON THE DATA MINING ISSUE.
IT DOES AFFECT DATA MINING, BECAUSE IF THERE IS NO BULK ACCESS TO THAT INFORMATION,
THE INFORMATION NEEDS TO BE OBTAINED IN OTHER MANNERS.
SO THAT'S WHERE IT AFFECTS, YOU KNOW, ACCESSIBILITY OF INFORMATION AND HOW SERVICE
PROVIDERS WOULD GET THE INFORMATION.
THANK YOU.
>>JEFF NEUMAN: THANKS, MARGIE.
YOU KNOW, I WANTED TO, IF WE HAVE ANYONE ELSE.
GREAT.
PLEASE INTRODUCE YOURSELF.
>> JAY WESTERDAL: HI, I'M JAY WESTERDAL OF NAME INTELLIGENCE.
THERE ARE TWO OTHER PEOPLE BEHIND ME IN THE LINE ALSO.
>> ONE.
>>JEFF NEUMAN: GO ON.
>> JAY WESTERDAL: BASICALLY, WE RUN A WHOIS AGGREGATE SITE, AND WE GET THE INFORMATION FROM MULTIPLE REGISTRARS AND MULTIPLE REGISTRIES.
WE'VE GOT APPROXIMATELY ABOUT 15,000 PEOPLE WHO USE THE SERVICE.
SO IT'S QUITE EXTENSIVE.
AND WE HEAR A LOT OF FEEDBACK FROM THAT COMMUNITY AS FAR AS, YOU KNOW, WAYS
THAT IT CAN BE IMPROVED, WAYS THAT IT'S BAD.
THE MULTITUDE OF FEEDBACK THAT WE RECEIVE IS JUST ENORMOUS.
THE THING THAT, YOU KNOW -- IF WE GO BACK TO PORT 43, THERE'S ONLY REALLY TWO
TYPES OF PEOPLE THAT USE PORT 43.
IT'S THE UNIX GEEKS WITH A CONSOLE AND IT'S A PROGRAM.
AND, YOU KNOW, I THINK THE UNIX GEEKS CAN LEARN TO USE A WEB BROWSER AND PROGRAMS
CAN LEARN TO USE A BETTER SYSTEM.
FIRST, AUTHENTICATION ABSOLUTELY NEEDS TO HAPPEN.
THERE'S NO IFS, ANDS OR BUT.
IF THERE'S NO -- IT'S A NO-BRAINER.
I DON'T KNOW WHY AUTHENTICATION HASN'T HAPPENED YET.
BUT I THINK AUTHENTICATION IS ABSOLUTELY NECESSARY.
TO GET A ZONE FILE, YOU NEED TO AUTHENTICATE. THERE'S NO REASON THAT YOU WOULDN'T NEED TO AUTHENTICATE IF YOU WERE DOING RAPID REQUESTS FOR ANY REASON.
THE REASON THAT YOU WOULD DO THOSE REQUESTS IS, YOU KNOW, IT'S DIVERSE AS WELL. IT CAN BE FROM A PERSON THAT'S AGGREGATING LIKE WE ARE. IT CAN BE A PERSON THAT'S DATA MINING. IT COULD BE A PERSON THAT'S TRYING TO SPAM. THERE'S A MULTITUDE OF REASONS WHY PEOPLE ARE REQUESTING PORT 43, AND I THINK THOSE NEED TO BE ADDRESSED AFTER AUTHENTICATION. AUTHENTICATION IS THE FIRST STEP.
AND HOW YOU ADDRESS WHAT YOU'RE GOING TO DO TO REGULATE THE USE OF THE PERSON THAT'S USING AUTHENTICATED ACCESS, I THINK IT BECOMES A LOT SIMPLER ONCE YOU KNOW WHO IS ACTUALLY USING IT AND YOU CAN DO A LOT MORE STIPULATIONS AFTER THAT?
>>PAUL STAHURA: I HAVE A QUESTION FOR JAY. ONCE YOU AUTHENTICATE IS IT ALL YOU CAN EAT OR WOULD YOU NEED TO BE SPEED-BUMPED?
>>JAY WESTERDAL: WELL, I DON'T THINK SPEED BUMPED IS THE CORRECT LIMITATION MECHANISM, BUT I DON'T THINK IT'S AN ALL YOU CAN EAT.
I THINK THERE IS A -- THERE IS A LIMIT TO HOW MUCH INFORMATION ANY PARTICULAR ORGANIZATION NEEDS, AND IT DEPENDS ON WHO THEY ARE. IF THEY'RE A GOVERNMENT AND THEY'RE TRYING TO ORGANIZE AND TRACK WHAT'S GOING ON, I KNOW FROM A GENERAL PERSPECTIVE THAT'S A BAD THING, BUT THERE'S A LOT OF PEOPLE WHO WANT TO, FOR EXAMPLE, TRACK WHAT THEY OWN. AND I USED TO TRACK A LARGE CORPORATION, AND WE HAD BOUGHT PROBABLY BETWEEN TEN TO 20 COMPANIES IN TWO YEARS, AND IT WAS HARD FOR US TO KNOW WHAT DOMAINS WERE OWNED BY THE CORPORATION ITSELF AND WHAT WERE OWNED BY EMPLOYEES AND HOW STUFF WAS BEING USED AT DIFFERENT OFFICES IN DIFFERENT LOCATIONS.
>>JEFF NEUMAN: OKAY. THOMAS.
>>THOMAS ROESSLER: I WAS NOT OBJECTING AGAINST YOUR SUGGESTION OF GOVERNMENTS TRYING TO TRACK WHAT'S GOING ON IN THAT CASE, BUT RATHER AGAINST YOUR SUGGESTION THAT PRIVILEGES SHOULD BE GIVEN ACCORDING TO WHO IS ASKING FOR SOMETHING.
I THINK THE IMPORTANT CRITERION IS THE PURPOSE, NOT WHO SOMEONE IS.
SOMETIMES YOU CAN CONCLUDE FROM THE IDENTITY OF THE PURPOSE, MAYBE IT WAS GOVERNMENTAL LAW ENFORCEMENT, BUT IF, SAY, STEVE GETS TO -- SAY STEVEN METALITZ DOWN THERE GETS WHOIS DATA TO SUE SOMEONE, AND THEN (INAUDIBLE) SHOULD HAVE THE SAME ABILITY TO GET TO THIS DATA AND TO USE IT IN COURT OR IN THE SUIT. I THINK THAT'S IMPORTANT.
IT'S NOT WHO SOMEONE IS. IT'S THE PURPOSE. AND THE CHALLENGE IS TO DEVISE HEURISTICS AND MAYBE YOU EVEN PULL IN DIFFERENT LEVELS OF AUTHENTICATION. YOU ASK THE PEOPLE WHAT DO YOU WANT IT FOR. MAYBE IF SOMEONE WANTS TO DO MASSIVE MINING, YOU LET THEM APPLY, YOU LET THEM SPECIFY THE PURPOSE, YOU GET A USE REQUEST PROCESS (INAUDIBLE) AUTHORIZATION INTO REMOVING THE SPEED BUMP, THINGS LIKE THAT. THAT'S THE DIRECTION IN WHICH I'M THINKING RIGHT NOW.
>>JEFF NEUMAN: AND LET ME ALSO THROW OUT ANOTHER QUESTION, NOT NECESSARILY ONE -- NOT PUTTING YOU ON THE SPOT, BUT JUST A GENERAL QUESTION AS WELL, BECAUSE OBVIOUSLY AUTOMATED PROCESSES DO BURDEN THE REGISTRAR AND REGISTRY SYSTEM. SO A GENERAL QUESTION IS WOULD YOU OR WOULD PEOPLE PAY FOR AUTOMATED ACCESS TO COVER THE COSTS TO THE REGISTRIES OR THE REGISTRARS OFFERING IT? ESPECIALLY, YOU KNOW, THE CONCEPT OF AUTHENTICATION IS BROUGHT UP A NUMBER OF TIMES, AND IS THAT SOMETHING THAT, FROM A REGISTRY STANDPOINT, YOU KNOW, I SEE THAT AS A LOT MORE WORK. I'M NOT SAYING IT'S NOT WORTH IT, BUT CERTAINLY WHEN YOU CONSIDER THE FACT THAT IT'S FOR, DOT BIZ, $5.35 FOR A DOMAIN NAME AND WE DON'T GET MONEY FROM PEOPLE SEARCHING, THERE'S GOT TO BE A COST RECOVERY MECHANISM AS WELL.
SO AGAIN, THAT'S JUST A GENERAL QUESTION. I DON'T SPECIFICALLY POSE IT TO YOU, BUT ONE TO THINK ABOUT.
>>JAY WESTERDAL: I WOULD ENCOURAGE NO COST. YOU ARE THE REGISTRY, AND PART OF YOUR RESPONSIBILITY FOR THAT $5.35 IS TO MAINTAIN OWNERSHIP RECORDS. AND I THINK PEOPLE KNOWING WHO OWNS THE DOMAINS IS A RESPONSIBILITY THAT THE REGISTRY SHOULD DO FOR NO COST OR VERY LITTLE COST. AND WHEN THERE IS A COST INVOLVED, I THINK IT NEEDS TO BE VERY -- VERY THOROUGHLY THOUGHT OUT AS TO IF THERE WAS A COST, YOU KNOW, PERHAPS SOMEONE WANTS TO ELIMINATE THE SPEED BUMP AND TO CATEGORIZE ALL THE NAMES AND TO ALLOW TRADEMARK OWNERS OR IP LAWYERS TO BE SEARCHING THROUGH THESE NAMES; THAT PERHAPS A MINIMUM COST IS INVOLVED IN THAT SITUATION.
>>JEFF NEUMAN: OKAY.
>>PAUL STAHURA: QUICK QUESTION.
>>JEFF NEUMAN: PAUL PRETTY QUICKLY AND THEN THERE'S SOME OTHER PEOPLE.
>>PAUL STAHURA: AS THE REGISTRAR REPRESENTATIVE TO THIS TASK FORCE, I CAN TELL YOU THE REGISTRARS ARE CONCERNED ABOUT COST, NOT JUST ON THE DATA MINING TASK FORCE BUT ALSO ON THE OTHER SOLUTIONS THAT MIGHT COME UP, ESPECIALLY REGARDING ACCURACY. HOW MUCH IS ALL THAT GOING TO COST TO IMPLEMENT?
>>JEFF NEUMAN: OKAY; THANKS, PAUL. LET'S MOVE ON.
AND JAY, I KNOW YOU HAD SUBMITTED A RESPONSE, AND SO I THANK YOU FOR THAT AS
WELL.
>>ROSS RADER: HELLO, THANKS, ROSS RADER FROM TUCOWS. NOT REALLY WHY I'M UP HERE BUT WE'RE SHAMELESS DATA MINERS, SO I WOULD ENCOURAGE THAT USE TO BE TAKEN INTO ACCOUNT WHEN YOU MOVE FORWARD WITH YOUR POLICY.
I KEEP HEARING A LOT ABOUT PORT 43 VERSUS WEB-BASED ACCESS, AND I GET KIND OF CONFUSED BECAUSE THE WAY I SEE THE WEB IS AN APPLICATION. IT LIVES INSIDE A WEB BROWSER AND WHEN WE TALK ABOUT WEB-BASED WHOIS WE COULD BE TALKED ABOUT DESKTOP-BASED WHOIS OR CELL PHONE-BASED WHOIS OR ANY MECHANISM IN THE FUTURE-BASED WHOIS.
SO I WOULD ENCOURAGE MORE OF THE FOCUS TO SIT ON OR TO BE FOCUSED ON PROTOCOL-BASED ACCESS, BECAUSE I THINK THAT'S REALLY WHERE WE CAN MAKE THE MOST PROGRESS IN SOLVING THESE PROBLEMS.
PORT 43 IS A TERRIBLY SIMPLE PROTOCOL. IT'S MARVELOUS THAT YOU CAN IMPLEMENT FIVE OR SIX LINES OF CODE, BUT IT'S ALSO A BAD WAY FOR CONTROLLING ACCESS. AND THERE ARE SYSTEMS OUT THERE (INAUDIBLE) PAUL HAS SOME PROPOSALS, THE IETF IS WORKING UNDER PROPOSALS.
SO I WOULD ENCOURAGE OUR WORK, I GUESS, TO MAKE SURE THAT WE DEAL WITH THE POLICIES THAT WE WANT AND HOW THEY APPLY TO THESE DIFFERENT TECHNOLOGIES, VERSUS DISCUSSIONS OF WEB-BASED VERSUS PORT 43, ET CETERA, ET CETERA, ET CETERA. IT CONCERNS ME THAT DOWN THE ROAD, WE'RE GOING TO WANT TO IMPLEMENT A CERTAIN APPLICATION, AND WE'RE NOT GOING TO BE ABLE TO BECAUSE WE'RE LIMITED TO A MECHANISM FOR ACCESS THAT ONLY WORKS WITH THIS OR BRAND OF THE OTHER THING.
>>JEFF NEUMAN: I THINK THAT'S AN EXTREMELY GOOD POINT AND ONE THING I WANTED TO ADD TO WHAT YOU SAID IS OFTENTIMES WHEN PEOPLE THINK THEY'RE GETTING WEB-BASED WHOIS THE SITE THEY GO TO IS USING PORT 43 TO PROVIDE A WEB-BASED RESPONSE. SO THAT'S A GOOD POINT.
>>MILTON MUELLER: CAN I HAVE THE FLOOR?
>>JEFF NEUMAN: I'M SORRY, MILTON.
>>MILTON MUELLER: I'M GOING TO COMMENT ON WHAT ROSS JUST SAID. I THINK IT'S A VERY PROFOUND POINT. I THINK IT IN SOME WAYS CALLS INTO QUESTION OF DEFINITION OF WORK THAT WE'RE WORKING UNDER, BECAUSE A LOT OF THE ACCESS MECHANISMS AND THE EFFORTS THAT ARE DEVELOPED TO ACCESS THE WHOIS DATA DEPENDS ON WHAT THE DATA IS. AND OF COURSE TASK FORCE 2 WILL BE DOING THAT AS A SEPARATE ITEM.
AND SO, YOU KNOW, WHAT POLICY WE DEVELOP ABOUT ACCESS MECHANISMS, AS EVEN THOMAS SUGGESTED, DEPENDS ON WHAT PEOPLE ARE AFTER. AND IF YOU REDUCE THE VALUE OF WHAT'S IN THERE, YOU HAVE LESS OF A PROBLEM.
SO I JUST WANTED TO MAKE SURE THAT EVERYBODY IS AWARE OF THAT.
>>JEFF NEUMAN: THANKS.
KATHY.
>>KATHRYN KLEIMAN: GREAT, THANK YOU. KATHRYN KLEIMAN, NONCOMMERCIAL
USERS CONSTITUENCY.
FIRST, THANKS TO TASK FORCE 1. I KNOW YOU GUYS ARE SPENDING A LOT OF TIME GRAPPLING
WITH SOME SERIOUS ISSUES. THANK YOU.
I SHOULD TAKE A STEP BACK HERE.
I'M A LITTLE CONFUSED AND I NEED SOME CLARIFICATION.
AS I UNDERSTOOD IT, THE DESCRIPTION OF WORK FOR TASK FORCE 1 -- AND AGAIN, JUST
PLEASE HELP ME THROUGH THIS -- WAS THAT THERE WERE MARKETING USES, THAT THERE
WAS A CONSENSUS IN THE COMMUNITY SHOULD KIND OF BE ELIMINATED FROM PORT 43;
THAT THE MINING OF PORT 43 FOR MARKETING PURPOSES WAS WHAT WE KIND OF -- WE,
AS A COMMUNITY, AGREED SHOULD BE ELIMINATED. AND THAT'S WHERE YOU'RE GOING.
THE PROCESS OF SEPARATING MARKETING AND NONMARKETING USES.
>>JEFF NEUMAN: WELL, I THINK YOU BRING UP A GOOD POINT. REALLY, THE ONLY CONSENSUS POLICY WAS THAT MARKETING USES OF BULK WHOIS, WHICH IS A DIFFERENT MEANS OF ACCESSING WHOIS INFORMATION, WAS PROHIBITED. AND ONE OF THE ISSUES WE'RE LEFT WITH IS IT DIDN'T ADDRESS AT ALL WEB-BASED OR PORT 43.
>>KATHRYN KLEIMAN: AND WHAT IT ALSO DOESN'T SEEM TO ADDRESS IS DIFFERENTIATING AMONG NONMARKETING USES. AND THIS IS WHERE I BRING UP THE CONCERN, EVEN IF WE DO HAVE A CONSENSUS AS A COMMUNITY WITH CONCERN ABOUT THE MARKETING USES, I'M CONFUSED AS I HEAR THE PROCESS, AND MAYBE THIS ISN'T WHAT'S HAPPENING, OF DEFINING LEGITIMATE AND NONLEGITIMATE NONMARKETING USES. AND THIS I DON'T UNDERSTAND BECAUSE -- I SEE SOME REAL DANGERS HERE BECAUSE, FIRST, I DON'T KNOW IF THERE'S ANY CONSENSUS IN THE COMMUNITY OF NONMARKETING USES. I WOULD HAVE THE OPINION WE WOULD HAVE VARYING OPINIONS ON THAT. I SEE EVERY DAY INTELLECTUAL PROPERTY USES. I SEE CASES EVERY DAY ABOUT ILLEGITIMATE LAW ENFORCEMENT USES. WE STUDY EVERY DAY DUE PROCESS AND WHAT LAW ENFORCEMENT CAN DO AND CAN'T. ARE WE IN THE PROCESS OF LEGITIMIZING NONMARKETING USES? IS THAT WHAT'S GOING TO COME OUT OF TASK FORCE ONE?
>>JEFF NEUMAN: OUR GOAL IS NOT TO SAY WHAT IS OR IS NOT A LEGITIMATE USE. ONE OF THE THINGS WE HAVE TO GRAPPLE WITH IS WHETHER OBTAINING THAT INFORMATION -- IT'S NECESSARY TO OBTAIN THAT INFORMATION THROUGH PORT 43 OR WHETHER THAT INFORMATION COULD BE OBTAINED THROUGH A WEB-BASED ACCESS.
SO WE'RE NOT HERE TO MAKE A VALUE JUDGMENT AS TO WHETHER THESE USES ARE LEGITIMATE OR NOT, BUT MERELY TO DETERMINE WHAT WAY THEY WOULD GET THAT INFORMATION.
AND TASK FORCE 2, ANOTHER TASK FORCE WILL BE UP HERE TALKING ABOUT DATA ELEMENTS AND TASK FORCE 3 WILL BE TALKING ABOUT ACCURACY.
IT'S REALLY OUT OF OUR SCOPE. WE'RE KIND OF DEFINED BY THE SCOPE SET FOR US BY THE COUNCIL. SO IT'S NOT REALLY WITHIN OUR PURVIEW TO DETERMINE WHAT IS LEGITIMATE AND WHAT IS NOT.
>>>: KEN TAYLOR: HI, I'M KEN TAYLOR WITH MARKSMEN, ONE OF THE PROVIDERS THAT GETS INFORMATION FOR PEOPLE THROUGH VARIOUS WAYS THAT HAVE BEEN BROUGHT UP BEFORE AS FAR AS RANDOM AND INTELLECTUAL PROPERTY ATTORNEYS, ET CETERA.
WE USE A VARIETY OF STRATEGIES TO GET THE INFORMATION, EITHER DIRECTLY OR THROUGH OTHER SERVICE PROVIDERS, AND I THINK THE POINT WAS BROUGHT UP, GETTING ACCESS TO THE INFORMATION IS KIND OF WHAT'S KEY. I THINK BRAND OWNERS WOULD BE WILLING TO PAY FOR THAT IF THERE'S A TIERED ACCESS OR AUTHENTICATION PROCESS.
AS AN INVESTIGATOR, WE HAVE ACCESS TO PUBLIC RECORDS INFORMATION IN THE UNITED STATES, AND HAVE HAD TO APPLY FOR ACCESS TO THAT. AND THEN WHEN WE USE IT, THERE'S LIKE A TICK BOX OF WHY WE'RE USING IT SO YOU CAN ACTUALLY IDENTIFY THAT QUICKLY. AND THEN THERE'S A FEE FOR THE USE.
AND I THINK THAT WOULD LIMIT SOME OF THE ISSUES OF BIG DATA MINING, THAT THEY'RE GOING TO GET A BUNCH OF INFORMATION, THEY HAVE TO PAY FOR IT AND THAT MIGHT LIMIT IT. AND GOING THROUGH THAT PROCESS, ALTHOUGH THERE WILL ALWAYS BE PEOPLE WHO WILL TRY TO WORK AROUND THOSE LIMITATIONS, HAVING THAT WILL BE HELPFUL.
AND I THINK BRAND OWNERS, A LOT OF THEM DON'T UNDERSTAND -- I DON'T PERSONALLY UNDERSTAND ACCESS TO PORT 43 AND ZONE FILES AND DEVELOPING RELATIONSHIPS WITH VARIOUS REGISTRIES. SYS KEY (INAUDIBLE) AND IT'S NOT FOR DATA MINING, IT'S TO BE ABLE TO PROTECT THEIR BRANDS. AND THAT'S A SERVICE.
THEY USED TO PAY FOR IT (INAUDIBLE) FOR EXAMPLE, SOMEWHERE YOU CAN GO AND GET IT, YOU PAY FOR RECORD. AND I THINK THAT WOULD BE SOMETHING THAT THEY WOULD HELP SHARE THE EXPENSE ON.
OBVIOUSLY SOME OF THE OTHER TASK FORCE ISSUES LIKE THE ACCURACY OF DATA IS KEY, BUT HAVING ACCESS TO IT, TO BE ABLE TO RESPOND TO IT AND FOR LAW ENFORCEMENT TO BE ABLE TO RESPOND TO IT QUICKLY AS PEOPLE WHO ARE INVENTIVE TO GET AROUND THESE ISSUES ARE VERY FLUID AND CHANGE QUICKLY AND NEED NOT GO THROUGH SOME ELABORATE LEGAL PROCESS TO GET THAT INFORMATION.
SO IN ANSWER TO SOME OF YOUR QUESTIONS, WE USE IT REGULARLY. WE OBTAIN IT THROUGH PORT 43 OR WHEREVER. YOU KNOW, AS WAS MENTIONED BEFORE, YOU HAVE MULTI-NATIONAL CORPORATIONS THAT HAVE HUNDREDS OR THOUSANDS OF BRANDS. THEY HAVE HUNDREDS OF DIVISIONS, THEY HAVE DISTRIBUTORS, THEY HAVE RESELLERS. AND TYPICALLY, THAT SORT OF PROCESS OF REGISTERING DOMAINS HAVE BEEN REGISTERED BY I.T, MARKETING AND LEGAL. SO IF YOU (INAUDIBLE) THAT PROCESS, THERE IS GOING TO BE A SITUATION WHERE THAT'S THE ONLY WAY YOU CAN FIND OUT WHAT YOUR ASSETS ARE. SO IT'S NOT EXACTLY LIKE KNOWING WHAT YOUR VEHICLES ARE IN YOUR GARAGE. IT'S THAT THERE ARE THOUSANDS OF NAMES THAT ARE EXPENSIVE TO REGISTER WITHOUT A UNIFYING PROCESS.
SO THERE ARE VERY LEGITIMATE REASONS FOR ACCESSING PORT 43, AND IF THERE'S A DIFFERENT WAY TO DO IT, I DON'T THINK ANYBODY CARES AS LONG AS (INAUDIBLE).
>>JEFF NEUMAN: OKAY. THANKS, KEN.
OKAY. ANYBODY ELSE? BRIAN, PLEASE.
>>BRIAN CUTE: BRIAN CUTE WITH NETWORK SOLUTIONS. A FEW MONTHS AGO NETWORK SOLUTIONS IMPOSED OR PLACED A GRAPHICAL CODE ON OUR PUBLIC WHOIS SITE, A NON-READABLE GRAPHIC CODE WHICH WE FELT WAS A RESPONSIBLE THING TO DO TO THE EXTENT THAT THE PUBLIC SITE WAS BEING SPIDERED OR MINED AND IT WOULD STOP THAT ACTIVITY. BUT WHILE WE DID THAT, IN ALL HONESTY, INTERNALLY WE WEREN'T LAUGHING BUT WE WERE THINKING THIS IS A GOOD AND RESPONSIBLE THING TO DO BUT THERE IS A WIDE-OPEN BACK DOOR CALLED PORT 43. SO WHILE THAT IS PROGRESS ON ONE FRONT, THERE IS STILL THIS WIDE-OPEN BACK DOOR THAT IS SUBJECT TO CONSISTENT DATA MINING AND ABUSE THAT IS BASICALLY UNCHECKED.
AND WE'VE BEEN INVOLVED IN THE POLICY PROCESS, AS YOU KNOW, IN WORKING WITH THIS TASK FORCE, BUT THE BOTTOM LINE IS AS A COMPANY, AND PAUL SPOKE TO THIS EARLIER, TOO, OFFERING PORT 43 ACCESS, WE DO A NUMBER OF THINGS. WE WILL WHITE LIST REGISTRARS FOR PURPOSES OF TRANSFERS, TRAFFIC FROM THEM, BETWEEN US TO EFFECTUATE TRANSFERS, WE WILL RATE LIMIT AND ESTABLISH A CEILING OF HITS ON A GIVEN DAY. AND IF THERE IS OBVIOUS DATA MINERS OR NEFARIOUS SITES, WE WILL BLACK LIST CERTAIN IP ADDRESSES. BUT THOMAS MADE A GOOD POINT EARLIER, EVEN IF YOU IMPOSE A RATE LIMIT, THE QUERIES COULD BE STREWN ACROSS RATE NUMBER BLOCKS. WE MONITOR THIS ON A DAILY BASIS. WE INVEST A SIGNIFICANT AMOUNT OF TIME, AND REGARDLESS OF ALL THESE TOOLS THAT WE PUT IN PLACE, WE STILL SEE DATA MINING REGULARLY. AND WE'RE GOING TO SPEAK TO THE DATA MINING ISSUE IN A LITTLE GREATER DETAIL PROBABLY TOMORROW.
BUT THE FACT OF THE MATTER IS IT'S CLEAR AS A BUSINESS THAT REGARDLESS OF ALL THESE TOOLS THAT WE PUT IN PLACE, THIS IS A PROBLEM THAT PERSISTS, AND WHEN YOU HAVE MACHINES QUERYING MACHINES, THERE'S JUST NO WAY TO DISCRIMINATE WHO IS A LEGITIMATE SOURCE OR WHO IS A LEGITIMATE IDENTITY.
SO IT'S BECOME CLEAR TO ME THAT REALLY THE SOLUTION HAS TO BE ALONG THE LINES THAT I THINK THOMAS AND PAUL SKETCHED OUT WHICH IS ON THE PUBLIC FACE YOU HAVE A MODIFIED OR MINIMAL DATA SET THAT, FRANKLY, IF IT WERE TO BE POUNDED OR MINED, WOULDN'T BE SO MUCH OF AN ISSUE FOR THE CONCERNS THAT FACE US TODAY. AND ULTIMATELY, IDENTIFY LEGITIMATE USERS. I KNOW THAT RAISES POLICY DIFFICULTIES, BUT I THINK AS A CONSTRUCT, I CAN'T SEE THIS PROCESS GOING IN MUCH OF ANY OTHER DIRECTION.
>>JEFF NEUMAN: THANKS, BRIAN.
WHOEVER WANTS TO -- COME ON UP.
>>GRETCHEN OLIVE: MY NAME IS GRETCHEN OLIVE. I'M FROM CORPORATE DOMAINS THAT OFFERS DOMAIN NAME AND VALUE-ADD IP SERVICES TO CORPORATE CLIENTS, PREDOMINANTLY IN THE U.S. AND THE ONE POINT I WANTED TO BRING UP IS THROUGH DISCUSSIONS I'VE HAD IN CONSTITUENCY MEETINGS OR JUST HAVING DINNER WITH A FEW FOLKS, THERE'S BEEN A LOT OF DISCUSSION OF THE SORT OF ONE-OFF QUERYING OF THE WHOIS INFORMATION. LET'S ASSUME THAT WE COME UP WITH SOME STRUCTURE THAT THERE'S A MINIMAL WHOIS AND THEN THERE'S A SORT OF FULL WHOIS FOR THOSE WHO HAVE LEGITIMATE PURPOSES. THERE'S BEEN A LOT OF TALK ABOUT SORT OF HAVING THIS ONE-OFF QUERY ABILITY, AND I WOULD LIKE TO BASICALLY SAY THAT THAT IS -- ALTHOUGH IT WOULD BE GREAT TO BE ABLE TO HAVE THE ACCESS TO THE FULL WHOIS RECORD, I STILL THINK IT'S INADEQUATE FOR IP HOLDERS, BECAUSE ONE OF THE THINGS THAT WE DO FOR IP HOLDERS IS WE GET -- WE SEARCH ON MULTIPLE FIELDS TO TRY TO DO THIS DOMAIN CONSOLIDATION, TO TRY TO FIND ABUSES TO BRAND, AND IF YOU'RE TRYING TO DO THESE QUERIES ON A ONE-OFF BASIS, IT'S NEXT TO IMPOSSIBLE TO FIND ALL THE ISSUES YOU'RE LOOKING FOR. WHEREAS, IF YOU GET A FULL SET OF DATA ON A MULTIPLE WHOIS RECORD, THEN YOU HAVE THE ABILITY TO SORT OF LOOK THROUGH, SAY THESE ARE ONES WE'RE NOT CONCERNED ABOUT, AND THESE ARE ONES THAT WE ARE CONCERNED ABOUT.
SO I'D JUST LIKE TO BRING THAT UP TO THE TASK FORCE AS THAT'S AN ISSUE. THE ONE-OFF ACCESS PROBABLY IS INADEQUATE FOR IP HOLDERS.
THE SECOND POINT I WANTED TO MAKE IS SOME SORT OF THE NOTION THAT CORPORATIONS WITH THE ASSETS KNOW WHAT THEY HAVE. PART OF -- CORPORATE DOMAINS IS OWNED BY A COMPANY CALLED CORPORATION (INAUDIBLE) SERVICES COMPANY WHICH IS A REGISTRATION FILING SERVICE FOR MUCH OF THE FORTUNE 500 IN THE U.S. AND I WILL TELL YOU MANY OF THEM DON'T EVEN KNOW WHAT THEIR FULL LEGAL NAME IS. SO IT REALLY IS A MISNOMER TO THINK THAT PEOPLE KNOW WHAT THEY HAVE, AND ESPECIALLY WITH TURNOVER IN THE CORPORATE MARKETPLACE AND PERSONNEL AND RESTRUCTURING, THEY OFTEN DO NOT KNOW WHAT THEY HAVE.
SO THAT IS DEFINITELY A VALUE ADDED SERVICE THAT SOME REGISTRARS CAN PROVIDE.
>>JEFF NEUMAN: OKAY; THANK YOU.
MARILYN.
>>MARILYN CADE: MY NAME IS MARILYN CADE, I'M A MEMBER OF THE BUSINESS CONSTITUENCY. I JUST WANT TO MAKE A POINT ABOUT THE TIMELINESS OF MAKING CHANGES, BECAUSE WE HAVE BEEN HEARING -- AS MANY OF YOU KNOW I CHAIRED THE PREVIOUS WHOIS TASK FORCE AND ONE OF THE THINGS WE HEARD THEN, AND I THINK WE MIGHT WANT TO THINK ABOUT THIS AS WE TAKE COMMENTS AND THEN THINK ABOUT THE POLICY DEVELOPMENT RECOMMENDATIONS, IS HOW ANY CHANGE -- WHAT CHANGE, IF ANY, WILL BE ASSIMILATED BY A BROAD COMMUNITY OF STAKEHOLDERS AND USERS. AND WHAT I WOULD JUST SAY TO YOU IS WHATEVER CHANGE IS MADE, GIVEN WHAT YOU'RE HEARING TODAY IS MANY PEOPLE DON'T KNOW THEY'RE USING PORT 43, THEY DON'T ACTUALLY NOT A LOT ABOUT THE SYSTEM, IT WOULD BE VERY IMPORTANT TO EDUCATE VERY, VERY EARLY.
IT ISN'T JUST CORPORATIONS WHO MIGHT BE ABLE TO RETAIN THIRD PARTIES, BUT VERY SMALL COMPANIES. AT&T HAS OVER 4 MILLION BUSINESS ENTERPRISES AS CUSTOMERS, MOST OF THEM VERY, VERY SMALL. OTHER SMALL ENTREPRENEURS. AND ASSIMILATING A CHANGE THAT AFFECTS THEM, THEY LOOK FOR NEW NAMES THEMSELVES, LOOK FOR TRADEMARKS.
SO I ASK YOU TAKE INTO ACCOUNT AS YOU DO POLICY DEVELOPMENT HOW YOUR PROCESS OR WHATEVER CHANGE, IF ANY, IS MADE IS BROADLY DISSEMINATED ACROSS THE BROAD BASE OF USERS.
>>JEFF NEUMAN: OKAY. THANK YOU, MARILYN. STEVE.
>>STEVEN METALITZ: YES, THANK YOU. STEVEN METALITZ FOR THE INTERNATIONAL INTELLECTUAL PROPERTY ALLIANCE, THE IP CONSTITUENCY.
FIRST I WANT TO COMPLIMENT JEFF ON THE SUMMARY HE GAVE AT THE OUTSET WHICH IS VERY GOOD BACKGROUND FOR ALL THE WORKSHOPS TODAY ABOUT HOW WE GOT TO WHERE WE ARE TODAY.
I ALSO WANT TO COMPLIMENT YOU ON HAVING YOUR SECOND QUESTIONNAIRE, THE REGISTRARS AND REGISTRIES, BECAUSE THAT SHOULD ELICIT A LOT OF INFORMATION THAT SHOULD SHED LIGHT ON THESE QUESTIONS.
I WANT TO MAKE TWO POINTS. ONE IS IF I WERE TO ANSWER THESE QUESTIONS BASED ON MY PERSONAL USE OF WHOIS I WOULD SAY I OBTAINED WHOIS INFORMATION THROUGH THE WEB. HOWEVER, AS I THINK SOMEONE HAS ALREADY MENTIONED, THE SITES I GO TO ON THE WEB DEPEND, I SUSPECT, ON WHOIS ACCESS THROUGH PORT 43.
SO IF THERE ARE CHANGES MADE THAT WOULD RESTRICT ACCESS THROUGH PORT 43, IT WOULD AFFECT ME AS WHAT I THINK OF AS A WEB-BASED USER EVEN THOUGH THERE HAVE BEEN NO CHANGES ON THAT SIDE.
AND THE SECOND POINT I WOULD LIKE TO MAKE, IT HAS BEEN MENTIONED HERE, IS THAT THERE REALLY ARE THREE MEANS OF ACCESS UNDER THE CURRENT SYSTEM TO WHOIS. ONE IS WEB-BASED, ONE IS PORT 43, AND THE OTHER IS BULK ACCESS. AND THE CHANGES THAT ARE MADE WITH REGARD TO PORT 43 ARE GOING TO HAVE AN IMPACT ON THE OTHER TWO. AND SPECIFICALLY YOU JUST HEARD SOME EXAMPLES OF SOME OF THE KINDS OF USES THAT PEOPLE MAKE OF A LARGE SET OF WHOIS DATA, BEING ABLE TO SEARCH ON MULTIPLE FIELDS.
THE ABILITY TO GET THAT LARGE SET DEPENDS EITHER ON PORT 43 AND ALL PROBLEMS THAT PEOPLE HAVE MENTIONED ON PORT 43 AND ALL THE DIFFICULTIES THAT IT'S CREATED, OR BULK ACCESS IS THE OTHER WAY OF GETTING THAT DATA.
AND ONE THING WE KNOW -- OR TWO THINGS WE KNOW. ONE IS THAT BULK ACCESS IS NOT WITHIN THE JURISDICTION OF THIS TASK FORCE TO LOOK AT, BUT THE OTHER THING WE KNOW IS THAT IN PRACTICE, THE BULK ACCESS SYSTEM IS BROKEN AND IT'S NOT A POLICY QUESTION, IT'S A QUESTION OF COMPLIANCE WITH THE POLICY THAT EXISTS.
THAT'S SOMETHING THAT WILL NEED TO BE ADDRESSED IN SOME FASHION, EVEN THOUGH IT ISN'T WITHIN THE SCOPE OF THIS TASK FORCE.
>>JEFF NEUMAN: THANKS, STEVE. THOMAS.
>>THOMAS ROESSLER: JUST A BRIEF FOLLOW-UP TO YOUR REMARKS ON THE EFFECT OF THE CHANGE TO PORT 43 COULD HAVE ON THE WEB-BASED SERVICES.
WE ARE TALKING OR HAVE BEEN TALKING HERE TODAY ABOUT SOME POLICY IDEAS THAT WOULD CERTAINLY REQUIRE DIFFERENT IMPLEMENTATIONS THAN WHAT WE HAVE TODAY. THE KIND OF WEB-BASED SERVICES AND AGGREGATES YOU ARE USING ARE A PRODUCT OF THE TECHNICAL ENVIRONMENT THAT IS THERE TODAY. THIS ALSO GOES TO MARILYN'S CONCERN ABOUT EDUCATING PEOPLE. THE KIND OF POLICY THAT HAS TO BE DESCRIBED TODAY AS A POSSIBLE WAY OF THINKING MAY ESSENTIALLY CREATE A COUPLE OF BUSINESS OPPORTUNITIES FOR PEOPLE WRITING SOFTWARE PROGRAMS THAT RUN ON YOUR COMPUTER AND TAKE CARE OF THE COMPLEXITIES FOR YOU.
IT DOESN'T HAVE TO BE ON THE WEB SITE. YOU CAN ALSO GET CLIENT SOFTWARE FOR YOUR COMPUTER THAT INTERACTS DIRECTLY WITH REGISTRIES AND REGISTRARS AND TAKES THE COMPLEXITY AWAY FROM YOU.
SAME THING OF COURSE WOULD BE POSSIBLE WITH THE KIND OF ACCESS MODES WE HAVE BEEN DISCUSSING HERE. SO I WOULDN'T SAY THAT THIS IS A BIG ISSUE THAT SHOULD GET INTO THE WAY OF THINKING ABOUT POLICY. IT CAN BE SOLVED. IT'S A BUSINESS OPPORTUNITY. AND YOU'RE TELLING US THERE IS A BIG MARKET FOR IT, SO I'M SURE THIS BUSINESS OPPORTUNITY WILL BE TAKEN BY SOMEONE.
>>JEFF NEUMAN: THANKS, THOMAS.
I THINK WE'RE GETTING TOWARDS THE END OF OUR PANEL, AND I KNOW WHOIS TASK FORCE 2 IS SET TO COME UP HERE IN A FEW MINUTES.
ONE THING I KIND OF WANTED TO CLOSE WITH IS ONE OF THE REASONS WE'RE HERE, AND I WANT TO THANK BRIAN CUTE FOR GIVING ME A COPY OF AN E-MAIL, BECAUSE I THINK IT KIND OF SUMMARIZES WHY WE'RE HERE AND WHAT WE'RE TRYING TO ADDRESS. AND IT'S AN E-MAIL FROM A COMPANY, AND IT STARTS OUT, IT SAYS HELLO. ARE YOU TARGETING CANADIAN CONSUMERS? DO YOU WANT THE CANADIANS TO BUY YOUR PRODUCT OR VISIT YOUR WEB SITE? OUR COMPANY HAS CAREFULLY COLLECTED AN E-MAIL DATABASE WHICH ALLOWS TO ADVERTISE YOUR PRODUCT OR SERVICE TO AN AUDIENCE OF 560,000 CANADIAN CITIZENS. WE ARE PROUD TO OFFER YOU THIS DATABASE.
ALL ADDRESSES ON THE DATABASE BELONGING TO CANADIAN CONSUMERS ARE VERIFIED. THE DATABASE WILL BE DELIVERED TO YOU IN A FORMAT OF YOUR CHOICE: EXCEL, ASCII, WHATEVER. IT IS PROVIDED IN.4 MEGABYTE FILE. THE DATA WAS COLLECTED FROM JANUARY 26, 2004 AND WILL BE UPDATED QUARTERLY. THE PRICE WE ARE ASKING FOR IS $355. TO PLACE AN ORDER, PLEASE FILL OUT THE FOLLOWING FORM, AND IT GIVES A LINK TO THE FORM.
AND IN FACT, THERE IS E-MAILS -- COPIES OF E-MAILS OF BRITISH CITIZENS AND IT GOES ON TO DIFFERENTIATE AN EDUCATIONAL COMMUNITY. AND THE ONE OTHER THING THAT WAS PROVIDED WAS SOME PROOF AS TO HOW THEY WERE GETTING THIS, AND IT WAS THROUGH PORT 43.
SO I JUST KIND OF WANTED TO END WITH THAT ANECDOTE, AND I WANT TO THANK EVERYONE FOR ATTENDING THIS TASK FORCE 1, AND I GUESS IF SOMEONE IS OUT THERE, TASK FORCE 2 IS SUPPOSED TO START 11:15; IS THAT CORRECT?
(APPLAUSE.)
>>JEFF NEUMAN: THANK YOU.