GNSO Working Session

 Saturday 27 October 2007

 >>AVRI DORIA:  Good morning.  Everybody sitting here?  We're quiet.  It's 9:10, 
which is a really good time to start a 9:00 meeting.

 This is an open GNSO Council GNSO meeting.  My name is Avri Doria.  I'm chairing.

 What I'd like to do when we start is have everyone go around and introduce themselves.  
I know that's sort of a little unfair because later people will come in and they'll have 
gotten in without having to introduce themselves, but it's still a useful thing, I think, to 
have done.

 First, I'm going to go through the agenda, though, and let people know what is in store 
for us today.

 We have a -- we're starting out this morning talking about the IDN ccTLD issue, 
specifically the GNSO response and a discussion about some of the ccNSO proposals that 
have come out lately, a discussion about our response in view of those, how we want to 
approach it.  So as I say, this is a meeting for discussion, so we won't be voting on 
anything today, but we'd certainly like to discuss all the details of everything.

 We have a coffee break.

 Then we'll go into talking about the rights protection mechanism.  There's been a 
working group working on that, and they'll sort of talk through the work they've done, 
and will talk about how everything proceeds with this.  This is work relating to the new 
gTLD discussion.

 There's a lunch break.

 In break, with some of our previous meetings, it's -- it's actually a lunch break where 
people go away and have lunch.  We're not having lunch brought in.  That didn't really 
quite work right.  People always had other things they wanted to do.  How do you have 
an open meeting and a closed lunch without being mean to people?

 And so it just -- it was just something that we just decided, "No, we'll have a lunch 
break," and a lunch break in the middle of a long day is not a bad thing.

 In the afternoon, we're going to start off with a lot of WHOIS discussions.  First, we're 
going to go through the WHOIS discussions about the constituency statements, 
community comments, getting comments, making sure we understand people's 
comments, going on from there.

 We have another coffee break.

 Then we have the second part of the WHOIS discussion, where we'll get a report on 
some of the studies that have been initiated, where they're at.

 And we'll have also have a report from Steve Crocker, who will be coming in to talk 
about the SSAC report on the WHOIS spam study.

 Then -- and this one was not in the previously released schedule, but we'll also have a 
discussion on inter-registrar transfer policy.  We've had an issues report.  We have a 
requirement for making a decision on a PDP on the table for that one too.  One of the 
three decisions we have on PDPs to make in this meeting or shortly thereafter, so we'll 
spend an hour talking about that.

 And by 7:00, we should be ready to break for the evening.

 We have nothing planned for this evening.  I'll just -- huh?  Well, thank you very much.

 On Sunday, just to go through our schedule while a few more people drift in, tomorrow 
morning we start -- we have a discussion on -- and all of our meetings are open, this time.  
We haven't planned any closed meetings.

 GNSO reform discussion.  The reform document came out, a draft of it came out from 
the working group.  The board governance working group, working group on GNSO 
reform.  I keep getting the name -- anyhow, Roberto Gaetano and some of the group 
members will be coming in to discuss the report, comments back and forth.

 Again, a coffee break.  I love coffee breaks.

 Then between 11:00 and 12:00, Doug Brent will be coming in to have a discussion on 
the strategic plan with the GNSO.

 We then go into a final prep for the meeting of the Monday workshop.  Now, that's not a 
closed meeting, but it really is a meeting about details of preparing for that six-hour 
workshop that will be held on Monday, so if people want to stick around and listen, okay.  
It's -- I'm not declaring a closed meeting, but it's really for the panelists and the council to 
make sure that we know what we're doing for the Monday afternoon.

 >>CHUCK GOMES:  And staff.

 >>AVRI DORIA:  And staff.  Sorry.  And staff, especially.

 Thank you, Chuck.

 Then I've left a spot open between 2:00 and 3:00.  We have another lunch break.  Again, 
a real lunch break.

 Then between 2:00 and 3:00, for any other business that sort of comes up, things that 
have been missed, it -- I don't know what's in that spot yet.

 Then we have some preparation for the GAC meeting, and coffee break.

 We go into the GNSO/GAC meeting, which is also open.

 Monday, just want to point out the thing that's relevant is that we've got a -- the 
workshop on the -- the GNSO workshop on new gTLDs which goes from 1:00 until 7:00.  
It's a six-hour workshop.  There will be two breaks during it.  One thing I was asked to 
announce for GNSO members, staff and board, there will be a board dinner Monday 
evening at 8:00 in plaza, and we'll basically be talking about what comes out of that 
workshop but it will also be open for people to talk about what people talk about.

 Tuesday is the constituency day.  I won't go into that.

 Wednesday we have our open council meeting.  We're trying that slightly differently, 
based upon comments and recommendations we got last time where we'll try to go 
topically, where we report on what's happening.  We have open discussion.  Then we go 
into council discussion and a vote, if it that's what we're doing.  And that was sort of a 
recommendation we got at the last open meeting.  I'm not sure how it will work.  I'm not 
sure anyone is sure how it will work.  We're going to try it and see if it works.

 And if it doesn't work this way, that doesn't necessarily mean we'll go back to the old 
way.  We may just look at how to tweak this so that it does work.  But anyhow, we'll be 
going through the IGO, DRP, domain tasting, WHOIS, IDN, and then the registrar 
transfer policy update should actually be more of taking a vote on it, if that's what we've 
decided to do.

 And then on Thursday, we have a meeting -- a discussion on input from the other 
meeting.  Sort of a wrap-up and going on.

 So that's a quick view of where we're going with the GNSO over the course of the week.

 I'd like people to introduce themselves.  I guess I'd start with Norbert down at that end 
and we'll go around the table.  Please introduce yourself, say whether you're GNSO 
Council, what constituency, where you're from, and then I also want to get the people 
sitting around the edge.  I don't know if we've got a microphone for around the edge.  I 
sort of asked for one, but if not, just walk up to the table and grab a free microphone and 
speak your piece.  And that will be the same thing for during the meeting, if someone 
wants to go.  Norbert?

 >>NORBERT KLEIN:  My name is Norbert Kline.  I am a GNSO Council member.  I 
am sent here from the noncommercial user constituency.  I work in Cambodia since 17 
years, and that's it.

 >>AVRI DORIA:  Thank you, Norbert.

 >>BILAL BEIRAM:  My name is Bilal Beiram, with the B.C. constituency.  I'm with 
the Talal Abu-Ghazaleh organization.  We're based in Amman, Jordyn.

 >>AVRI DORIA:  Thank you.

 >>CHUCK GOMES:  Please -- oops.  Is that on?  Please speak a little bit closer to the 
mic, so that you can be heard.  Now, do we have anybody on line?

 >>AVRI DORIA:  I'll ask at the end.

 >>CHUCK GOMES:  Okay.

 >>AVRI DORIA:  I don't know if we have anybody on line.  We'll ask.  Do we have 
anyone on line?

 >>GLEN de SAINT GERY:  Not yet.

 >>AVRI DORIA:  Not yet.

 >>CHUCK GOMES:  Okay.  But when they do, it's very hard for them to pick up 
conversations if people aren't speaking into the mic closely.

 >>MIKE RODENBAUGH:  Mike Rodenbaugh, councillor from the business 
constituency.

 >>JON BING:  Jon Bing.  I'm a noncom member of the GNSO.

 >>ALAN GREENBERG:  Alan Greenberg.  I'm the liaison to the GNSO from the 
ALAC.

 >>MARGIE MILAM:  Margie Milam with MarkMonitor, and I'm with the registrars 
constituency.

 >>MARILYN CADE:  My name is Marilyn Cade.  I'm a member of the business 
constituency.

 >>TONY HOLMES:  Tony Holmes from the ISPCP.

 >>BRUCE TONKIN:  Bruce Tonkin from Melbourne IT, which is a member of the 
registrars constituency, and I'm also a member of the ICANN board.

 >>OLOF NORDLING:  Olof Nordling.  ICANN staff.

 >>DAN HALLORAN:  Dan Halloran, ICANN staff.

 >>KARLA VALENTE:  Karla Valente, ICANN staff.

 >>CARY KARP:  Cary Karp.  I represent the -- I'm one of the representatives of the 
gTLD registry constituency on the council.

 >>AVRI DORIA:  I'm Avri Doria.  I am a NomCom appointee to the council, and its 
chair at the moment.

 >>CHUCK GOMES:  Chuck Gomes, from the gTLD registry constituency.

 >>DENISE MICHEL:  I'm Denise Michel.  I'm ICANN's vice president for policy.  

 I'd also like to take this opportunity to announce that Liz Gasster, who has been working 
temporarily with the GNSO, has joined ICANN's staff permanently.  She's our new senior 
policy councillor for the GNSO.  

 She'll introduce herself down here.

 [Applause]

 >>DENISE MICHEL:  And Liz -- I now have moved from Brussels back to California.  
I'm based in California, and Liz is based in D.C. currently, and the rest of the GNSO staff 
is in Europe.

 >>KRISTINA ROSETTE:  Kristina Rosette, IPC representative to the council.

 >>EDMON CHUNG:  Edmon Chung, gTLD registry constituency.

 >>CRAIG SCHWARTZ:  Craig Schwartz, ICANN staff.

 >>ROSS RADER:  Good morning, everyone.  I'm Ross Rader, registrar rep to the 
council from North America.

 >>JEFF NEUMAN:  I'm Jeff Neuman with NeuStar.  I'm on the -- I'm in the gTLD 
registries constituency.

 >>LIZ GASSTER:  And I'm Liz Gasster, new ICANN staff.  Thanks.

 >>WERNER STAUB:  I'm Werner Staub.  I work with the secretariat of CORE in 
Geneva.

 >>ELMAR KNIPP:  Elmar Knipp, also from CORE, observer.

 >>DIRK KRISCHENOWSKI:  Dirk Krischenowski, dot Berlin, also observer.

 >>AVRI DORIA:  Okay.  Yeah.  Now for the people around the edge, please.

 >>PAUL LECOULTIE:  Paul Lecoultie, CORENIC -- 

 >>AVRI DORIA:  Yeah, I asked for one, but -- 

 >>PAUL LECOULTIE:  -- and member of the registrar constituency.

 >>MARCUS FAURE:  Marcus Faure, surprise, also with CORE, executive committee.

 >>MATTHIEU CREDON:  Mattheiu Credon, dot bzh project, observer.

 >>STEVE DelBIANCO:  Steve DelBianco with the business constituency and 
Netchoice.

 >>LAURIE ANDERSON:  Laurie Anderson, GoDaddy.com.

 >>LISA VILLENEUVE:  Lisa Villeneuve.  I'm with Go Daddy.

 >>PAM BUNN:  Pam Bunn, GoDaddy.com.

 >>AVRI DORIA:  Thank you.  Yes.  Maria?

 >>MARIA FARRELL:  I'm Maria Farrell with the ICANN staff.

 >>MARILYN VERNON:  Marilyn Vernon, ICANN staff.

 >>SUE JONKLAAS:  Sue Jonklaas, ICANN staff.

 >> 

 >>LYNN GOODENDORF:  I'm Lynn Goodendorf with InterContinental Hotels Group 
and I participated recently in the WHOIS working group.

 >>SUSAN CRAWFORD:  I'm Susan Crawford.  Nominating committee.  Member of 
the ICANN board.

 >>CLAUDIO DiGANGI:  Claudio DiGangi with the International Trademark 
Association and the intellectual property constituency.

 >>HENRIK ERKKONEN:  I'm Henrik Erkkonen with Nictrade, a Swedish registrar.

 >>ARTUR LINDGREN:  Artur Lindgren, Nictrade, Swedish registrar.

 >>AVRI DORIA:  Okay.  Thank you.  And welcome, all.

 Okay.  Now, we'll go into the first item on the agenda, which was a discussion of the 
IDN ccTLD, our response.

 Chuck will basically lead this -- this discussion.  Did you want me to put --

 [Speaker is off microphone]

 >>CHUCK GOMES:  No, that's okay.  Now, let me let people know, first of all -- no, I 
didn't, but I'll handle it another way.

 There's a printed copy, not red-lined version like I have here, of the draft comments that 
we're going to go over in this session, so if you didn't pick one up at the table, the title of 
it is "GNSO Comments in Response to the ccNSO/GAC Issues Report on IDN Issues," 
and several months ago the council decided to form a small group that would develop 
some draft comments in response to the ccNSO/GAC issues paper on IDN TLDs.  As 
most of you recall, the ICANN board in its meeting in San Juan in June asked that quite a 
few different ICANN organizations submit comments by this meeting here, the annual 
meeting, and so that's what this is all about.  The GNSO providing comments to that 
issues paper from the GAC and the ccNSO.

 The members of that group were Tin Tan Wee from the NCUC, Bilal Beiram from the 
BC, Mark McFadden from the ISPs, Sophia Bekele as a NomCom rep, Yoav Keren -- is 
Yoav here?  I didn't think I saw him, so -- and he is from the registrars.  And we had 
excellent staff support from Olof Nordling.  Did I -- I don't think I left anybody out.  
Hopefully I got everybody on that.

 The -- just to lay the groundwork a little bit, there -- if you look at the document, there 
are four key references that are there that I'll call your attention to.  Obviously, the issues 
report from the ccNSO and the GAC.

 No. 2 is the board resolutions in regard to this topic.

 No. 3, the outcomes report of the GNSO IDN working group.  That's a very important 
one, because we make reference to that throughout the draft comments.

 And then also the GNSO reserved names working group final report, and again, we do 
make references several times to those comments, so we pulled from work that was 
already done in drafting these comments.

 Now, my plan of attack on this, if no one objects, will be to mainly focus on the 
executive summary, and then if there -- and we'll take one item at a time in the expect 
summary and see if there are any comments, questions, et cetera.

 If we need to go further into the document on any of those topics, we can do that.

 Now, the basic document is divided into two parts.

 Section A basically addresses the questions from the issues report related to whether or 
not there should be an interim approach to IDN ccTLDs, and to be very brief on that, I 
think most of you are aware of the fact that it has been proposed in the ccNSO that so as 
to get some IDN ccTLDs going more quickly while additional work is being done that 
possibly each which would that's interested could be given one IDN ccTLD in the nearer 
term.

 And later in the agenda this morning, we'll talk about a couple documents that Avri 
distributed in that regard.  The ccNSO hasn't made any final decisions on that.  They're 
working on that.  So Section A just talks about that, and we'll look at that briefly.

 Most of the document actually goes item by item through the issues raised by the ccNSO 
and the GAC, and provides draft comments -- and I say "draft" because the council has 
not approved these comments yet, and possibly that will happen this week.

 Now, let me go through the bullet points in the executive summary one at a time, and I'll 
open it up for questions or comments, including disagreement of any of the statements.  
The -- the working group developed everything in here as consensus, and things that we 
couldn't reach consensus on are not in here.

 And certainly I encourage those who are on this little working group to join in and 
clarify anything if I miscommunicate.

 No. 1, IDN TLDs, that includes ccTLDs and gTLDs.  And let me comment on that, just 
to be clear.

 This issues paper is really about IDN ccTLDs, but the statement that we included here, 
we believe, applies to both.  So IDN TLDs should be introduced as soon as practicable, 
after technical requirements and tests are successfully completed.

 Any discussion on that?

 [Speaker is off microphone]

 >>CHUCK GOMES:  Excuse me?

 [Speaker is off microphone].

 >>AVRI DORIA:  By the way, when you do want to make a comment, do make it to the 
microphone and do give your name again, even though we may remember, there's a 
recording, there's a transcription, so it will be important to get people's names again.  I 
probably won't keep giving my name because I'll keep talking a lot.

 >>CHUCK GOMES:  Thank you.  And is it fair to assume if there are no comments that 
there's general support for the idea that is communicated?  Anybody disagree with that?  
That's okay?  Yes.  Kristina?

 >>KRISTINA ROSETTE:  I just have a clarifying question.  Is that subject to the 
finalization and approval in whatever form of the new gTLD policy, or is that 
independent of it?

 >>CHUCK GOMES:  Well, this particular statement I don't think needs to be dependent 
on that.  Obviously, for gTLDs nothing would happen until the new gTLD policy is 
implemented, in particular with regard to IDNs.

 Now, it is possible that in the final rollout of the new gTLDs, that decisions could be 
made -- I'm not advocating this, but decisions could be made to delay IDN TLDs later 
than ASCII TLDs.  So I don't think there's necessarily any dependence here, but it is fair 
to assume that before it would ever happen in gTLDs, we would need that policy in place.

 That was -- that was a long answer to a short question.

 >>AVRI DORIA:  I don't know if this was in your question, but if the question 
contained, "Can there be IDN ccTLDs before there's a new gTLD policy," I would say 
they're not dependent on each other.

 >>KRISTINA ROSETTE:  Oh, no, no, no.  No, I understood.  I was trying to get 
clarification as to whether you could have new IDN gTLDs before there's a formal 
adoption and implementation of the new gTLD policy.

 >>CHUCK GOMES:  No.

 >>KRISTINA ROSETTE:  Okay.

 >>CHUCK GOMES:  That was a lot shorter answer that time, wasn't it?

 >>KRISTINA ROSETTE:  What?

 >>CHUCK GOMES:  My answer was a lot shorter that time.

 [Laughter]

 >>CHUCK GOMES:  Okay.  No. 2 -- yes.  Mike.

 >>MIKE RODENBAUGH:  Sorry.  It's Mike Rodenbaugh.  Just on the process issue, 
you started to go into asking whether, you know, silence, essentially, on any of these 
appointments means assent of the entire council and I -- 

 >>CHUCK GOMES:  And I'm not asking for a vote.  Thank you --

 >>MIKE RODENBAUGH:  No.  I understand that.  I just want to make sure that we do 
have a time to, you know, consult with councillors and constituencies before we come 
back to this and consider anything final.

 >>AVRI DORIA:  Right.  But I would recommend if there is any issue with wording 
and such and if it means that Chuck needs to pull up his version of it, because I've only 
got a PDF version of it up there, but if we get to any point where people say, "Well, that's 
close but..." this is a good time to discuss the issues in detail.  But, no, it is not a vote, and 
silence is not a positive vote.

 >>MIKE RODENBAUGH:  Okay.  Thanks.

 >>CHUCK GOMES:  Ultimately, I would expect that the council will take a vote on 
whether to submit these comments to the ccNSO, GAC, and the ICANN board, since the 
ICANN board requested them.  Okay?  Thanks for asking.  That's a good question.  Dirk?

 >>DIRK KRISCHENOWSKI:  Chuck, to be coming to the time line of the introduction, 
when do the GNSO Council expect just -- just a guess when the first ccTLD IDNs will be 
on line?

 >>CHUCK GOMES:  Well you want to talk?  Go ahead.

 >>AVRI DORIA:  I don't think we have a guess.  I -- I mean, they haven't made -- the 
ccNSO hasn't made their decision yet on any of this.  I think they're close, but as far as I 
can tell, no decisions have been made, and I certainly wouldn't want to have the GNSO 
making guesses about when they might do stuff.

 >>CHUCK GOMES:  Now, when we go -- just one second, Bruce.

 When we talk later about a couple documents that Avri distributed to the council 
regarding what the ccNSO is doing, in those documents -- which I'm sure we won't go 
through in detail, but you can see that they've mapped out a plan for dealing with the 
working group for the broad issues, what their -- which they're anticipating may go 
several years, and then the interim approach of possibly assigning one it would, you 
know.  So -- and I think, as I recall, one -- that's going to go for a ways before they 
actually would do anything.

 But I think we'll maybe answer that question better when we get to that.  It's not 
definitive there either, but they have mapped out a plan.  Bruce.  I'm sorry.

 >>BRUCE TONKIN:  Yeah.  I think I was just going to just comment more or less on 
what you've said.

 I mean, is it worth presenting what the ccNSO is looking at, maybe?  Because I don't 
think anyone would be aware of that.  That should have got a document for discussion at 
this meeting which sets out their time frame.

 But if I understand it correctly, basically they're proposing effectively a fast track and a 
slow track.  The slow track is going to be multiple years, and the fast track I think they're 
hoping to have a recommendation by the June meeting of ICANN for their process for 
what they call the "fast track" as to how to let some IDN ccTLDs be created.

 >>CHUCK GOMES:  Yeah.  And they haven't -- and correct me if I'm wrong on this, 
Bruce, but they haven't officially decided to do the interim approach yet.  That still has to 
be decided.  But they have got a plan that would be -- their target is by June of next year, 
if they decide to go that route, to have a plan in place.

 Now, when would they actually be implemented?  I don't think that means June.

 >>BRUCE TONKIN:  I mean that's six months after that.

 >>CHUCK GOMES:  Werner.

 >>WERNER STAUB:  We are, of course, all concerned in the context of the IDN 
ccTLDs that this might delay the process, and the fast track is certainly a good idea, but 
the fast track can become a slow track if it is abused or if it basically gives possibilities 
for people to jump on a bandwagon where they shouldn't be.

 This is why I think everybody should be, in the wording of anything related to a fast 
track, say that it must be based on manifest need, not basically just one for each ccTLD.  
Basically just because it's a French-speaking country, that they create something that 
happens to have an accent on some letter somewhere.  There is no need for that 
specifically.  Whereas there are other cases where there is urgency and there is manifest 
need, most people can understand immediately.  [Speaker off microphone]

 >>CHUCK GOMES:  Mic.

 >>BRUCE TONKIN:  My understanding also is that the ccNSO has formally asked the 
country code managers to actually state what they believe their need actually is, to try and 
understand that, because that's part of their input to that decision that Chuck is talking 
about, as to whether they will go ahead with a fast track.

 They're also consulting with the GAC on this, I believe, so it's a -- it's a -- this is kind of 
the very early stages, the beginning of the week, where this is going to be an ongoing 
topic and I think what Chuck is trying to do is, as part of their deliberations, provide an 
opportunity for the GNSO to provide some input as well.

 >>DENISE MICHEL:  And if I may just add a couple more process.  So the ccNSO and 
the GAC will be meeting at several points during this week to continue to advance there 
what they're calling the interim approach, and the intention here, and they'll be providing 
more in public information on this.  The intention here is to have a very tightly scoped 
round that would allow a very small number of IDN ccTLDs to move forward and to use 
what's learned from this very limited round to inform the more long-term policy 
development process that they're about to engage in to provide an overall policy for IDN 
ccTLDs.

 >>CHUCK GOMES:  Thank you, Denise.  Okay.  Moving on to No. 2.

 Neither the introduction of IDN gTLDs or IDN ccTLDs should be delayed because of 
readiness of one category, but if they are not introduced at the same time, steps should be 
taken to ensure neither category is disadvantaged because of a delayed implementation.

 Now, before I open it up to discussion on that, if you haven't already read the full draft 
comments, we talk in the comments about a recommendation from the GNSO IDN 
working group in this regard, and the extent of it was that the -- you know, if, for 
example, gTLD IDNs happened before ccTLD IDNs, it could be that a gTLD IDN might 
preempt one that could be used for ccTLDs.

 So it was the opinion of the small working group that probably we should work on that 
issue to make sure that if one category goes before the other, that we try to put procedures 
in place to minimize any conflicts in that regard.

 And so that's at least partially what is being stated here.

 Questions or comments?

 Okay.  No. 3:  If ccTLDs are not ready to offer IDN ccTLDs as early as the GNSO is 
ready to offer IDN gTLDs, procedures should be developed to avoid possible conflicts.  
And so you can see the relationship between those two recommendations.

 Any questions or comments on that?  Yes.  Olof.

 >>OLOF NORDLING:  It was Dan, my friend here.

 >>CHUCK GOMES:  Oh, it was Dan.

 >>DAN HALLORAN:  I guess it is on both two and three.  Hasn't the GNSO already put 
in procedures such as if somebody applied for a gTLD that matched the name of a 
country and the country -- and the government of that country didn't like that applicant 
giving that string, it could object?  And that would be a procedure that would minimize 
the conflict with someone giving out a string that might match the name of a country?

 >>CHUCK GOMES:  We have, or at least those are recommended.  Obviously, they 
haven't been approved by the board yet.  So there is the dispute procedure that's being 
proposed for new TLDs that would allow a community to challenge a gTLD that was 
proposed. 


 In addition, we're recommending that two-letter ASCII top-level names be reserved so 
that's another protection, okay?  Now, that doesn't really apply to IDNs except where they 
might be two letter, okay?

 And I suppose that might be possible, I don't know.  I haven't looked at the whole list.  
So there are some things, but the thinking of the IDN working group -- I don't know if 
there is anybody here from that working group that would like to comment on that.  You 
are welcome to, if you'd like -- would be that there may be other cases that aren't 
necessarily covered by those.  In fact, it might be better in some cases not to wait for the 
challenge process but maybe -- this is me speaking just off the top of my head right now.  
I am not necessarily advocating this, nor has anybody else said this.

 But maybe there might be some additional reserved names categories.  If the ccs, for 
example, have not decided how they're going to allocate the names or assign even in this 
interim approach or the long-term approach, there could be some categories like maybe 
even country names.  We did not reserve country names in there.  So does that make 
sense?

 >>DAN HALLORAN:  I guess, the only comment was just you make it sound like work 
was to be done in the future but, in fact, you have already done some work along these 
lines.

 >>CHUCK GOMES:  We have done some.  The thinking was there might be -- more 
work might be needed in that regard, okay?

 Okay.  Olof?

 >>OLOF NORDLING:  Just to expand on that in the reserved names working group, it 
was discussed at length what to do with two-character IDN strings.  While there was a 
conclusion that wouldn't be specifically reserved but there would be -- there was a 
provision -- decision would have to be taken on a case-by-case basis.  And I think that's 
very appropriate related to this particular issue.

 >>CHUCK GOMES:  You're talking about the second level?

 >>OLOF NORDLING:  No.

 >>CHUCK GOMES:  The case-by-case was the second level.

 >>OLOF NORDLING:  On the top level.

 >>CHUCK GOMES:  We did not reserve -- we did not recommend reserving two-
character names for IDNs like we did with the ASCII, that's correct.  It did need to be 
looked at on a case-by-case basis, yes.

 >>OLOF NORDLING:  I think this is such a case.

 >>CHUCK GOMES:  Yeah, that's right.  Good, thank you for adding that.

 Marilyn?

 >>MARILYN CADE:  I think you've covered my question, Chuck.  But it did have to do 
with the issue of countries represent their names in a variety of ways.  And how is that -- 
so that is being dealt with by -- the point being it is up to the country to object if they feel 
that the characterization, if I could use that word loosely, of the next ccTLD instantiation 
is in violation of some concept that the country has about how their name is represented.

 >>CHUCK GOMES:  You want to jump in?

 >>AVRI DORIA:  I think the objection is if a gTLD is applied for, that they believe is 
inappropriate or they object to because it is what they want for the ccTLD, then there is 
the objection procedure.

 I don't think the objection procedure has anything to do with the application for a 
ccTLD.

 >>MARILYN CADE:  But ccTLDs, of course, have different relationships to 
governments, right?  Some governments have direct oversight.  They have laws.  Other 
governments have a more collaborative approach to the relationship with the ccTLD 
manager.  So you could envision an environment where a ccTLD -- and that's the other 
clarification I wanted to raise.

 We're talking about the present ccTLD managers applying for a second characterization 
of a cc string as opposed to someone else in a country applying to have a competing 
ccTLD string in an IDN, right?

 >>BRUCE TONKIN:  I'm not sure about that.

 >>AVRI DORIA:  Need to use the mike.

 >>MARILYN CADE:  That was what I wanted to understand.  Because I think in that 
case I think you could see -- I think this is a question for the GAC, by the way.  I think 
you could see a political situation emerging.

 >>BRUCE TONKIN:  I think, Marilyn, my read of it is certainly the -- that's the 
perspective of the cc managers, that they are applying for another cc.  But I don't believe 
that's necessarily going to be the perspective from some of the GAC members.  So I don't 
think that's decided yet.

 >>MARILYN CADE:  Thank you.

 >>CHUCK GOMES:  Okay.  Going to number four, if any IDN ccTLDs are introduced 
that will function as de facto IDN gTLDs, then the technical, financial and operational 
requirement should be similar to those for an IDN gTLD to ensure that there is no unfair 
advantage.  

 Kristina?

 >>KRISTINA ROSETTE:  Can you just give us a couple of examples of what you have 
in mind?

 >>CHUCK GOMES:  In the working group -- obviously, I think everybody is aware that 
there are ccTLDs today that, basically, are operated like gTLDs, very open and so forth.

 If there are any IDN ccTLDs that are proposed within the ccNSO and those are going to 
function, basically, like gTLDs, then the recommendation is that those should have 
similar operational and technical requirements to gTLD IDNs.

 >>KRISTINA ROSETTE:  And will the determination of whether they will function that 
way be made based on what the applicant says or --

 >>CHUCK GOMES:  That's a good question.  That's a good question.  That would have 
to be work that would be done.  I suspect they didn't expect our comments to get that 
detailed.  A lot of these things would result -- to make them happen would need 
additional work, probably coordination work between the two SOs.  

 Edmon.  Okay, Mike was first.  Mike?

 >>MIKE RODENBAUGH:  I'm unclear, why are we not recommending that IDN 
ccTLDs need to be country codes, not -- or related to a country name?  At least put that 
sort of limitation on it rather than leaving it up for any country code to propose any new 
string.

 >>CHUCK GOMES:  I don't think this is about proposing a new string.  If they were, it 
would come under, I believe, the new gTLD process.

 >>MIKE RODENBAUGH:  It is very unclear.  I don't see any limitation or proposed 
limitation that a cc be limited to a country name.

 >>BRUCE TONKIN:  (inaudible). >>MIKE RODENBAUGH:  Point eight?  That's 
exactly my question was.  I didn't feel like four and eight were consistent.

 >>BRUCE TONKIN:  (inaudible).

 >>CHUCK GOMES:  Bruce, we need you to use the microphone.

 >>MIKE RODENBAUGH:  How is four even an issue if you have that limitation?

 >>CHUCK GOMES:  Well, let me give you an illustration.  Let's take the country code 
XY.  Nice safe one, right?

 >>MIKE RODENBAUGH:  Not from Yahoo's perspective.

 [ Laughter ]

 >>CHUCK GOMES:  I'm sure it's not.  Let's assume that's -- and there is some IDN 
version of that that the ccNSO decides on, but that little country, XY, decides not to 
operate that as a -- what we might call a more traditional ccTLD but to make it totally 
open, unrestricted in any way just like dot com, okay?

 What this recommendation is saying then -- not that they're proposing a string -- they're 
using the string that would be approved within the ccNSO for their TLD, for their 
ccTLD, okay?  But they're using it just like a gTLD.  That's what makes it a little 
different than ate.  But Bruce is right, eight has a nice connection there.

 >>MIKE RODENBAUGH:  Okay.

 >>EDMON CHUNG:  I'm curious how you would determine, like, the de facto.  You 
mentioned about it being open and unrestricted.  The way I sort of see it is that a lot of 
ccTLDs operate that way, anyway, even though it is sort of still a ccTLD.

 Wouldn't it be more appropriate to sort of mention something like taking on a secondary 
meaning?  The types where -- a situation where the TLD actually takes on a secondary 
meaning beyond the country itself.  That really becomes, you know, much closer to the 
issues or the kinds of things that we want to enforce as a gTLD.

 >>CHUCK GOMES:  I don't think that the working group really meant that in what 
we're saying, although I suppose that could be applied here.  It was more a usage of the 
ccTLD that we were talking about.  Part of your question, I think, is very close to what 
Kristina said in terms of how would that be determined.  And that's a very valid question 
and I don't know the answer to that.  That would require some work.

 >>KRISTINA ROSETTE:  Alan, were you next?

 >>EDMON CHUNG:  I think it is really important without that at all, I'm just saying de 
facto doesn't quite mean anything and I think it would be quite strange if you say -- if you 
only use the argument that it is open and unrestricted because really a lot of ccTLDs even 
functioning pretty much -- we would really call a ccTLD, still is operating as a relatively 
open and unrestricted ccTLD.

 You know, I'm not comfortable with that sort of recommendation if we're saying with 
the argument that this is an example of a de facto gTLD.

 >>CHUCK GOMES:  Obviously, one of the concerns of the working group in this -- and 
this didn't come from me.  This was actually proposed by other members of the working 
group and supported by the full group, though, is the whole competition issue.  
Obviously, gTLDs have contracts.  They have requirements.  They're much more 
controlled within the ICANN world than ccTLDs are.  And the concern here is that there 
be a level playing field, that the gTLDs not be disadvantaged because they have to sign 
ICANN agreements that are much more involved in terms of the requirements and so 
forth, that they would not be disadvantaged by competition from the ccTLD world, which 
I know you understand.

 Now, while we listen to Alan, why don't you think about maybe a way of rephrasing this 
that might be better if there is one, okay?

 Alan, sorry to keep you waiting.

 >>ALAN GREENBERG:  From the sense of the conversation, I think we're talking 
about examples where a TLD will be opened up for second-level domains where there is 
no real connection with the country.  That is, they are either in it to make money and they 
plan to sell domains at a real low cost and hope to sell a lot of them.  Or as a random 
example, the domain happens to look like some common short-term acronym like TV.

 I'm not sure we can ever come up with a definitive way of doing that, although the intent 
is honorable.  I'm not sure we can specify it tightly enough to say you cannot get into a 
domain if you do not have a specific and direction connection with that country.  I 
suspect we have many top-level domains right now where that's not the case and it is not 
clear where we can enforce it, especially since ICANN does not have agreements with 
many top-level domain ccTLD owners and will not have agreements with the IDN 
ccTLD operators either.

 >>CHUCK GOMES:  This isn't saying they couldn't get the ccTLD IDN, okay?  What 
it's saying is if they do and they are going to operate it that way, then they should have 
comparable requirements to gTLD IDNs.  That's what this is saying, okay?

 >>KRISTINA ROSETTE:  I mean, I think Alan and I are going in the same direction 
with this in that I think it is an important point but I think it is one we have to define and 
delineate pretty clearly because I think as a basis point we really are not going to have 
anything to go on except what the applicant claims it will use it for.

 We've already agreed in the gTLD context that there will be no revisiting how a gTLD 
is, in fact, used regardless of what the applicant has said in the first instance, so I don't 
think we can take a contrary view here.  

 So while I think the intent is a good one, I think we really do need to come up with a 
way to be very, very specific about what it is that we would consider to trigger those 
requirements.

 >>MIKE RODENBAUGH:  I just go back to why are we not specifically encouraging 
that that not be allowed as a practice.  I'm sorry, my pretty strong preference would be 
that we say that ccTLDs need to relate to the country name and other strings are gTLDs 
essentially.  And then I think we are never going to get away from your problem that 
China, for example, the Chinese government can some day decide to sell their TLD to a 
China plate manufacturer, I guess.  There is nothing we can do about that.

 >>CHUCK GOMES:  Mike, let's jump to number eight and we can cover that later 
because, I think, to deal with your issue, eight deals more, in my opinion, with what 
you're talking about than number four.  But let's do that.

 >>MIKE RODENBAUGH:  To me they are just not consistent.

 >>AVRI DORIA:  Werner, you had a comment.

 >>WERNER STAUB:  Yes, actually.  Essentially, whatever we can say to the ccNSO 
about how they should or how governments should treat their ccTLDs, it is just like a kid 
saying to the parent, you know, they should be treated equally.  You cannot decide.

 So it is just a statement.  I think there is no point of us getting any further with that, just 
to say it would be unfair.  What else can we say?

 >>AVRI DORIA:  Well, I guess, as the GNSO making recommendations to the board, 
we can certainly -- it's not just the kid saying, "We want you to be fair."  I think we can 
make recommendations to the board that some things be allowed and some things not as 
a new policy is being put in place.  So I think that if we come to a point that there is a 
strong support for saying, you know, it should not be allowed as the GNSO's 
recommendation, then we could certainly pass that on to the board and say that.  And 
how it gets worked out is another issue, but it certainly is a statement.

 This is not us making policy.  This is us going to the board and saying, "Listen, you 
asked us a question as to our viewpoint on these things.  This is our viewpoint."

 >>CHUCK GOMES:  Alan?

 >>AVRI DORIA:  Alan and then Ross.

 >>ALAN GREENBERG:  From a personal point, I strongly advocate that we somehow 
get ccTLDs -- IDN ccTLDs out there quickly.  I think the gTLD process is going to take 
a lot longer than we're estimating.

 On the other hand, we have to be aware of the pitfalls that are there.  If some country 
comes up with an IDN ccTLD which visually looks like a circle, the letter O, it will 
overlap with the potential making availability of the single-letter gTLD in the future.  

 Is that going to be a problem?  Should we stop it from happening because their national 
country script makes their country name looks like the single letter O or that's the 
abbreviation they use.

 There are all sorts of pitfalls.  All we can do is raise them and make sure someone knows 
about them.  I still think it is a good idea to go ahead with it.

 >>AVRI DORIA:  We had Ross and then Jon and then Dan.

 >>ROSS RADER:  Just quickly.  I don't know if the GNSO is in a position to be making 
recommendations on ccNSO policy.  However, I think we're in a position to express our 
opinions on that and, perhaps, the structure of the document could somehow be altered to 
separate the opinions from the recommendations.  I think the view of the gTLD 
community is on the subject is probably valuable for the board to take into consideration 
but we may want to tie in the document a little bit to take that into account more clearly.

 >>CHUCK GOMES:  It is tied up because one of the questions that they ask later -- I 
don't think this is one of the ones in the executive summary because it seemed like a 
pretty straightforward answer.  It is the answer you just gave.  They asked who should be 
making these policies.

 And the response in this document is the ccNSO should, they're the policy making body 
in consultation with their members and the GAC and so forth.  So that is addressed in the 
full document because they ask that question.

 >>AVRI DORIA:  Jon.

 >>JON BING:  Thank you.  Speaking out of the depths of my ignorance, there is 
probably a good reason why they are different, to take into account of the operational 
requirements between the ccTLDs and the general TLDs.  

 But if they (inaudible), then, of course, the problem will go away.  It seems to be the 
difference because there needs to be a reason and not harmonization.  Thank you.

 >>AVRI DORIA:  Dan.

 >>DAN HALLORAN:  Thanks, Avri.  When I read number four, it is not clear to me 
exactly what the GNSO means.  Let's say that it turns out that there are some IDN 
ccTLDs that have very limited technical financial and operational requirements from 
ICANN.  Is the GNSO then saying that IDN gTLDs should have that same low level of 
requirements?  Or are you saying --

 >>CHUCK GOMES:  That is not -- was not the intent of the group in this regard.  It was 
the other way around.

 >>DAN HALLORAN:  Number four is just saying there should be a level playing field.

 >>CHUCK GOMES:  The assumption was that our requirements are not going to be 
reduced.  But if ours aren't reduced and theirs are minimal, then it does not create a level 
playing field.

 >>DAN HALLORAN:  There is an assumption there that IDN gTLDs will have similar 
requirements to gTLD and you think that the ccTLDs should have the same kind of 
requirements, too.  Not that you want to lower --

 >>CHUCK GOMES:  If they are operating like a gTLD, that was the assumption of the 
group, yeah.

 Now, in response to the statement that Ross said -- I think Ross partially answers the 
concern, Kristina and Edmon, that you were raising.  It is not our place to make policy for 
the ccNSO.  Therefore, for us to try to work out how this would happen, we could 
certainly provide some input as they're developing policy and work with them on it.  

 But for us to actually tell them how it should be done probably doesn't work.

 The reason I wanted to go to number eight, let's read that one right now.  IDN ccTLD 
strings should be meaningful to the local community and should represent in scripts of 
the sovereign government's choice a meaningful representation of a territory's name in 
the selected script.

 The thinking here is the IDN ccTLD process should not be a means of getting a gTLD.  
So they should be related to the country, to the territory.  Shouldn't just be an open 
opportunity for -- to get a gTLD in with IDNs without going through the new gTLD 
process.

 >>MIKE RODENBAUGH:  I appreciate that.  I would definitely change "should" to 
"must" in eight.  I do like the limitation to territory's name.  What I'm concerned about in 
particular, I could envision languages, for example, Korea saying that they own the 
Korean language and won't allow anybody else to have a TLD in Korean script that 
relates to the word "Korean" instead of the country name "Korea" for example.

 >>CHUCK GOMES:  Norbert?

 >>NORBERT KLEIN:  The problem is that in some countries there are two different 
official versions of the country name, a short and long one.  Like in Cambodia, Cambodia 
is one official name and Kingdom of Cambodia is another, both accepted by the 
government.  And I don't know whether it would be possible to recommend to use the 
shorter form, if possible.  The same is true for North and South Korea, there is Hanguk 
and Minguk.

 >>CHUCK GOMES:  Don't you think that's going to be a decision for the ccNSO and 
the local government?

 >>NORBERT KLEIN:  Yes, I think so, but whether it would be possible to recommend 
to use the shorter one just for practical technical reasons.

 >>CHUCK GOMES:  Keep in mind -- I hope you all have read the full documents here.  
But most of the statements are in response to questions that the ccNSO asks.  So one of 
the problems of going through them in an executive summary like this, you don't see the 
context of the question.  So to the extent that a recommendation like that fits in response 
to one of the issues that they raised, I think that would be fine.

 What I would ask you to do, in looking at the whole document, is see if there is a place 
where that would fit.  In going through these numbered items here, you're not seeing 
where they fit relative to the issue that they ask questions on.  And so if it fit in one of 
these questions, I personally wouldn't have any problem with that.

 But take a look at that and see.  I am glad you brought that us, because you are seeing 
these points in isolation, not in the context of the questions that were asked by the ccNSO 
and the GAC.

 >>AVRI DORIA:  As you go down, you will often see the answer that you see there.  
This question should be answered by the ccNSO and the GAC and related governments 
that are currently involved in the...

 "This question should be answered," you will see that often.  That's what's not showing 
up in what's on the board at the moment.

 So I think there is no real recommendation in this.  It says long name, short name.  It is 
"significant to."  What's "significant to the" is their business.

 >>CHUCK GOMES:  One of the things I would sincerely request before our official 
meeting on Wednesday is that anyone who has not read the full comments draft do so 
because without that -- and we don't want to go through it all here.  That wouldn't work in 
a big group like this.  But it is very important that everybody read the full document.

 Now, back to Edmon, did you come up with anything on number four?

 >>EDMON CHUNG:  I just sent it to you actually.  I will read it.  It is still stuck in my 
out box.  I don't why I can't send things here.

 >>CHUCK GOMES:  Yeah, I didn't get it.  You want to read it?

 >>EDMON CHUNG:  Just a suggestion would be if any IDN ccTLDs are introduced 
that may be perceived to function as de facto IDN gTLDs such as a proposal of a name 
that may take on a secondary meaning which is generic in nature, then the technical, 
financial should -- whatever -- should be similar to following the sentence.

 >>CHUCK GOMES:  Any comments on that?  Olof, could I rely on you to -- you don't 
necessarily have to get it down.  He will send it via e-mail.  Make sure Olof gets that as 
our staff support person on this, that would be helpful.

 >>OLOF NORDLING:  May I just briefly comment upon that because that goes actually 
straight into the requirement in eight.

 >>EDMON CHUNG:  It doesn't quite.  It doesn't because it takes on a secondary 
meaning.  The case of, I guess, China is maybe sort of an example where TV is problem 
the best example.  TV does mean Tuvalu but it takes on a secondary meaning and general 
nature and that's really what we're most concerned -- I think, we're most concerned about.

 >>CHUCK GOMES:  So, in other words, an IDN TLD that meant television?

 >>EDMON CHUNG:  In that case, in that particular case --

 >>CHUCK GOMES:  Has a generic meaning.

 >>EDMON CHUNG:  That's just an example.  And I think taking on a secondary 
meaning is really the main -- at least from my point of view is the thing that we want to 
say, if such a case happens, perhaps, we need to take a different approach as to, you know 
--

 >>CHUCK GOMES:  The TV is not a good example in this case then because, I think, 
eight would cover that one.  If a TLD in an IDN language was television, it seems like 
eight covers that.

 >>EDMON CHUNG:  No, it doesn't.

 >>CHUCK GOMES:  Television related to a country or territory?

 >>EDMON CHUNG:  But it doesn't in a sense that TV does also  represent Tuvalu.

 >>CHUCK GOMES:  TV does but the IDN version that may be allocated to Tuvalu --

 >>EDMON CHUNG:  Happens to also mean TV, you're saying?

 >>CHUCK GOMES:  I understand the hypothetical, but it seems to be very hypothetical 
to me.  Am I wrong on that?

 >>EDMON CHUNG:  Let's take --

 >>KRISTINA ROSETTE:  Let's take TM.

 >>EDMON CHUNG:  If the word itself, if the phrase itself -- I mean, in IDN happens to 
take on a different meaning, just take something else, radio.  Let's say some country's 
name in its IDN form happens to be radio in -- I don't know -- Korean.  In those cases, we 
should take a different approach or at least suggest -- at least take a second look at it 
before, I guess, just allocating -- or suggest at least as an opinion.

 Let's say -- I don't know.  I am just making this up.  

 Let's say Philippines, the Korean version of Philippines happens to be "radio" in Korean.  
This would be an example.

 >>CHUCK GOMES:  Tell you what, I don't want to spend any more time on this 
because we have a lot more to cover, but see if you can come up with a real example 
instead of hypothetical examples.  I think that would really be helpful.

 >>EDMON CHUNG:  Okay.

 >>CHUCK GOMES:  Okay.  Now, that doesn't mean we can't consider some changes to 
the language that you're proposing but let's not spend any more time on this one right 
now.

 >>EDMON CHUNG:  Yeah.  And I can probably come up with one or two in Chinese.

 >>CHUCK GOMES:  That would be very helpful, okay?

 >>OLOF NORDLING:  Before we leave it, since I'm sort of in the drafting position 
here, I still want to make clear whether we're looking for sort of a -- avoiding unfair 
advantages and such, or whether we're actually adding a requirement on the string itself, 
because then we're into 8, and then, I mean, basically we would delete 4 and make an 
additional requirement on 8.  So I mean, I -- I want to make that clear, what we're doing 
here.

 >>EDMON CHUNG:  Well, at least it would be the intent is not that case.  I think the -- 
at least my intent is to raise a particular -- raise a particular item.  We mentioned de facto 
IDN gTLDs, but I think I wanted to probably go a little bit further, what we mean by that, 
and give one sort of example, and the example being that the name chosen happens to be 
a generic term.

 >>CHUCK GOMES:  Again, without belaboring that, I'm going to turn it over to Cary, 
but let's see if you can come up with some real examples, because the hypothetical, I 
don't think, helps us very much here.

 >>CARY KARP:  In this case, the real example isn't going to help us one little bit either.  
We are constantly tripping over issues that are sovereign decisions here and if there is a 
process that's invoked that results in a national government being permitted a new it 
would label which is one of its local representations of the country name, if that happens 
to be "radio" in some other language, what do we do?  Tell the government, "Sorry, you 
can't use your name?"

 >>EDMON CHUNG:  Again, I'm not suggesting that.  I'm not saying sorry.  But, you 
know, in those cases, shouldn't we take a second look at it or we should do nothing and 
just --

 >>CARY KARP:  The moment a decision is left to a national government, it's not our 
business anymore.  We can't then override that sovereign judgment.  So it makes 
absolutely no sense, splitting hairs about recommendations that are intended to address 
that kind of situation, because that kind of a situation is just beyond our ability to 
manage.

 >>EDMON CHUNG:  So you're pretty much suggesting taking 4 completely out then?

 >>CARY KARP:  There are several points in this thing that I would be content taking 
out, but I'm saving my comments on the ones that should be out for the ones that I want 
out, not the ones that you want out, but I agree --

 [Laughter]

 >>CARY KARP:  Yeah, there are more things here than need to be.

 >>EDMON CHUNG:  But what you just mentioned really should -- you know, what you 
just mentioned really, you know, should take No. 4 out, and also I think, you know, going 
back to Ross' suggestion, we really should separate some -- almost thoughts rather than 
some sort of recommendation, and this probably is one of those that should really not be -
- you know, at least not so high up and also not so --

 >>CHUCK GOMES:  So what you're suggesting is we shouldn't have an executive 
summary?

 >>EDMON CHUNG:  No, no, no.  Have the executive summary but probably out of all 
these points, separate into two chunks.  You know, one of which, the first three are, you 
know, harmless, somewhat, and, you know, then -- then the ones that we're really 
suggesting some -- some opinion, like this case where, you know, it may function as a de 
facto gTLD.  These type of things as I think what Cary mentioned is that this is 
completely out of our scope, sort of -- may be out of our scope once we say, you know, 
"Governments, please suggest," right?

 Once we say that, according to Cary, you know, it is out of our scope what they then 
decide.  We're saying that what they then decide, we're going to take another look at that.  
Is something that's, you know, probably a no-no in -- in a lot of cases.

 And those types of things perhaps we should, you know, separate in a different section -- 
not different section, but still in this executive summary, but at a different paragraph.

 >>CHUCK GOMES:  Keep in mind that the ccNSO and the GAC asked us for this 
input, so I don't think we're stepping on anybody's toes by giving it.

 So we have to be careful there that our input has been requested.  So I think it is -- there's 
nothing inappropriate about the input.  Now, whether or not some things may be put 
lower in the list or be organized differently, that's something we could -- we could do.

 Again, if you read the whole document, you will see over and over again comments 
made with the involvement of the local government.  I don't know how many times that 
was repeated in -- in answers to questions that they asked, so there's full respect for the 
sovereignty of the governments.

 Alan?

 >>ALAN GREENBERG:  A lot of the discussions we're having are ones that we should 
have had two decades or so ago, but we didn't.

 They're less relevant here, in that if some country comes up with a local script rendition 
of what they believe their name is, it might have spoofing implications if it looks like 
something else, but nobody is going to be able to type that in without the right keyboard 
and character -- and knowing the character set, so we can't have another dot tv, because 
almost it may look like some word that has applicable across the world, it's not likely to 
be usable other than in cases where you only click on it as in a spoofing type situation.  
So it's not really as widespread a problem as it -- as it was two decades ago when we 
came up with the -- with the current ID -- TLDs.

 >>CHUCK GOMES:  Thank you.  Let's go to No. 5.

 "If an interim solution whereby each ccTLD would be granted one IDN ccTLD in the 
near term to get the process started faster results in meeting the user needs sooner, we 
support it."  

 In other words, we're saying we support this interim approach if it -- because a general 
belief of the working group that developed this was:  Let's meet the user needs with 
regard to IDN TLDs, whether it be gTLD or ccTLDs, as soon as we can, because they've 
been screaming for it for a long time, it's a real need, and if the interim approach helps 
that happen a little bit faster, we support it.

 That's basically what this is saying.  Comments or questions?

 >>AVRI DORIA:  I see none.  I would suggest moving.  We've hit, what, I guess 6 
points out of 17 with about 15 minutes left to go on this session, so...

 >>CHUCK GOMES:  Okay.  You want me to move quickly.

 >>AVRI DORIA:  I want you to move.  No one asked any questions, so...

 >>CHUCK GOMES:  Okay.  No. 6 "the user experience is one of the fundamental 
motivations for deployment of IDNs and should therefore be a guiding principle in 
implementation decisions."

 You're going to have to respond quickly.  I'm going to move right on.

 No. 7:  "Any IDN ccTLDs added should be done for the sole purpose of benefiting the 
applicable local ccTLD language community or language communities, as applicable."  
Mike?

 >>MIKE RODENBAUGH:  Why local ccTLD community, I guess?  And I guess I see 
later where it might not be limited to local.  I'm just curious as to how -- why that?  I 
mean why would it not benefit the language community outside of that territory as well, I 
guess is the point, and how do you deal with that situation?

 >>CHUCK GOMES:  That's a good point.

 [Speaker is off microphone]

 >>CHUCK GOMES:  Which many do.  So you're suggesting maybe deleting the word 
local.  Anybody see a problem with that?  Jeff?

 >>JEFF NEUMAN:  Not a problem, but the ccTLDs use local Internet community all 
the time.  That's their words, so I don't see why this is a controversy.  I think it should just 
be left.  If you look at every one of the ccTLD documents, they say "local Internet 
community."

 >>CHUCK GOMES:  Okay.  Any other thoughts on that?

 All right.  No. 9:  "If there are multiple official scripts used in a territory, the best user 
experience would be to provide IDN TLDs in all of those scripts, where feasible."  Cary.

 >>CARY KARP:  Brief comment.  I don't think there's a government in the world that 
has official scripts.  They have official languages and the languages dictate the scripts.

 >>AVRI DORIA:  So it would be  "if there are multiple scripts used officially in a 
territory"?

 >>CARY KARP:  Yeah.

 >>AVRI DORIA:  So you're just moving the word "official."

 >>CHUCK GOMES:  Well, what I did is changed scripts to languages.  Should I not do 
that?  If there are multiple official languages used in a territory?

 >>AVRI DORIA:  No.  Trying to keep that definition straight between scripts and 
languages.

 >>CHUCK GOMES:  So tell me what you said again.

 >>AVRI DORIA:  Basically if there are multiple scripts used officially in a territory.

 >>CHUCK GOMES:  Oh.  Gotcha.  I wasn't quick enough.

 >>AVRI DORIA:  Sorry.

 >>CHUCK GOMES:  All right.

 >>AVRI DORIA:  Ross?

 >>ROSS RADER:  I really don't mean to devolve to this level of detail, but I'm always 
confused by the language that GNSO uses because it doesn't always map to the language 
that other communities use.  So when you say, Cary, that the -- you're not aware of any 
governments that have scripts, they have languages, typically those languages are 
represented by language codes, and governments are well aware of those language codes.  
Is that what you're referring to or not?

 >>CARY KARP:  No.  If -- if a discussion is entered into with a government about what 
it is that they officially -- I'm just -- it's on now.  Okay.

 A government will tell you what the official language is in which they do business are, 
and those languages are represented in scripts, no question about it.  But if you make 
reference to official scripts, the governmental reaction is, "What's an official script?"

 >>ROSS RADER:  So, you know, to use the Tuvalu example, again I'm certain -- well, 
it's a small government so they may not actually get to this level of detail but I'm certain 
that they must realize that their official language code is ISO639-2.

 >>CARY KARP:  We've left that realm.  We are talking about extensive designators for 
national identity.

 >>ROSS RADER:  Yeah.

 >>CARY KARP:  And there is no give tent to ISO3166 for these.  So governments are 
going to say, "We wish to have the following label associated with our -- our national 
domain."  And we know what our 3166 code was, but we're not talking about that 
anymore.

 >>ROSS RADER:  Yeah.  We'll -- let's grab it over coffee.

 >>AVRI DORIA:  Yeah.

 >>ROSS RADER:  Thanks.

 >>AVRI DORIA:  Yeah.

 >>DAN HALLORAN:  So just to caution that there's a huge difference between a script 
used officially and an official script and official language.  

 Just speaking locally in California and the United States, there is no official language, 
and I think if I want to go vote, I could vote in like probably a dozen different scripts.  I 
could ask for a ballot in Persian or Spanish or -- 

 >>CARY KARP:  Those are languages, not scripts. 

 >>DAN HALLORAN:  It's a script used officially.  

 Well, they're in those scripts, the ballots.  Those are scripts used -- the proposal is to 
move officially after --

 >>CARY KARP:  Yeah.  But you are asking for a ballot in a language, not in a script.  If 
you ask for a Persian ballot, it's going to be in Persian script.  If you ask for a Spanish 
ballot, it's going to be in Latin script.

 >>DAN HALLORAN:  Right.  Different points.  I agree with yours.  

 My point was that Persian script is used officially in California.  Persian is not an official 
language of the United States.  Neither is English.

 >>CHUCK GOMES:  Kristina?

 >>KRISTINA ROSETTE:  I just wanted to make sure that there isn't any risk that with 
No. 9, we're going under-inclusive.  To the extent that there would be a script that 
although not an officially used one is, in fact, one that would appeal to the local ccTLD 
community.

 >>CHUCK GOMES:  Okay.  Norbert?

 >>NORBERT KLEIN:  I assume that Tin Tan Wee was part of this drafting.  In spore, 
there is -- one of the languages is Chinese but there are two versions of the Chinese script 
at present, and, therefore, I think it is important to note what is in this wording.

 I think it was done very carefully.

 >>CHUCK GOMES:  Werner?

 >>WERNER STAUB:  I mean, we might just -- if there's a problem with the word 
"official" add a definition somewhere in the document and say official means whatever is 
accepted in court and by Parliament.

 >>CHUCK GOMES:  I have a question for everybody.  Forget about the technical 
wording for a moment.  Is there any disagreement with the intent of this 
recommendation?  The intent being that, you know, hey, if there's more than one 
language used in a place, we think it -- we'd go a little bit further than just supporting one 
of those languages.  The intent, again, was to support all users that could benefit from it.

 >>WERNER STAUB:  I think there is, but just one question:  There is precisely there a 
problem.  And you see there are countries, for instance, have been dominated, colonized 
by foreign powers for some time.  What is a colony of that foreign power still in the 
country, they're not recognized by those who basically took back, so to speak, the control 
of the country, but they would then finally -- find it extremely unpleasant if suddenly 
somebody said, "Now, the script of that foreign power should be used," you know, as an 
official script because it's been a minority in the country.

 So that's one of the political things that we get into.

 >>CHUCK GOMES:  Keep in mind we're not going to be making these decisions.  
We're providing some input in response to questions that they asked, and what we're 
suggesting is, hey, if you can do it in more than one script, supporting multiple 
languages, we think that's a good idea.

 Dan?

 >>DAN HALLORAN:  So just to -- it's the same point I just made that you have to be 
careful about scale because there are literally dozens of scripts used officially in 
California, probably hundreds in the United States.  And there's no official one.  So you 
have to be careful that it's -- is it good that the United States should get 200 new TLDs 
and all these local scripts because they're used officially?  Just it's a -- it's a practicality 
question.

 >>CHUCK GOMES:  Jon?

 >>JON BING:  Yes.  Just a minor point on this official script.  There is two ways, in this 
-- what the usually script or official language means.  One is the language in each state is 
required to make available its material, like statutes, legal decisions, regulations, et 
cetera.

 The other is the languages which are permitted to be used, for instance, before a court of 
law and so on, using translators.

 In the latter respect, there will be rather many official languages.  In the former respect, 
those which are required to be put out in the government's documents, there usually is 
very, very few indeed and they are usually flowing from the Constitution.  Thank you.

 >>CHUCK GOMES:  Thanks, Jon.  What I'd ask you to do, in between now and our 
meetings later in the week, when we may talk about this again, is think about whether this 
one should just be deleted or reworded, and if reworded, how should it be reworded.  And 
we won't try and do that here.

 No.  10:  "Confusingly similar strings should be avoided."  Mike?

 >>MIKE RODENBAUGH:  Again, I think the verb should be "must" and I think that we 
ought to be tying -- saying exactly what we mean.  Confusingly similar to what?  I think 
to be consistent with our new it would principles, it should say "confusingly similar to 
any existing it would."

 >>CHUCK GOMES:  Let me comment.  You've made that comment before.

 I'm not sure that it's our place to tell the ccNSO and the GAC what must happen.  We're 
not in a position of authority.

 Now, if we were writing a contract, yeah, I would agree.  But that -- I think that's why 
we used "should" instead of "must," because we're just providing input to them.  They're 
going to have to decide what "must" be.

 But I'm open to other thoughts on that.

 >>MIKE RODENBAUGH:  Okay.  Well, I understand what you're saying there.  We 
can't demand that they do anything.  But it's our recommendation that it must be is what I 
would put -- the way I would phrase it.  And of course 11 has "must" and I saw "must" in 
here a couple other places.  That's why I've been calling it out.

 >>CHUCK GOMES:  Okay.

 >>KRISTINA ROSETTE:  I think it may be an easy way to take care of what Mike's 
saying is to have some kind of acknowledgment that, you know, these are merely 
recommendations so accordingly, we have not used "must."  In which case where we 
have, we need to take it out.  And that instead, you know, our strongest -- most strongly 
worded recommendation is indicated with a "should."

 >>CHUCK GOMES:  Yeah.  The more I -- the more I see this, I -- the more I'm 
wondering whether the executive summary causes more problems than it does help.

 The idea was, a lot of people aren't going to read the whole document, so provide 
something easy, and what I'm discovering is that it's so easy to take these statements out 
of context of the question and issues that were raised that maybe one of the things we 
should consider is not having an executive summary.

 But we can -- we can talk about that.  All right.  Any other --

 >>CARY KARP:  Yeah.

 >>CHUCK GOMES:  Oh, I'm sorry.  Cary.

 >>CARY KARP:  I certainly think we should have an executive summary, and I had 
understood the present discussion to be one of seeing to it that that summary is as useful 
as it can possibly be, and streamlining verbiage is a normal part of the editorial process.  
So the notion of combining points here and eliminating points here is, I think, entirely 
consistent with what we're supposed to be doing right now.

 >>CHUCK GOMES:  Okay.  Thank you.

 >>AVRI DORIA:  Okay.  What I'd like to -- okay.  We've hit 10:30 now.  Now, we 
obviously have not made it through all this.  There's obviously language editing that 
needs to be done to this.  What I'd like to quickly do is go through the others and just 
have people raise the objections without going into discussions so that we get them all on 
the table, and then I'd like to perhaps during the coffee break find out who would like to 
work with Chuck and Olof in terms of, you know, a smallish group of people, and I have 
a really good idea of who they might be --

 [Laughter]

 >>AVRI DORIA:  -- that would like to work sort of, you know, off line on 
wordsmithing.

 So if we could go through quickly now and just find out which ones have issues so we're 
all aware of which ones have issues, and then get a wordsmithing group -- small 
wordsmithing group together to do work.

 Because we did have a working group do the -- the answers, but the -- the summary was 
-- was not a working group process, so...

 >>CHUCK GOMES:  Okay.  And we'll do that.  We'll get that -- get the volunteers at 
the end of the -- quickly going through this.

 >>AVRI DORIA:  Yeah.  Over the break, we'll do that.

 >>CHUCK GOMES:  So anybody else have concerns on 10?  Is it just the wording on 
that?

 Okay.

 11:  "Measures must be taken to limit confusion and collisions due to variants."  

 That was straight out of the IDN working group recommendation.

 No. 12:  "Consideration should be given to whether or not adding an IDN ccTLD 
increases the possibilities of (1), whoa, graphic spoofing (2) creating TLDs for little 
demand except for defensive registrations and (3) adding a risk of TLDs being used for 
political ends.

 >>AVRI DORIA:  Cary.

 >>CARY KARP:  I suggest deleting 3 there.  "Political ends" are value judgments.  
What one government regards as a laudable political end, another government might 
regard as repugnant.

 >>CHUCK GOMES:  Okay.  Edmon?

 >>EDMON CHUNG:  No. 2 also seems strange.  For, you know, maybe a small country, 
then what are we really saying?  You know, are we saying that a small country should not 
get an IDN ccTLD?

 >>CHUCK GOMES:  Okay.  All right.  Going to 13:  "Variable strength length would 
seem like the right approach for IDN ccTLDs."

 That's consistent with what we said in the reserved names working group.

 >>CARY KARP:  I think we can drop that one.  What alternative is there?

 >>CHUCK GOMES:  Well, I understand.  Cary, again, they asked the question.

 >>CARY KARP:  Okay.

 >>AVRI DORIA:  Right.  It was a question.

 >>CHUCK GOMES:  It was a question they asked.

 >>CARY KARP:  Okay.

 >>CHUCK GOMES:  And we're absolutely saying yeah -- and you're right.  They have 
to.

 >>CARY KARP:  Why don't we say that, then?

 >>AVRI DORIA:  That's what it says.

 >>CHUCK GOMES:  Good point, good point.

 I think that would be probably a pretty easy change, and you're right.

 >>CARY KARP:  It is the only approach.

 >>CHUCK GOMES:  We were maybe trying to be too tactful and --

 >>CARY KARP:  Yeah.

 >>CHUCK GOMES:  No. 14:  "A suitable process for consultation, including with 
relevant language communities, is needed when considering new IDN gTLD strings."

 No. 15:  "Where script mixing occurs or is necessary across multiple levels, registries 
must implement clear procedures to prevent spoofing and visual confusion for users."

 This, again, comes from the RN working group, or not the RN working group, the IDN 
working group.  Yes.

 >>EDMON CHUNG:  Sorry.  I was just a little bit too slow.  It's not working.  Anyway -
-

 >>KRISTINA ROSETTE:  Why don't you use this one?

 >>EDMON CHUNG:  The one before -- it's also not working.

 >>AVRI DORIA:  The whole side is not working.  Too many of us on?

 >>EDMON CHUNG:  There you go.  I don't understand why No. 14 is there.  It's only 
good gTLDs, it's not about ccTLDs at all.  Did I miss...

 >>CHUCK GOMES:  It should say it would strings, I think, not -- yeah.  Good catch.  
Yeah.

 No. 15 -- let's see.  We did 15.

 16 is:  "It would seem prudent and sensible for ICANN and a prospective TLD registry 
wishing to deploy their TLD in a given script used by another country to approach that 
country and/or the local language community in question to vet their intent, particularly 
from the point of view of viability and marketability."

 Notice that, again, here it does just use "TLD" and that was intentional.

 >>AVRI DORIA:  Cary?

 >>CARY KARP:  I suggest deleting this entirely.  This means that North Korea has to 
ask South Korea and vice versa.  It means Iran has to ask Iraq and vice versa.  These are 
politically absolutely unthinkable demands.

 >>CHUCK GOMES:  Okay.  Any -- No. 17:  "IDN ccTLD operators should be required 
to follow the ICANN IDN guidelines just like gTLD registries that offer IDNs."  Okay.  I 
guess we're looking for volunteers.

 >>AVRI DORIA:  Right.  Yeah.  And -- right.  Thanks for going through that, and 
thanks for the discussion.  I think we got rid of at least one, got rid of a couple sub-
bullets, and I'd like to now go into coffee break, but let the group of people, you know, 
get together with Chuck, to say a few people.  It shouldn't be too many.  If a bunch of you 
in the group all have the same point of view, well then pick one of you to sort of -- and 
it's a wordsmithing on this, on the expect summary, and not so much the responses, but if 
it does affect any of the responses, then make sure that the two correlate.

 And we're obviously going to have to talk about this some more again.

 >>CHUCK GOMES:  So see me before you head out on break.  Okay?

 >>AVRI DORIA:  Okay.  Thank you.

 [Break]

 >>AVRI DORIA:  Hello.  It is now 11:00 so we are going to try and start up again.  We 
seem to have a few fewer observers for this one than the last one.

 We are going to start talking about -- we have got now scheduled between 11:00 and 
12:30 to talk about the work that's being done on rights protection mechanism and, I 
guess, Kristina will start talking a bit about what the ad hoc group or working group has 
been doing in that regard.  This is in terms of creating -- I guess we called it an 
implementation agreement about possible rights protection mechanisms. 

 And then Mike is going to sort of take us through the work that is being done.  So, 
Kristina, it is yours.  Mike, you will want this, right?

 >>MIKE RODENBAUGH:  I don't think so.

 >>AVRI DORIA:  I thought you said you had slides.

 >>MIKE RODENBAUGH:  I can't find them.

 >>AVRI DORIA:  You can have it if you have slides.  I don't have slides.  I do have 
your documents that I can put up if that will help.

 >>KRISTINA ROSETTE:  All right.  While Mike is finding his slides, I will just 
actually give a little bit of lead-in as to where this group came from.  Its origins really 
were an outroot of the rights protection mechanism working group about which I made a 
presentation at our meeting in San Juan.

 The purpose of that working group was to really examine what had been done in 
previous gTLD launches with regard to preregistration rights protection mechanisms that 
were designed and intended to prevent and protect -- well, to prevent abusive 
registrations during those initial start-up phases to look at, perhaps, what best practices 
might be and whether or not to recommend best practices.

 Ultimately, there was no -- I think if you really broke it down, you would probably come 
up with a recommendation that there should be rights protection mechanisms you had 
support for.  There must be -- and you had kind of alternative views that there may be, 
and if you wanted to merge the two, you could come up with "should."

 Where we left it after that meeting is one thing that might of value to registrants or 
potential applicants for new gTLD would be to have a document that would lay out what 
had been done in the past in a very kind of narrative form and to just highlight some of 
the key issues that those applicants might want to consider if they were going to adopt an 
RPM and, if so, breaking it down even further what additional considerations they may 
want to take into account when deciding which of the various models that were out there.

 The idea was that this would be a document that would be made available to applicants 
along with the RFP, really as kind of an optional measure.  

 At the outset, we had hoped that we could also have a component that would really 
reflect the experience and the expertise of the registries that in the past had implemented 
these mechanisms.

 And the ad hoc group, I think, got started.  The ad hoc group on implementation of rights 
protection -- I don't even know what the exact title was.  I hope you do, Mike.

 We got working shortly after San Juan.  At this point, I will turn it over to Mike.

 >>MIKE RODENBAUGH:  Gee, thank you.  

 So I guess since San Juan, there's been five or so -- six, seven people in this ad hoc 
group, primarily from the IPC and then myself.  I think Mike Palage was also on it but 
hasn't appeared much.

 But anyway, we have had between one and three people calling up on our calls.  And it 
seems like we were tasked maybe with more than -- bit off more than we could chew, 
perhaps.

 I understood the mandate of the group was to draft detailed Rights Protection 
Mechanism proposals that could essentially be adopted wholesale by new TLD operators.  

 We were looking at specifically a standardized sunrise process because, of course, we've 
seen every new TLD a different sunrise process, which is quite confusing and difficult for 
businesses to deal with each time.  

 We're also looking at mechanisms to curb abusive registrations, things like anti-phishing 
suspension plan by registries.  Things like a rapid take-down proposal that was proposed 
by ICM.  These were the ideas.

 We realize there is a problem.  We want to give new TLD operators some guidance as to 
how to address the problem.  But the reality is it is a lot of work to come up with these 
detailed proposals.

 And few of us on the call, I think, maybe one by one and gradually came to the 
conclusion that we were likely banging our head against the wall to come up with 
detailed proposals that probably weren't going to be adopted anyway.

 So I think, at least I will speak personally, I felt it is like to engage the council and see if 
we really have buy-in for these sorts of ideas because, of course, they're addressed not 
just to problems in new TLDs but the existing problems that we have in -- not just in new 
TLDs but the existing problems we have in existing TLDs.  

 Cybersquatting is rampant.  I think the overall feeling of the ad hoc group was we should 
try to focus our efforts on getting something that's mandatory and that has buy-in from 
people rather than develop some pie-in-the-sky ideas that probably wouldn't going to go 
anywhere.

 I'm hopeful that today we can have a discussion about what potential next steps are and a 
discussion even on a concept.  Do people agree there is a cybersquatting problem out 
there?  I feel like I talk one by one to councillors and other folks and they look me in the 
eye and say, Yes, it is something we really ought to deal with but the fact is on a policy 
level we haven't taken really any steps to deal with it.

 So I don't know really where you want to take the conversation, Avri.  I would really 
love to get people's thoughts on is there a cybersquatting problem and should we do 
something about it.

 >>AVRI DORIA:  I guess your option of going through the work you've done to date is 
not something --

 >>MIKE RODENBAUGH:  Unfortunately, there is not a lot of work done to date.  
There is an anti-phishing registry suspension plan I can go through, some high-level 
details.

 >>AVRI DORIA:  I think it would be good to go through what you have got just to give 
people sort of a view into things.  

 I think it would be good to go through that since that's sort of the work item we have on 
the table.

 Then if, indeed, there is a proposal we need something more, then, yeah, we should talk 
about that after.  And then we have a bunch of -- Yes.

 >>ROSS RADER:  I think the most important question Mike had asked to this point is 
one of the scope and mandate of this working group.  That's unclear for me right now.  It 
might be helpful if we could actually tie this conversation back to the original chartering 
statements.  I didn't follow the work of this group in any way and I'm not quite sure 
where it got its start.

 It would be helpful as me as a councillor to understand that before we engage in the rest 
of the discussion.  Then, perhaps, we can take a look at these other documents in that 
light.  Is that a fair --

 >> JEFF NEUMAN:  I would also kind of object to going through the anti-phishing 
working group document.  I am actually a member of the anti-phishing working group 
but this document has not been run through the registries.  Some of the registries have 
made comments to it.  

 But to present it to the GNSO at this time as some official position or paper is just kind 
of -- Registries are meeting with the APWG this week to discuss it.  I think I to bring it 
up to the GNSO Council level would not be the most responsible move at this point.

 >>MIKE RODENBAUGH:  I have an outline of it.  I wasn't going to go into a great 
detail.  People have the document.  I haven't represented that it's agreed by anybody in 
any way.  But I think it might be useful to just kind of highlight what we were talking 
about with that plan because, at least in my mind, it can be adapted and morphed over 
time as something that can deal with the cybersquatting problem as well consider. 

 >>KRISTINA ROSETTE:  Can I actually just back up and answer Ross's specific 
question ?  Back in -- as I said, this was really kind of an offshoot of the fact that there 
was no, quote-unquote, agreement among the working group participants -- when I say 
"working group" I mean rights protection mechanism working group -- that would be a 
rights protection mechanism that would be made mandatory or the requirement of having 
one would be part of the RFP.  

 And as a result of that, there were a group of people who had been involved in the group 
that felt strongly that at a minimum this information should be made available.  The 
ultimate in terms of what was ultimately sent around to everybody in trying to get 
participation identified the objective as to produce a reference implementation document 
on a range of rights protection mechanisms which new gTLD applicants may consider in 
the application process.  It is really intended to come up with -- And the document you 
have got here is really a very rough draft, at least to the extent it talks about, quote-
unquote, sunrise, which was not the only rights protection mechanism that was under 
consideration.  Ultimately, the idea was there would be something comparable if you 
wanted to kind of take the IP claim process that had been created and implemented by 
Jeff and dot biz and kind of set that out in terms of this is what it was.  This is how it 
worked.  Based on how it was implemented, these are considerations that you might want 
to think about if you were going to do this in terms of this is what people got confused 
about and this is what we ended up changing, da-ta-da-ta-da-ta-da.

 I think, ultimately, you ended up with a couple -- it was really kind of the perfect storm 
of nobody -- I was not willing to leave the group after what I went through with the last 
group.  No one else really wanted to leave the group.  We didn't really have any staff 
support and you, basically, had a bunch of people who were truly, I think, came to the 
conclusion that why are we going to spend all this time banging our head against the 
wall.  We personally think it would be useful.  

 It is still up in the air as to whether the IPC is going to just take this on as its own project 
and make it available or whether it is going to be pursued by some of its other member 
organizations.

 But in terms of kind of answering your question about scope and what the intent was, the 
idea would be that ultimately you'd have a document like this that would go out to 
applicants with the RFP saying, Here are some reference implementation materials that 
you may want to consider when putting together your application.

 >>AVRI DORIA:  That was one of the decisions that the new gTLD committee came up 
with, is there will be nothing that's mandatory but if the people that think that something 
like this should be included, it will be included and they should go produce such a 
document.  So there was no real chartering.  It was people who think some things are 
important, yes, produce it and it will be included as a non-mandatory reference material.

 >>JEFF NEUMAN:  When did the anti-phishing creep in?

 >>AVRI DORIA:  I guess the group that was writing it decided -- This is something, 
therefore, something for us to discuss.  The group that was writing rights protection 
mechanisms decided that phishing was somehow relevant to rights protection 
mechanism.  I'm not commenting one way or the other because I haven't really thought 
about it all that seriously one way or another.  That's what they made -- the view that the 
procedures they wanted to offer included that as one of the possibilities and that's one of 
the reasons why we're talking about it.

 Yeah, Ross.

 >>ROSS RADER:  So then maybe if I could resummarize what I am hearing and feed it 
back to the group so that I can understand what you all understand.  I should be looking 
at these documents that we've been -- that have been tabled here as proposals coming 
from a sector of the community that they wish to have the larger community consider as 
possible matters of policy at some point?

 >>CHUCK GOMES:  I want to correct you on one thing.  Not policy but alternatives 
that new gTLD operators could consider using in their proposal for a new TLD.  Not 
required, not policy.

 >>AVRI DORIA:  I go one step further in the answer, if I am understanding things 
correctly, that what we asked for was certainly not policy but what Chuck said.  I get the 
impression that there are still people within that group that would like us to consider 
these things as policy and not just as voluntary possibilities.

 >>ROSS RADER:  So to play back one more time, we have a big thick document here 
that's saying to potential applicants, Here are some things you need to consider when you 
fill out your application and run your registries.  

 We have the smaller document from Mike describing a possible go-forward on new 
policy development?  I think I heard him specifically say that.

 >>MIKE RODENBAUGH:  I think what you're missing here -- maybe, I'm not sure.  
But when whole discussion, this working group and all came out of the new TLD 
process.  The group was very engaged in a whole bunch of different principles and issues 
around confusingly similar and morality and whole bunch of other things.

 I think there wasn't really the appetite to deal with rights protection mechanisms as a 
potential mandatory situation either from any group because from our perspective, the 
people who would push such a thing, it's not dealing with the problem.  The problem is 
now in existing TLDs.

 >>ROSS RADER:  I'm not looking to hear the merits of whether or not this is a good or 
bad plan.  I'm just trying to understand what we're looking at.

 You're proposing that we go through this presentation and read this document and 
understand it from the context of policy that we may want to implement in some way, 
shape or form in the future?

 >>MIKE RODENBAUGH:  I think that's true.  It is a start.

 >>ROSS RADER:  Okay.

 >>MIKE RODENBAUGH:  I have two slides overview of this document if it would be 
useful.

 >>ROSS RADER:  I just wanted to ground that because I wasn't quite sure.  Thank you.

 >>AVRI DORIA:  To make sure I'm still understanding, the other document, the thick 
document, is the first draft, albeit incomplete, of the document that would go along with 
the RFP as not something you need to consider but something that you might want to 
consider.

 >>SUSAN CRAWFORD:  Avri, can I ask a question?  The new gTLD process is very 
focused, appropriately, on predictability, the standardization, all of that so that applicants 
face a common interface when they are coming into the process.

 How does this implementation document square with that?  If it's not mandatory, what 
does that mean?  Will an applicant have to be concerned if they don't do it, they won't be 
selected?  Is that at all a concern?  No?

 Well, then what, I'm trying to see is how it squares with the standardization.

 >>CHUCK GOMES:  Thanks, Susan.  The thinking is -- I mean, there is lots of 
flexibility in the new TLD process as proposed for applicants to propose various 
approaches to lots of issues with new TLD that aren't necessarily requirements.  Nor 
would they be evaluation criteria.  So there is no intent at all to evaluate new TLD 
applications on which rights protection mechanisms they may use or whether they use 
them or not.  But by putting the -- some alternatives out there and then, of course, they 
can think of new ones, they are not restricted to those alternatives, it was just to give 
some ideas that they could consider as part of theirs.

 And the former chair of the new gTLD committee wants to speak.

 [ Laughter ]

 >>BRUCE TONKIN:  I don't really want to talk as the former chair.  I just really want to 
ask a question because I feel like Ross, I am trying to get my head around what the 
logical steps are.

 The previous rounds for new gTLDs have actually required an applicant to state in their 
application what mechanisms they're going to use to protect the rights of registrants 
typically during start-up.

 Then each of those proposals have proposed different approaches to doing that.  And the 
latest version that we're seeing now is from dot Asia which has got kind of the sum of all 
the other ones that have previously being proposed-type approach.

 So then what I'm asking, I suppose -- I think it is probably a little open.  I just reread the 
new gTLD recommendations today and there is nothing in the core recommendations 
that's requiring the applicant to state upfront what the mechanisms would be.

 Perhaps, this is a question for Dan.  The only area that you could consider that would be 
that there's a section there saying they need to be able to show their organizational 
capability, whether that would be one of the things you ask.  

 Dan, do you have a feel, what's the staff read in the RFP document for the registry 
operator to state whether they would have some mechanism to do that?

 >>DAN HALLORAN:  I guess I would like to go back and probably look through the 
documents and consult on that.  I think -- I'm not entirely clear if -- let's say the GNSO 
has 19 recommendations.  Is that meant to be the end all, be all of all the considerations?  
We do have prior -- I don't know what you call them -- policies.  Let's say go back to 
2000 where the GNSO or the GNSO said take into account protections of the rights of 
others.  Does that mean since it wasn't one of the 19 things that got picked up this time 
we should discard that and consider it operational?  I guess I'm not sure is the current 
answer.

 >>BRUCE TONKIN:  To respond to what you're saying, I think what the GNSO is 
saying, these are the consensus recommendations for things that we want to have.  But it's 
also not explicitly stating.  I guess, there are things that staff could choose to put into a 
document based on previous practice that we haven't explicitly disallowed.

 >>DAN HALLORAN:  Is one of the 19 recommendations -- sorry, Avri.

 >>AVRI DORIA:  Sorry.  I think at least the understanding I had was certainly we 
weren't grandfathering in all of the policy considerations of the last round.  And I think 
that -- and correct me if this is my misunderstanding.  This is while you were still 
chairing the committee, that we made an explicit decision to not recommend a specific 
requirement for rights protection mechanisms at the second level and that we did make a 
recommendation that an implementation agreement or an implementation -- what was it -
- guideline -- reference would be included of possible ones but that at that point when we 
were talking through the recommendations of the rights protection mechanism working 
group which hadn't been able to conclude that there should be, the committee had sort of 
followed that same line of thought and said there is no "should" to it but that they will be 
given this reference document with the RFP without a normative statement saying they 
ought to do it.  So it is voluntary.

 >>BRUCE TONKIN:  Basically, what you're saying is the committee and the council 
decided not to make any recommendation that there was a requirement to have a rights 
protection mechanism.  Is that correct?

 >>AVRI DORIA:  At the second level, yes.

 >>BRUCE TONKIN:  At the second level, yes.

 And then there was a view that there were -- from my memory at the time, the people 
that had been involved in producing that working group report had wanted to actually go 
and put something on the table to say here's what we think is a good implementation and 
then the idea was, okay, work on a reference implementation that could be included.

 The only thing I was clarifying, trying to understand from the staff, you're saying that's 
just a document that is then taken as read for how to build a registry-type document 
because there are IETF RFCs on how to set up geographic distribution of name servers, 
for example, so it would be read in the same light of that, it is like an informational 
document, presumably.  Is that a fair summary?

 I think I was just trying to understand what the context is.

 So then what role do you see the GNSO Council has with the reference implementation?  
Do you see the GNSO Council approves that as being a reference implementation or is it 
merely -- in other words, what status does that document have?  Is it a document that's 
got some imprimatur from the GNSO saying this is an implementation, in other words, it 
is like a sign-off ?  Or is it a document produced by some individuals or the intellectual 
property constituency.  I think that's partly of what Ross is saying.  At the end of the day, 
what status does that document have?

 >>AVRI DORIA:  I think comparing it to the RFC type of -- it is an informational 
document, I think, that the council needs to say, yes, that's acceptable.  It doesn't make it 
a policy but it has to find the document an acceptable reference, you know, 
implementation so it doesn't say things that the council in general is not comfortable with.

 For example, including a statement saying you must include one of these, for example, to 
jump quite roughly that if this reference implementation included a statement, you must 
pick one of these for your application to be considered, that would be a reason why the 
council would say, no, that's not an appropriate document.

 But I don't believe it is being -- at least it hasn't been recommended as a normative 
statement that says you must implement one of these.

 >>BRUCE TONKIN:  It is not a consensus policy.

 >>AVRI DORIA:  It is not a consensus policy.

 >>BRUCE TONKIN:  But it is --

 >>AVRI DORIA:  There is a consensus policy --

 >>BRUCE TONKIN:  Possible implementation.

 >>AVRI DORIA:  And the consensus policy does include attaching this to the RFP.

 >>BRUCE TONKIN:  Ross, what was the situation with transfers?  I am just trying to 
remember.  That's probably the other time when we did that.  In the transfers document, 
there was a reference implementation of the transfers policy.  So the transfers working 
group actually approved that as a possible implementation.  Is that how that was 
presented?

 >>ROSS RADER:  No.  Actually, the -- this is going back to things that I had written off 
as completed so my memory might be failing me.

 The reference implementation was tabled initially as a discussion point for the working 
group to use to drive discussion of the policy.  It was made very, very clear that, at least 
at that point, that the role of the council and the working group was not to in any way 
deal with the implementation details.  That was a matter for the contracted parties to sort 
out for themselves based on the policy and their best legal advice, best corporate advice, 
et cetera.

 We did include the evolved form of that original reference implementation as an 
appendix to the policy recommendations.  But it went no further than that.  It went no 
further than that.  In other words, the final report of the working group presented to 
council and ultimately the board did include those supporting materials, but it was not 
circulated in any way beyond that.  For instance, it didn't go out to the registrar 
community as a suggestion of possible activity associated with implementing those 
policies.

 >>BRUCE TONKIN:  So it became part of the working group report, right?

 >>ROSS RADER:  Correct.

 >>BRUCE TONKIN:  Yes.  Just trying to understand what status you would end up 
giving the document and, therefore, what process you would want to use to give it that 
status.

 You are saying it is a GNSO Council reference implementation or is it a particular 
working group implementation?

 >>AVRI DORIA:  I believe that it would end up at the end of the day a GNSO Council 
reference implementation, assuming it is acceptable to the GNSO Council.

 >>BRUCE TONKIN:  (inaudible).

 >>CHUCK GOMES:  Right.  I think that is necessary for it to be attached to the RFP.

 >>BRUCE TONKIN:  I would think so, too.

 >>CHUCK GOMES:  Even though it is just some ideas for it to be attached to the RFP, I 
think the council would need to act on it.

 >>BRUCE TONKIN:  Yeah.

 >>ROSS RADER:  What's the timeline around completing this document?  I don't know 
who I am directing that question to.

 >>AVRI DORIA:  It would have to be -- since it is to be attached --

 >>ROSS RADER:  You don't have to answer it.

 >>AVRI DORIA:  Do you have an answer?  

 >>ROSS RADER:  I am looking at the chair for parliamentary reasons.

 >>AVRI DORIA:  The answer that has been sort of out at the moment is it has to be able 
to come out with the RFP and one would have to backtrack off the schedule of the RFP to 
give the council enough time to approve it.

 >>CHUCK GOMES:  As you'll see on Monday when Kurt presents -- maybe you have 
already seen it if you have looked at the workshop slides for Monday that have been 
distributed to the council -- that the timeline -- estimated timeline that staff has put 
forward -- Craig, jump in if you need to -- it probably would be needed in the what?  
Early springtime, beginning of third quarter, something like that?  Excuse me, beginning 
of second quarter, to play it safe to be attached to the RFP; is that right?  That all could 
change so don't hold the dates firm?

 >>CRAIG SCHWARTZ:  That sounds about right.

 >>CHUCK GOMES:  Now, keep in mind we need to back off of that any action that the 
council would need to take to say, yeah, we're supportive of attaching that.  I think the 
council has is already kind of supportive of that attaching that, depending on the language 
Avri was talking about.

 >>AVRI DORIA:  I think the council is supportive of attaching such a document. 
Obviously, the "such a document" needs to be seen and talked about.

 >>JEFF NEUMAN:  So I'm going to be a little bit of a hypocrite here because I was 
initially on this group but just through time constraints and others, there is only so many 
groups that you could participate in.  

 But I think at this point, the document is really just a intellectual property constituency.  
Four people that wrote this document, not to down play their work. 

 >>MIKE RODENBAUGH:  That's true.  The document has been reviewed by a whole 
bunch of anti-phishing vendors.  You had input from a whole bunch of different vendors, 
not just from the IP side.

 >>CHUCK GOMES:  I want to clarify something.

 >>MIKE RODENBAUGH:  It had review and input from Edmon on the registry side 
quite a bit.

 >>JEFF NEUMAN:  I'm sorry, I am talking about the big document.

 >>MIKE RODENBAUGH:  This document is a skeleton.  It is a shell.  It has hardly any 
content.

 >>CHUCK GOMES:  Thank you.  That's what I wanted to clarify because what I heard 
you say, is you really didn't do what you were originally going to do.

 >>MIKE RODENBAUGH:  Right.

 >>CHUCK GOMES:  Is that correct.  Of setting out some different ideas that could be 
done, that you stopped?

 >>KRISTINA ROSETTE:  We started to.  I mean, there is some material in here.  The 
primary focus at this point, at least the section that's most developed, is about sunrise.  
And as to it being, you know, an IP group, you know, anybody who wants to join it is 
welcome to.  And I don't think you can criticize --

 >>JEFF NEUMAN:  Let me finish my statement.  I'm sorry.  My ultimate point was if 
this is intended to go to the RFP, I would, basically, encourage the council to encourage 
more people to participate in this group because at this point I wouldn't even go so far to 
make the statement that this should be included with the RFP.  I'm a little hypocritical 
because I was on that group but haven't found the time to participate but I will.

 >>CHUCK GOMES:  But what I'm hearing is that that document -- they're not even I'm 
telling you claiming that that document is ready to be a reference implementation.  They 
didn't go as far as --

 >>JEFF NEUMAN:  Right, but that's what the discussion has been.  That's why I'm 
making the point because the discussion from you guys and from Bruce and from others 
is that the understanding was this document would be attached to the RFP.

 >>AVRI DORIA:  Not this document.

 >>CHUCK GOMES:  Yeah.

 >>AVRI DORIA:  A document that that is the first draft of.

 Now, I need to perhaps put this in, so that -- that it is me that specifically asked the group 
to take what they had and put it out so that we would have a base level with which to look 
and see where we were at, and they were really quite emphatic about, "It needs more 
work" and so I think the conclusion that you bring up that, "Hey, this needs more work" 
is really quite good.

 >>JEFF NEUMAN:  I'm not -- right.

 >>AVRI DORIA:  Ross?

 >>ROSS RADER:  Mike's just itching to get his slides out so I'll ask my last question on 
this point.

 Is there any -- will this ever be a real reference implementation, in the truest sense of 
those words, or is this really a -- and was it intended to be a guide or a primer to the legal 
considerations related to implementing the GNSO's policies?

 [Speaker is off microphone]

 >>CHUCK GOMES:  I don't think I understand your question.

 >>ROSS RADER:  In other words, the question is:  Will the scope of this document -- 
will the contents of this document move outside of legal considerations related to policy 
or --

 >>KRISTINA ROSETTE:  I'm not sure exactly what you're asking.

 >>ROSS RADER:  This document, as I read it, was written by lawyers for lawyers, and 
-- you know, let me think about the question, reformulating the question.  So it may not 
be my last question.

 [Laughter]

 >>AVRI DORIA:  Questions with in the truest sense of the word in them always 
concern me.

 >>KRISTINA ROSETTE:  Just to clarify, I mean, the goal of the document is to be 
extremely narrative in the sense of, "This is what's been done in the past, this is how, 
generally speaking, it has been implemented.  If you want to implement something like 
this, based on the experience of the registries that have done it, these are some things you 
may wish to consider."

 Kind of very not -- not at all, you know, prescriptive.  You know, in other words, "You 
must have an RPM and it must have and it must look like this."  That's not the intention at 
all.  

 And frankly, as a practical matter, you know, the document really in a lot of ways isn't 
worth doing unless there's participation from the registrars and registries.  You know, 
because they're the ones who implemented it.  The last go-round.  They're the last ones 
who are in the best -- I mean, I can tell you from a trademark lawyer perspective what the 
problems -- or what problems my clients had with previous RPMs, but, you know, that's 
kind of the tip of the iceberg with regard to implementation, and I think everybody in the 
group recognizes that.  

 So, you know, as far as I'm concerned, I would love to see, you know, ten registrar and 
registry representatives on the group.

 >>AVRI DORIA:  I had Craig and Dan or did I have Dan and Craig?

 >>CRAIG SCHWARTZ:  Let Dan go first.

 >>AVRI DORIA:  Okay.

 >>DAN HALLORAN:  I just wanted to support Ross' comment that this is written only 
so that lawyers could understand it, and I want to draw your attention to Page 8, 
consideration 5.1, which reads "blah, blah, blah, blah."

 [Laughter]

 >>ROSS RADER:  Which means?

 >>AVRI DORIA:  Craig, aren't you're glad you deferred to Dan?

 >>CRAIG SCHWARTZ:  Yes.

 [Laughter]

 >>AVRI DORIA:  Did you have something to add, Craig?

 >>CRAIG SCHWARTZ:  Yeah.  I guess that I did, and that is, I -- this is the -- this 
conversation is the first time that I'm hearing about attaching anything to the RFP in 
terms of these RPMs, and Avri is looking at me very cross-eyed right now.

 You know, the recommendations are the recommendations and the guidelines are the 
guidelines, and staff is working on the implementation plan now.  But I -- I didn't -- I 
don't recall hearing that there would be this type of document attached to the RFP, but 
just a means as a -- to serve as a reference guide on what options would be available to 
applicants who -- to applicants in the round.

 >>AVRI DORIA:  Okay.  I guess, yes, I must admit surprise at this being the first time 
you've heard of it.  I know that I've spoken of it several times in meetings I thought that 
you were at but I apologize for not mentioning it.

 However, it certainly has been discussed as that, since well into the committee, and it's 
something that I know that I've kept bringing up every time that the RFP has come out, 
that this would be something that was sent out with it.

 Now, whether "sent out with it" is the same as "attached to," I don't know.  You know.

 >>CRAIG SCHWARTZ:  That sounds --

 >>AVRI DORIA:  Right.

 >>DENISE MICHEL:  Yeah.  And to clarify, it's not that the implementation team 
wasn't aware of this effort, but as you can appreciate, the board will officially approve the 
report and direct staff to implement the report and the -- so all of the implementation 
directions flow from that, and so, you know, implementation -- the implementation staff 
obviously is not, at this point, taking action on evolving discussions about whether this is 
a resource document, whether it might be attached to the RFP.  It's on -- you know, it's an 
ongoing discussion within the council.  So I think when the council finishes and comes to 
a conclusion on what this document is, and how it would recommend it be used, at that 
point it's appropriate for the implementation staff to look at what their role is.  Right?

 >>JEFF NEUMAN:  Yes.  Just to jump on, I guess, what Craig said, I guess being a non-
council member, it's certainly not what anybody outside the council that I've talked to 
understood as being attached to the RFP, so maybe that's just a communication issue or, 
you know, maybe there's been discussions within the council.  But the community as a 
whole, from the people that I've talked to both in my constituency and others, did not 
understand that to be the case.  So that's, again, just a -- maybe a communication issue.

 >>CHUCK GOMES:  Yeah.  And I think you're right.  There's some communication 
issues here.  But part of it is because there was work that was being done, we were 
waiting to see what came out of that.  And I think some of us hoped that maybe we'd 
have something by now, before even the board acted.

 But that's okay.  I mean, it still could be done.  We certainly could have communicated it 
better.  But -- but Avri's right.  I mean, this -- the whole intent after the one working 
group on rights protections did not come up with a requirement -- a recommendation for 
a requirement, couldn't reach consensus on that, that the -- how we responded to that was 
the idea, "Well, what about a reference implementation that could go along with the 
RFP?"

 That clearly did happen.

 Now, we haven't made any final decision to do that.  I think Denise comment is well-
taken, that if we get to a point where we can do that, we would take action, but it's 
probably because it's kind of in flux while some people work on it.

 >>JEFF NEUMAN:  But to give some background, there -- there was a reason why the 
group -- and I was in that group -- came to the conclusion that there should be no 
recommended approach.  So to create one kind of almost -- I don't want to say "ignores" 
because not the right word.  It's just not taking into context why the group came to that 
decision.

 >>CHUCK GOMES:  I don't think they're related.

 >>JEFF NEUMAN:  So -- but again, I was one of the people, by the way, that did 
support the creation of this reference document.  I just wanted to bring it back into 
context.

 >>CHUCK GOMES:  Okay.

 >>AVRI DORIA:  Ross.

 >>ROSS RADER:  I figured out how to ask my question, I think.

 [Laughter]

 >>ROSS RADER:  Is it the -- will this document always be limited to dealing with the 
implementation of rights protection mechanisms or is it intended to be a broader 
reference implementation?

 >>AVRI DORIA:  I -- okay.  Those that are writing it perhaps should define, but I 
thought it was the first.

 >>KRISTINA ROSETTE:  Yeah, it's intended to be very narrow.

 >>ROSS RADER:  Thank you.

 >>AVRI DORIA:  Okay.  So I guess the question is -- okay.  Wait.

 [Speaker is off microphone]

 >>MIKE RODENBAUGH:  I guess -- I mean, it's intended to be very narrow in that it 
only is addressing rights protection mechanisms, but the potential range of rights 
protection mechanisms is actually broad.  

 Okay.  Thank you.  

 And I guess I would kind of commenting to kind of keep the flow of the conversation 
going.  I mean, I feel like this document is not to get ready by the springtime.  I don't 
think there's enough people interested in making it ready for the springtime for new 
TLDs.  I think we need to refocus and try to come up with solutions that address existing 
TLDs and new TLDs equally.

 >>AVRI DORIA:  So I guess I -- I don't know where hands are basically here.  Two 
things in that proposal is:  One, that Craig is right and there really is no document to go 
along with the RFP; and two, you're coming close to suggesting that we would start a 
PDP process on rights protection mechanisms?  I mean to put it in those terms, is that 
what your -- and that that would apply to all gTLDs, both new and old?

 >>MIKE RODENBAUGH:  That's correct.

 >>KRISTINA ROSETTE:  Well, hold on.  I mean, you know, I just -- I don't -- I don't 
think that we necessarily agree.  I mean, I think if this -- if we can get -- if there can 
participation from the people on the front line of implementation, then I think it's a 
valuable document.  But, you know, in all likelihood, if it's just a bunch of trademark 
people kind of saying, "This is how we would describe it," you know, I'd rather bill some 
time, frankly.

 [Speaker is off microphone]

 >>AVRI DORIA:  Okay.  I'm not quite sure where to go with this now.  I mean, we 
basically -- are there other opinions?  I guess we've got two -- we've got two opinions at 
the moment on -- one is, it's worth doing if we can get more people to do it; and two, it's 
not worth doing it, we should do something broader that is a consensus policy.  So I'd 
hear like to hear some other people on that particular dichotomy.  Ross?

 >>ROSS RADER:  I'm happy to take a position on this.

 I think we've seen this with other discussions inside the GNSO whereby we keep doing 
work because we can.  I think at a certain point, you need to recognize that there may not 
be agreement on the details, and if there isn't, that you need to kind of put tools down and 
go focus on something where you can find agreement.

 I'd have to say, you know, shock and horror, I would agree with Mike that there's 
probably better things to do with our time than try and herd the cats together and make 
them agree, because I -- I don't know if we can do that at this point.

 >>AVRI DORIA:  Do you agree with Mike on the second part, that we should be 
thinking about something that looks kind of like a PDP consensus policy across all 
gTLDs on rights protection mechanisms?

 >>ROSS RADER:  Yeah.  I just -- I'd mentioned to Jeff that I agree with the approach 
and I'm -- we'll see if we agree on the implementation or the -- the recommendations.  
But yeah, no, I think the approach is sound.

 >>OLOF NORDLING:  Thanks, Avri.  I just wonder if we have based this discussion on 
exactly the same assumptions, because either this document was intended to be sort of a 
reference document, not being even an advisory but, rather, to simplify life that they 
would be able to draw from past experience, without it being any recommendation 
whatsoever.  And then the other extreme is that we -- we have strict proposals that this -- 
these are good ideas and I wonder where we -- where we really -- if it's the first case, 
which I tend to remember that we agreed upon, well, it's not an advisory, as such, but just 
a reference document.

 And maybe that could simplify to see if we have the same assumptions about what we -- 
what it is.  That may simplify our choice of direction for what to do with it.

 >>AVRI DORIA:  Any other comments on that?  I mean, I thought we had gotten to -- 
and I think that's part of the dichotomy that we've got is some people are happy with a 
reference document that was what was originally agreed upon, and some people want 
more, believe that more is needed, and some people probably are in both camps, that 
believe that having at least a reference document is good, but in the best of all possible 
worlds there would be more.

 And just as a council, I guess we need to figure out, you know, where we want to go 
with this.

 I mean, we're not going to make a decision on it today.  There's sort of a default decision 
on the reference document, if it doesn't exist, it won't be approved to be -- to go out with 
the RFP.  So that's one thing.

 In terms of a -- in terms of a consensus policy, if there's a motion within the council or 
from some other body that says, "There should be an issues report on rights protection 
mechanisms," then it falls into staff's lap to produce an issues report and then we vote on 
whether we do a PDP on it after that, that that's another possibility.

 As I said, we're not definitely going to do that vote today, because we made a decision as 
a council that only on Wednesday would we vote on things, and I don't even see fitting 
this into the schedule on Wednesday.  It's -- you know.

 But -- so I'm really looking -- a couple people have spoken, and I don't want to say you 
can't speak if you've already spoken, but some of the folks from the council and 
otherwise who haven't spoken on this, I'd really like to hear.  

 Yes, Jeff.

 >>JEFF NEUMAN:  Sorry.  I have spoken, but, you know, I think this group came out 
of the PRO working group, the protection of rights of others, and I agree with Mike that 
there are certain things that may need to addressed in certain policies but things like anti-
phishing working group, that doesn't fit within the definition that the PRO group came up 
with with rights protection mechanisms.  I'm not saying that it shouldn't -- anti-phishing 
shouldn't be dealt with, but this group, this ad hoc group, was instructed by the council, 
for rights protection mechanisms, I'm assuming, in accordance with how that determine 
was defined in the PRO working group final document.  Not -- you know, not a broader 
definition of that.

 And so I'm personally surprised that anti-phishing came up in this context as a rights 
protection mechanism.

 >>MIKE RODENBAUGH:  I think I'd just refer you back to the terms of reference for 
the ad hoc group.  It was definitely broader. 

 >>AVRI DORIA:  And I guess that that would then come out in two places.  One, if the 
reference document is written including the anti-phishing, then the council would have to 
decide whether that chapter belonged there or not in its decision to move the document 
forward, and if we go to the -- the idea of creating a new consensus policy, that would be 
something that would be written up in the motion on the issues report and then we would 
follow through on it -- on whether it was an issue that we asked for comment on, and 
then, you know, the whole process.

 So --

 >>JEFF NEUMAN:  I guess my point is that should be treated separately than the 
introduction of a sunrise and a -- or IP claims or another mechanism at the startup.

 >>AVRI DORIA:  No.  I understand.

 >>JEFF NEUMAN:  Not that it shouldn't be dealt with, but I think it should be dealt 
with separately.  

 >>CHUCK GOMES:  Can I make a suggestion?

 >>AVRI DORIA:  Sure.

 >>CHUCK GOMES:  Let me make a suggestion.  First of all, I think we need to, 
sometime this week -- not necessarily this morning -- decide whether there's going to be 
broad enough participation to warrant coming up with a reference implementation, like 
you suggested.

 If we're not able to get broad enough participation, I heard some people say that it 
probably doesn't work, so I think sometime this week, we need to decide whether there -- 
and it doesn't have to be people that are in this room.  We can enlist other people, and I 
strongly encourage that, that are in our -- in our constituencies that have more time, 
maybe, than some of us do, that could work on this.

 But I think before the week's over, we need to decide whether that's feasible or not, 
which means we need volunteers.

 That's totally separate from whether we consider doing a PDP or maybe more than one 
PDP on rights protection or anti-phishing or anything else, but I think we need to -- we 
need to get that resolved, because if that doesn't start soon, it's going to be irrelevant.

 >>AVRI DORIA:  I'm not sure that I agree that we need a decision.  We've had a 
decision before.  What we really need to do is see if people actually volunteer to do it.

 >>CHUCK GOMES:  That's what I thought I said.

 >>AVRI DORIA:  Oh.

 [Laughter]

 >>ROSS RADER:  I think there's a bit of a flaw in the logic, though, around enlisting 
more support for this -- for the drafting of this report.  I wasn't involved in the original, 
and so I'm going to make some statements based on what I'm guessing happened.

 But I'm guessing that there were two or three different stakeholder groups -- factions, if 
you will -- within that group that didn't agree on what the right outcome was, and they 
were, therefore, unable to come to any sort of consensus and didn't agree to anything.

 So whatever the status quo was kind of got through.

 But to go back now and ask those groups that didn't agree in the first place to come 
together to work together to flesh out an implementation report on the details that they 
didn't agree with -- on in the first place might be asking a bit much.

 And of course that's all predicated on my guess of what happened, but I -- even if it is the 
will of council to move forward with this, I don't know how realistic it is, in other words.

 >>KRISTINA ROSETTE:  I mean I would just kind of go back.  This is not proscriptive.  
It's not prescriptive.  It's a, "If you want to do this, here's what you might want to think 
about."  Which is a completely different thing than, "You must do this, and this is what it 
must look like."

 And so that's where I think we're kind of diverging.  And, in fact, there was at the outset 
interest from five constituencies and volunteers from five constituencies in working on 
this.

 So I -- I could see -- I think what -- I think where -- again, where I think you and I 
diverge is that, you know, this is not a kind of "must."  This is not even a "should."  It's 
more of a "may."  And to me, that really makes the difference.

 >>AVRI DORIA:  Bruce?

 >>BRUCE TONKIN:  Just listening to it a little bit further, I'm just trying to get the 
context again.  If you read the GNSO improvements report, one of the things it talks 
about is that the council is more of a management group and what the council decides is 
when a document comes before council, has it gone through, you know, extensive 
community review and that kind of determines its status.

 So there are probably a couple of options with any of these documents.  One option is, it 
is a document from a group of named -- let's sort of going go in steps.  It could be a 
document from a single individual and you see that quite common when John Klensin 
writes a lot of documents as an individual, his view on IDN.  He writes it up as an 
informational RFC, or draft, and so it's his view.

 Then you might say, "This document is the view of a group of named individuals," so it's 
person A, B, and C that support this document.

 The next level up could be that there's some institutional support, in that this is a 
document from the registry constituency or this is a document from the registrar 
constituency or the IPC constituency, which would imply it's gone through some sort of 
process and some sort of vote.

 Before it becomes a council document, I would then be thinking that each of the 
constituencies or -- it's had fairly wide stakeholder group participation in the creation of 
that document and then the council, looking down on that, says, "Well, this document has 
had input from quite a wide section of stakeholders, and we're going to endorse it as a 
council document."

 So I think those are sort of your range of options.

 And then coming to Ross -- to the level of volunteers, if you like, if each of the -- if the 
registries, registrars, IPC, business constituency, several others, have each worked on the 
document and produced the document, I think at that point it's at a point where the 
council would endorse it as a council document.

 There's, of course, nothing stopping it being released as a document from an individual 
constituency or even from a group of individuals, but there obviously needs to be 
identified as having that status.  

 So I'm just trying to give you a sense, there's a range of statuses a document can have.  
It's not an all-or-nothing.  You know, it can go anywhere from being an individual's view 
to a constituency's view to ultimately being a council view, but any of those options is 
acceptable, I would think.

 >>AVRI DORIA:  Olof, had you wanted to make -- or no.  Okay.  Jon?

 >>JON BING:  Thank you.  In my naive mind, the starting point is that this is meant to 
be a factual document, which is only declaring or describing what already exists.  If that 
is the -- if that is correct, there can only be two reasons for not including it in a report 
from the council.

 One is that it fails to meet the minimum standards of quality that the council wants to be 
associated with.  Or that there is some policy reason for the council to suppress the 
information.  And that, I would be -- be surprised to find that we would like to admit that 
we have not an open information policy.

 So therefore, we are left with the -- in my mind -- rather simple question:  Are we able to 
get the quality of the factual discussion of this paper as sufficiently well to pass it on.  

 That could be done, as Bruce just pointed out, by numerous ways, but the objective is, of 
course, to have a factual description that can help the other more normative processes 
later on.  Thank you.

 >>AVRI DORIA:  Thank you.  Yeah, I think that that's -- that that's actually a very good 
way of putting it, and part of, I think, the issue is to get that basic descriptive document 
written is, we didn't have a sufficient level of volunteering to get it done at this point.

 >>BRUCE TONKIN:  I'm a little lost there because if it's descriptive of facts, I thought 
there were a range of different ways of doing it.  I thought the reference implementation 
was saying, "Here is a preferred implementation from that group" or "a best practices 
implementation."

 That's a bit different, to me, from a statement of facts, which would be, "Here's how dot 
biz did it, here's how dot Asia did it," and so on.  That's basically a summarization of 
implementations.

 >>CHUCK GOMES:  I think that's -- the latter one is the one that was intended.

 >>BRUCE TONKIN:  Yeah.

 >>CHUCK GOMES:  IRA here where some examples of how rights have -- attempts 
have been made to protect rights."  And so, you know, it is several that you could choose 
from, or you could create your own like that.

 >>BRUCE TONKIN:  Yes.

 >>AVRI DORIA:  Mike?

 >>MIKE RODENBAUGH:  Yeah, that was the work of the PRO working group is to 
accumulate all this factual information.  It's just been regurgitated here.  The point of the 
RPM ad hoc group, as I understood it, was to go beyond that, take that factual 
information and come up with template policies that new it would operators could 
implement.

 >>BRUCE TONKIN:  That's what I thought.

 >>CHUCK GOMES:  No policies.

 >>JEFF NEUMAN:  Right.  It was supposed to be, you know, if another group wants to 
do -- say in IP claims, you know, it was supposed to be taking the facts of how it was 
implemented, along with recommendations of how it can be improved upon, and come up 
with, you know, "Here's a good way to do IP claims in the future if that's what you want 
to do."

 [Speaker is off microphone]

 >>JEFF NEUMAN:  Right.  That's, I think, the original intention is that's the next group 
that does the sunrise, here's all the lessons learned and here's ways to address those 
lessons that were learned.

 >>CHUCK GOMES:  Really, the -- as I understood it, and I wasn't involved in either 
one of the groups, but the intent was to really put some ideas on the table and let's -- I 
think it's a good point, lessons learned and so forth, so that it helps those who are 
introducing a new it would in designing their processes.

 >>MIKE RODENBAUGH:  That's absolutely correct, as to the sunrise period but, you 
know, that only takes it to -- through the sunrise period.  We got to deal with policies that 
then go from land rush and -- and beyond, is my main point today.

 >>AVRI DORIA:  Anyone else want to comment on this?  I mean, in terms of looking 
on how we proceed, I guess Chuck is right in one respect, is if there's a group of people 
that really do want to finish this document and really do want to carry through with that, 
consider it worth doing, then I guess we need two things.  We need to know who they are 
or where they're going to be recruited from, and then we need to see some sort of plan to 
make it happen.

 And then in terms of the other thing, do we need a broader policy?  Then basically, I 
guess, you would have to figure out a motion and we'd have to bring it up in front of the 
council to see, "This is something that we should do," and then ask for an issues report 
and go on from there.  So I guess on the first -- I can't do much about the first -- the 
second part.  That's sort of there on the first part.  I'd like to hear -- but I saw your hand.

 >>UTE DECKER:  Avri, just on a practical point of enabling the finding of volunteers 
and facilitating the putting together of a group, I could imagine that if we just identified a 
contact point that these volunteers could turn to, if we could decide whether they have to 
be council members or not, and if we could think loosely about a time line by when this 
document has to be finished in order to feed sensibly into the process, maybe we could 
get started.

 >>AVRI DORIA:  Okay.  I think that's good.  I think the -- the first part is, I don't know 
if anyone here disagrees with the notion that it isn't just council members.  It's -- it's 
people from constituencies and even others who care about this particular topic can 
participate.  Is that a problem notion?

 >>KRISTINA ROSETTE:  The most active participants have not been council members.

 >>AVRI DORIA:  That's what I thought.  So I don't think that that's an issue.  Now, I'm 
not sure about a contact person, because a contact person starts to almost be a 
coordinating person.

 >>KRISTINA ROSETTE:  I would actually suggest that it be the staff person.  That's 
just going to be easier, I think.

 >>AVRI DORIA:  Okay.  And the staff person on this one is?

 >>KRISTINA ROSETTE:  Olof.

 >>AVRI DORIA:  Olof.

 >>KRISTINA ROSETTE:  I don't know.  Is he --

 >>AVRI DORIA:  So Olof are you --

 [Speaker is off microphone]

 >>AVRI DORIA:  Denise, who is the staff person on this effort?

 >>DENISE MICHEL:  Now that we've got Liz Gasster on staff, she can support it.

 >>AVRI DORIA:  Okay.

 >>CHUCK GOMES:  Avri, can I suggest that by our meeting on Wednesday -- and this 
gives each constituency an opportunity to -- for constituency day to see if they can 
identify some volunteers and that -- and very briefly, on Wednesday -- and I know it's a 
press for time -- that they -- everybody at least identify any volunteers that they have 
from their group.

 >>AVRI DORIA:  Does that seem like a reasonable approach to people?

 >>JEFF NEUMAN:  Can I alternate that?  Can you also go to the constituencies to see 
whether there is interest in pursuing this further, right?  

 Because if the registrars, let's say, say "We don't think it's a worthwhile effort, given 
everything the council has got on its plate" or if the registries say that or -- and the 
registries say that and other groups say it, then maybe the conclusion on Wednesday is 
you know what?  Let's back away from this project.  We have other priorities.

 >>AVRI DORIA:  Well, there -- but there's also -- I mean, I think that's certainly a good 
thing to know, but there's also the perspective that -- that Bruce brought up, which is:  If a 
collected group of people produce something and then bring it to the council as a 
considered effort, the council can consider it.

 So it's -- it goes further than just saying, "Do we have constituencies that don't want to 
do it?"  It's, "Do we have enough people to get it done?"  And then the council considers 
it whether -- and then the stenosis can, of course, come and say, "No, we think that's a 
bad document and it shouldn't go forward."

 But as we're sort of opening this notion to if you get work done, it can be considered, 
then -- which -- which is certainly part of, if I understood what Bruce was suggesting and 
if I understand some of the implications what we'll be talking about tomorrow in terms of 
the -- you know, the GNSO improvements, that if there's enough people to build a good 
document, then it should be considered even if some people a priori thought, "Well, you 
know, we don't think it's worth doing."

 >>JEFF NEUMAN:  But you got to be careful like with the improvements.  That to me 
sounds more of a manager instead of a legislature, right?  You're not managing the 
groups.  You know, if one interest group wants to write a paper and submit it to the 
council, the council, I thought Bruce's point was, the council can say, "Hey, this is 
worthwhile, let's now send it to the other groups to see if we could build a consensus 
within the community" as opposed to the council voting yes to adopt or no, not to adopt.

 >>AVRI DORIA:  Yes.  I wasn't getting into a mechanism, and the management versus 
legislation is a -- a really big confusion in my head for tomorrow morning, so...

 >>BRUCE TONKIN:  Just to reinforce that, there is a difference between the council 
endorsing a document as a council document versus a constituency publishing it.  We 
publish a lot of stuff on the GNSO sites, and I think what we're not clear on is publishing 
what the status of different documents are.

 And one of the other areas of the GNSO improvements I think is a better document 
management approach and a better Web site design but also, clearly, identifying at what 
level this document is.  We should actually have the opportunity for an individual to 
lodge a document and that's what it is lodged as.  It is individual X's document or it is 
constituency's document or it is the council's document.  But they are very different 
statuses.

 >>KRISTINA ROSETTE:  Frankly, I think the clarity of that would be extraordinarily 
helpful because if it turns out at the end of the day that this is only going to be an IPC 
thing or an IPCBC thing, then it can be approached and handled, frankly, and staffed very 
differently than how it is being staffed now.  So, you know, I don't -- my personal 
preference be that it not become that, but if realistically -- you know, in some ways that 
might be the easiest thing to do in that I don't think it is worth the time of the staff or the 
volunteers to work on this document and then because of a lack of participation across 
the constituencies for once it comes to the council to be rejected as being the work of 
only one, you know, that's a situation I really want to avoid.

 >>AVRI DORIA:  Any other comments?  Yes, Jon.

 >>JON BING:  Thank you.  Yes, just a quick reaction to the author an interest group.  It 
seems to me that one should as, perhaps, Bruce and Kristina indicated, open up for other 
interest groups to offer papers to this council.

 And if the possibility is there, this paper would then be an excellent subject for an 
academic exercise which did not really have interest groups as its focal point but just an 
analysis of what has happened.  That then, of course, could be again the basis of a more 
political discussion.  Thank you.

 >>AVRI DORIA:  Thank you.  

 Mike?

 >>MIKE RODENBAUGH:  I want to make sure I understood you there, Jon.  I guess 
what you are saying is if we could do an issues report that sort of lays out the scope of the 
problem and then we go from there.

 >>JON BING:  Yeah, indeed.

 >>AVRI DORIA:  Okay.  Anyone else on this?  So -- no?  So. 

 I guess at this point, I guess I will check back following Chuck's recommendation, check 
back on either Wednesday or Thursday.  I don't know if we'll actually fit it on the 
Wednesday public meeting, but either Wednesday or Thursday to see where the 
constituencies are in terms of finding volunteers, in terms of finding interest and see 
where we are on this and then take another look at how we proceed because at the 
moment I'm not sure I know how we are going to proceed on this.

 Yeah, Ross.

 >>ROSS RADER:  By "this" you're referring to --

 >>AVRI DORIA:  The document that's currently being worked on.

 >>ROSS RADER:  Separate from Mike's work.

 >>AVRI DORIA:  This is the new emotion proposing a new issues report, that has to be 
created and sit for seven days or whatever and then get voted on, yeah.

 >>MIKE RODENBAUGH:  I guess maybe what I would suggest is that we focus this 
discussion over the next few days on the sunrise period because that is relevant to new 
TLDs and to the RFP.

 And then I think there needs to be a broader discussion.  It will probably be more 
controversial obviously as to other rights protection mechanisms that could potentially be 
developed as consensus policy for all TLDs.

 >>AVRI DORIA:  I think that's a good recommendation; in other words, that we focus 
on not only the narrow scope of the document but the narrow scope of rights protection 
mechanism.

 >>CHUCK GOMES:  I'm curious.  You said "the next few days."  When are we going to 
fit that in?

 >>AVRI DORIA:  Constituencies were going to talk about the interest in taking this 
further, people were, volunteers.  We were going to talk about it Thursday, if that's what I 
understood.

 >>CHUCK GOMES:  He is saying specifically focusing on sunrise provisions.  I'm not 
seeing that constituent is what I was going back to the constituency on.

 >>MIKE RODENBAUGH:  I think that's right.  I wanted to clarify.  Essentially, I see a 
dual path essentially.  One path to deal with the sunrise issue.  Come up with ideally a 
standardized sunrise process that could be provided as an implementation guideline for 
the new TLD operators.  And then a separate path which may have different ranges of 
support and interested volunteers in the various constituencies and we get to know that as 
well at the outset, anyway.  

 For other perspective mechanisms to make the UDRP work quicker, come up with a 
process by which registries can suspend domains using phishing, whatever.

 >>CHUCK GOMES:  I understand the separation.  I understand the second one, 
focusing on sunrise, UDRP, other rights protection mechanisms is going to fit into our 
busy schedule this week.  Is that what you were suggesting, this week?

 >>MIKE RODENBAUGH:  No, no, no.

 >>AVRI DORIA:  You were suggesting for the off -- for the out of band work.  The 
work the constituencies --

 >>MIKE RODENBAUGH:  Correct.  I was following up on Avri's suggestion to go 
back to the constituencies and we will come back Wednesday, if we have time during 
AOB, or Thursday during our wrap-up and we'll get a gauge from everybody as to who is 
willing to participate on this new TLD sunrise paper essentially and who might be willing 
to participate or be interested or have vehement opposition to even discussing any other 
mechanisms.

 >>CHUCK GOMES:  The new TLD thing is not restricted to sunrise.

 >>JEFF NEUMAN:  That's what I was going to say.

 >>MIKE RODENBAUGH:  I am suggesting that it be restricted to sunrise because 
every other sort of rights protection mechanism would, in my mind, very strongly need to 
apply to existing TLDs as well.

 >>JEFF NEUMAN:  Can I make your point but in different words?  It should be limited 
to intellectual property protections during the launch of the TLD, whether that's sunrise, 
IP claims or something else.  Does that clarify for you?  I think that's what Chuck point 
was.  You were using the word "sunrise," but your point I think is right.

 >>MIKE RODENBAUGH:  Thanks for clarifying.  You got it.

 >>AVRI DORIA:  Okay.  Is that sort of clear to everyone?

 [ Laughter ]

 Basically, we divided -- I'll try.  We divided sort of the issue into two parts.  One of them 
is to see if there is still interest in -- and how much interest in working on the rights 
protection mechanism implementation reference guide that would go out at the same time 
as the RFP assuming there was a decision to do so.

 And that that is being taken in the narrower sense of pertinence to new gTLDs, the 
intellectual property issues such as but not restricted to sunrise, et cetera, and to find 
where the interest was and that the issues dealing with the broader issues that may 
include phishing but not limited to will be considered later.

 Did that make it less clear?

 You also wanted to get a bearing on whether people were interested in that one.

 >>MIKE RODENBAUGH:  Correct.

 >>AVRI DORIA:  I would actually prefer to try and restrict to the first.  You'll get 
opinions on the second because if we're going to go out for a new consensus policy, then 
we will ask for an issues report.  We'll have to figure out what's in the issues report.  
There is a whole discussion there.  We then will have to go for constituency feedback, et 
cetera.

 So that's a much harder job.  And I would really like to know whether we're going to 
have this document and the other one.

 But, I mean, you will get feedback on the other, but I would really like people to focus 
on do we have the resources and the interest and the will to get this particular document 
done and the other discussion is still an open discussion but we're not going to be talking 
about it this week, not in any of the formal meetings.  Is that okay?  I know -- I know 
you'd like to get it all in but it feels like boiling an ocean.

 >>MIKE RODENBAUGH:  I totally understand the limitations that we all have.  There 
is a lot of issues on the table this week.  I am not asking for any sort of positive 
movement necessarily.  I am really just asking that we have a discussion, take it back to 
our constituencies and just keep talking about it and I will be coming up with a motion 
fairly soon, I believe.

 >>AVRI DORIA:  I believe that.

 Anything else at this point?  In which case, even though it is 15 minutes early, I'd say it's 
lunch break.  We reconvene at 2:00.

 >>CHUCK GOMES:  And then could I see Cary and Edmon and Mike and anybody else 
that might be willing to work in the next few days -- spend a little bit of time in the next 
few days working on some of the language in the ccNSO GAC issues report response, 
just a couple minutes to find a time we can get together.

 >>AVRI DORIA:  Thank you.

 (Lunch break)

 >>AVRI DORIA:  Okay.  It's 10 after 2:00.  We should try to start.  Wow.  That was 
fast.

 Okay.  Sort of have a different group of people, sort of, than we did this morning.  I'm 
wondering, is there a need to go around and reintroduce or -- yeah, it is a separate 
meeting, it is on the WHOIS.  It's probably good to get everyone to introduce themselves 
again.  Some of us will introduce ourselves many times.

 I'm Avri Doria.  I'm chair of the GNSO Council at this point, and the agenda for this 
afternoon is, we have two WHOIS discussions.  The first one will concern discussion of 
the constituency and community comments, and of course with community comments 
still coming in, it's an ongoing thing, but basically to try and make sure that we've had a 
view of what the issues and comments that are coming up are.

 And then we'll have a break.

 And then after that, the second part will be a report on the studies that the ICANN staff is 
currently going through, and then Steve Crocker will be coming in to give us a SSAC 
report on the WHOIS spam study so that we basically have the studies.

 Now, in the first part, one of the things that, you know, we can also discuss and was part 
of what we had gone out asking for discussion on is we do have three motions on the 
table that are scheduled to be voted on on Wednesday, so obviously those are also 
something to talk about, and as we go through sort of figure out what the best way to 
proceed with this is, and I'll sort of feel my way along as the discussion starts, as the 
opinions come out of how to head through that, and how to use the two hours or one hour 
and fifty minutes that we've got slated for this, as well as possible.

 So I'd like to ask if we could just go around the room again, saying who we are, 
constituency or, if not constituency, you know, what your interest is quickly, and we'll 
first go around the table and then we'll go around the chairs.  Oh, and there is -- this time 
there's an improvement.  There is a hand-held mic, so when it's time to go around the 
edge, we can just pass the mic around the room.

 So Norbert, I'll start with you again.

 >>NORBERT KLEIN:  My name is Norbert Klein.  I'm a member of the GNSO 
Council.  I am from the noncommercial constituency, and I work in Cambodia in a 
nongovernment organization involved in communication.

 >>ROBIN GROSS:  My name is Robin Gross.  I'm also a council member from the 
noncommercial users constituency.  I'm based in San Francisco.  I am an attorney.  I work 
with IP justice.

 >>BILAL BEIRAM:  Thank you.  My name is Bilal Beiram.  I'm representing the BC.  I 
work with Talal Abu-Ghazaleh organization.  We're based in Amman, Jordan.

 >>MIKE RODENBAUGH:  I'm Mike Rodenbaugh, councillor from the business 
constituency.

 >>ALAN GREENBERG:  Alan Greenberg, I'm liaison from the ALAC, and in real life I 
do advising developing countries and donors in how to use technology.

 >>MARGIE MILAM:  Margie Milam with MarkMonitor and I'm with the registrars 
constituency.

 >>MARILYN CADE:  My name is Marilyn Cade.  I'm a member of the business 
constituency.

 >>TONY HOLMES:  I'm Tony Holmes, ISPCP, and a member of the council.

 >>BRUCE TONKIN:  Bruce Tonkin from Melbourne IT, which is a member of the 
registrar constituency, and I'm also a member of the ICANN board.

 >>OLOF NORDLING:  Olof Nordling.  ICANN staff based in Brussels.

 >>DAN HALLORAN:  Dan Halloran, ICANN staff.

 >>EDMON CHUNG:  Edmond Chung, gTLD registry constituency.

 >>AVRI DORIA:  And I'm Avri.  I'm a NonCom appointee to the council.

 >>CHUCK GOMES:  Chuck Gomes, representing the registry constituency on the 
council.

 >>MILTON MUELLER:  Milton Mueller.  I'm chair of the noncommercial users 
constituency.

 >>UTE DECKER:  Ute Decker, member of the GNSO Council for the intellectual 
property constituency.

 >>KRISTINA ROSETTE:  Kristina Rosette, member of the intellectual property 
constituency.

 >>PATRICK JONES:  Patrick Jones, ICANN staff.

 >>CRAIG SCHWARTZ:  Craig Schwartz, ICANN staff.

 >>STEVE DelBIANCO:  Steve Del Bianco, business constituency, rapporteur to the 
WHOIS working group.

 >>ROSS RADER:  Ross Rader, registrar constituency, elected to the council.

 >>JEFF NEUMAN:  Jeff Neuman, gTLD registries constituency.

 >>LIZ GASSTER:  Liz Gasster, ICANN policy staff on WHOIS.

 >>MATTHIEU CREDON:  Matthieu Credon, dot bzh project, observer.

 >>WERNER STAUB:  Werner Staub from the CORE secretariat in Geneva as an 
observer.

 >>ELMAR KNIPP:  Elmar Knipp, also with CORE, also observer.

 >>DIRK KRISCHENOWSKI:  Dirk Krischenowski, dot Berlin, business constituency 
and also observer.

 >>PAUL LECOULTIE:  Paul Lecoultie from CORENIC, member of the registrar 
constituency.

 >>AVRI DORIA:  Okay.  Who has the microphone around the edge?

 >>ARTUR LINDGREN:  Artur Lindgren, Nictrade, Sweden.

 >>AVRI DORIA:  Okay.  Is the microphone on?  

 >>ARTUR LINDGREN:  Hello?  Artur Lindgren, Nictrade registrar.

 >>AVRI DORIA:  Thank you.

 >>HENRIK ERKKONEN:  Henrik Erkkonen, Nictrade, Sweden.

 >>SUSAN CRAWFORD:  Susan Crawford, ICANN board.  

 >>CLAUDIO DiGANGI:  Claudio DiGangi, International Trademark Association and 
intellectual property constituency.

 >>LYNN GOODENDORF:  Lynn Goodendorf.  I'm with InterContinental Hotels Group 
and a participant of the WHOIS working group.

 >>KAREN LENTZ:  Karen  Lentz, ICANN staff.

 >>PALMER HAMILTON:  Palmer Hamilton.  Represent JPMorgan Chase and a 
number of banks.  Business constituency.

 >>CONSTANCE BROWN:  Constance Brown, ICANN staff.

 >>PHILIP CORWIN:  Philip Corwin, observing.  I'm counsel of the Internet Commerce 
Association, representing domain name investors and developers.

 >>PAUL TWOMEY:  

 >>PAUL STAHURA:  Paul Stahura.  I'm with one of the registrars.

 >>AVRI DORIA:  Thank you.  And I understand that we do have people on line.  

 So on line, who is on line, please?

 >>STEVE METALITZ:  This is Steve Metalitz with the intellectual property 
constituency and a member of the WHOIS working group.

 >>AVRI DORIA:  Thank you.  Anyone else?

 >>MIKE WERNICKE:  Mike Wernicke, entertainment software association.

 >>AVRI DORIA:  Okay.  Anyone else?

 Okay.  Thank you.  

 >>GLEN de SAINT GERY:  Sorry.  One more.

 >>MARTHA JOHNSTON:  Martha Johnston with Go Daddy.

 >>AVRI DORIA:  Okay.  Thank you.  I want to remind everybody that we not only have 
to use the mics for recording purposes but we especially have to use the mics because we 
have people that are on the telephone line and so -- and please, on telephone -- you know, 
obviously I won't see your hand come up, so please let me know when you've got 
something that you want to get into the queue for.

 Okay.  So the first thing we had on was discussion of constituency and community 
comments.  I've asked Liz to give a very quick recap from the constituency comments.  
Now, her statements are going to be very brief, and very top-level, and so afterwards I 
would like to give each of the constituencies a chance to, you know, further elaborate on 
the position as -- because -- I asked Liz to give a very, very top view, sort of an outline, 
and then we need to talk a little about what the best way is to review the community 
comments because as I say, they're still coming in.  There's lots of them.  There hasn't 
been a full analysis of them yet.  This is our first chance to talk about them.  

 Certainly they do fall into certain groupings.  There are some that can be characterized as 
being similar to each other, but it's something that we need to start talking about.  So, Liz, 
if you could.

 >>LIZ GASSTER:  Great.  Thank you, Avri.  Again, these are quite abbreviated 
summaries and feel free to elaborate or correct or clarify, as you like.

 So beginning with the commercial and business users constituency -- and this is based, 
by the way, on --

 >>MARILYN CADE:  Sorry.  Should we be looking at a document?

 >>LIZ GASSTER:  No.

 >>MARILYN CADE:  Oh, okay.

 >>LIZ GASSTER:  Actually, the staff overview -- that is a good question, though.  The 
staff overview of recent WHOIS activity includes all of the constituency statements that 
we received by the deadline, and in addition, posted on the WHOIS site are the ISP 
comments on the overview that we also received.

 So I think these are just basically characterizations of what the fleshed-out statements 
say in that overview.

 So commercial and business users constituency do not see sufficient justification for 
abandoning or changing WHOIS, and essentially say that there is no adequate basis 
currently to implement the OPoC.

 The individual NomCom appointee who submitted comments, Avri Doria, supports 
implementation of OPoC as long as it does not include a reveal function and that restricts 
access only to law enforcement on a case-by-case basis.  Absent this outcome, this 
appointee supports sunsetting existing non-consensus WHOIS contractual provisions in 
all registrar and registry agreements.

 The intellectual property constituency opposes adoption of OPoC unless or until an 
efficient, reliable, and speedy alternative mechanism for such access is ready to be 
implemented.

 The noncommercial users constituency opposes the adoption of OPoC because of the 
reveal function and concerns about the reveal function, and the NCUC supports 
sunsetting existing WHOIS portions of the RAA that are not consensus policy at the end 
of 2008. 


 The registry constituency generally supports the underlying concepts of the OPoC 
proposal, assuming sponsored registries retain the ability to determine the eligibility of 
applicants, and as long as access to unpublished WHOIS for legitimate purposes is 
addressed.

 The registry constituency supports a tiered access mechanism for this purpose.

 The ISP constituency -- and again, the ISPs' constituency comments are not in the 
overview.  You'll need to go to the comments site for that.

 They do not support adoption of the OPoC proposal in its current form.  That 
constituency is concerned about insufficient review of alternative approaches, such as 
special circumstances and tiered access, the need for speedy access to WHOIS data for 
anti-cybercrime purposes, and costs and other implementation concerns.

 The registrar constituency did not submit comments on the staff overview.  In its 
statement previously submitted as part of the WHOIS task force report of 12 March, the 
registrar constituency expressed support for the OPoC proposal.  But just to emphasize, 
there was no registrar constituency statement associated with the WHOIS overview that 
was prepared by staff.

 And that's kind of a summary.  And I will just follow Avri's comments again that there 
are a very large number of comments coming in on the public comment page, and 
encourage everyone to take a look at those and give as much attention as possible to those 
many comments.

 >>AVRI DORIA:  So the first thing I'd like to ask -- and go through the constituencies 
as the statements were made and ask them if there's something they would like to add to 
the characterization that was just made, so starting out with the business constituency, 
would you like to go a little further or deal with that?  Is there someone -- yes.

 >>STEVE DelBIANCO:  If you don't mind.  Steve DelBianco.  I was rapporteur for the 
BC to the WHOIS working group.  

 Our actual comments delineated three studies that were done in phases that we would 
need:  The uses and abuses; the costs of the measures that we'll use; and also the 
mechanisms, what would be the mechanisms for access.

 So I'll give you three alternative interpretations as to what the BC is up to, right?

 The first cynical interpretation is:  It's more studies because, oh, good, that's more delay.  
And that would be what some people would infer.  

 I would suggest a second, which is the true purpose here, which is what we suggest, that 
the proxy service is an example of a market mechanism that has arisen while ICANN has 
taken its time to figure out what to do, and that the proxy service, it seems, I think, is 
giving protection to people that would want to avoid having their information published.

 The second, which I think is another sort of market mechanism, is that registrars have 
started to employ anti-spasm measures for their display of WHOIS data, and this is 
documented in the SSAC study.  

 So I think that in two important ways, registrars have innovated in ways that allow 
people to protect privacy.  So it makes the BC continue to scratch our head and ask, 
"Where is the harm in the current implementation of WHOIS that justifies scrapping that 
system or replacing it with something that is not well formed yet?"

 So the idea of the study there is to really examine current market-driven mechanism as 
well as the harm that we can document which would justify moving ahead.

 I said three interpretations.  The three interpretation is we'll call it a fallback plan.  And 
the fallback plan is that even if the OPoC were approved, we are going to need these 
three studies in order to do the implementation of the responsibilities for an OPoC, as 
well as to do the access mechanisms for the unpublished WHOIS data.  

 And I believe staff has done a good deal of work on that on the 11 October 
implementation notes, where the very same things that we discussed and debated in the 
working groups are going to need further study because the OPoC plan as presented in 
the motion that will be considered Wednesday still doesn't have enough meat on those 
bones to guide implementation.

 So that's where I give you three interpretations of where the BC came out by asking for 
more studies.  And I would -- I would encourage all of you to sort of disregard the old 
delay motivation and pay a lot more attention to our direct and our fallback plan.  Thank 
you.

 >>AVRI DORIA:  Okay.  Thank you.

 Yeah, I think I'd like to go through all of them and then let people go and start 
addressing and asking questions of each of them.

 I was the next one.  I think what was covered in the statement I made was -- I made a 
fairly simple, short statement, and I think the overview included all of it, so I've really got 
nothing to add, other than, you know, I did not accept the reveal and that I had a real 
problem with the sort of self-definition of who was authorized to get information and 
believed that an authorization process for who had access needed to be dealt with.

 The IPC was the next comment that was summarized.  Does anyone want to add -- or 
Steve, do you want to, or someone --

 >>KRISTINA ROSETTE:  I was actually going to suggest that if Steve wants to, then he 
should.

 >>STEVE METALITZ:  I don't think I have anything to add.

 >>AVRI DORIA:  Right.  Steve, do you want to be the one to -- or are you fine with 
what was read out?

 >>STEVE METALITZ:  Yeah.  I don't have anything to add to the statement.

 >>AVRI DORIA:  All right.  Thanks.  NCUC was the next one.  Did anyone from 
NCUC have anything, any further elaboration that they wanted to add to what was -- the 
overview that was given?

 No?  NCUC's fine with that?

 Okay.  Great.  From the registry, is there any further comment or --

 >>CHUCK GOMES:  Sure.  Because our statement did cover a little bit more than was 
in the summary there.

 First of all, the WHOIS working group was tasked with examining three issues, and it 
was our conclusion that there wasn't consensus reached on any one of those three, or any 
recommendations regarding those.

 We continue to believe that respect for registrants' interests and protection of personal 
privacy does demand change in the way data is published in a WHOIS service.

 At the same time, to the extent that any data that would become private is needed for law 
enforcement or other interests such as intellectual property, that appropriate means for 
accessing that data should be provided through some sort of a tiered access system, which 
Liz did mention in her summary there.

 We also recognize that a tiered access system does have some serious policy challenges, 
as was demonstrated in the working group, in looking at OPoC.  But dealing with those 
challenges somewhere down the road seems like it could still be a valuable exercise when 
we get to a point where we can really work constructively on that.

 With regard to the OPoC in particular -- and Liz mentioned this -- we do think that there 
are some needs of sponsored registries that aren't addressed in the OPoC proposal that 
would need to be addressed.  They should be free to determine what data should be 
collected for their specific needs in their sponsored community, and determine what any 
data beyond that list should be published.

 It's our opinion that the OPoC proposal in its present form doesn't deal with the question 
of access to unpublished WHOIS data, nor did the WHOIS working group reach adequate 
agreement in that regard.  And we think that that question has to be answered.

 We also don't think that there's a practical test for determining what types of use might 
qualify for privacy protection, and those points just reemphasize the fact that -- that we're 
not at a point where it could be implemented.

 Completion of the OPoC proposal we believe would require considerable effort, and, 
you know, we need to answer who decides who gets access, who are requests for -- who 
are requests authenticated, to whom should access be given, who provides access, how 
would access be given.  

 Without answering those questions, you can't implement OPoC or any tiered access 
system for that matter, and those are the holes that we identified and were concerned with 
a long time ago, and they still exist.

 >>AVRI DORIA:  Thank you.  Okay.  The ISP had an update.  Does anyone want to 
speak to that?

 >>TONY HOLMES:  Yes.  Thanks, Avri.  I will just provide an update, as it isn't in the 
document.

 But basically what I'm going to say supports a lot of the dialogue that's already been 
stated.  I think Steve suggested there wasn't enough meat around this, and we find it 
difficult to support this proposal without further review.

 Certainly cyber crime remains a significant threat, and there are some basics which still 
need to be addressed before you can move forward down this path.

 I'd just mention four of the items that are listed in the ISP response.  Questions that still 
need to be answered.

 How can quick and efficient spawns to cyber crime data gathering be ensured from an 
OPoC?  What parties have access to hidden data?  Who decides which parties have 
access to the data?  And who pays for the costs involved in providing access to that data? 


 And I think they're some of the key elements that are still out there.  Thanks.

 >>AVRI DORIA:  Thank you.  And lastly, there was no updated statement from the 
registrars, but Ross?

 >>ROSS RADER:  Yeah.  To clarify that, we didn't submit any comments on this.  Not 
because we're not interested in the issue, but after years of discussion, we were hard-
pressed to find anything new to say on this subject.

 >>AVRI DORIA:  Okay.

 >>ROSS RADER:  So certainly our position is on the record.

 >>AVRI DORIA:  Yeah.  No, I didn't mean to indicate a criticism that you didn't.

 >>ROSS RADER:  No.

 >>AVRI DORIA:  Okay.  I guess one thing I want to add, and then get into the rest of 
the conversation, is:  In listening to -- as I put through the first one of the motions -- I 
mean there are three motions, and listening to the business constituency, I wasn't sure that 
that motion and what the business constituency was saying in its fallback position were 
necessarily that different.

 In terms of -- because the motion, as I conceived it, sort of -- one thing is the studies are 
ongoing, and there's nothing we're doing at the moment, none of these votes suggests 
stopping the studies.  The studies we're getting an original report on.  They're ongoing.

 That motion envisioned asking the staff to sort of take the melange of stuff that we've got 
-- there's an OPoC proposal, there's a working group, there's a lot of commentary out 
there on what needs to be done, what's not covered, whatever -- asking the staff to come 
up with an implementation proposal for an OPoC and then bring it back to the council 
and the community for us to look at, at the time at which we also would hopefully have 
the studies.

 So I'm not sure that the fallback and that motion are necessarily that dissimilar, and I just 
wanted to put that in as -- as an explanation.  Certainly.

 >>RICHARD DELMAS:  Thank you.  I wanted to sort of respond to that in one respect.  
When I said it was a fallback, I mean well, we'd be falling, and it's never a good thing to 
be falling, so let me make the distinction here that if the studies -- I think we'll all agree 
that the studies are going to be necessary for implementation.  And staff has certainly laid 
that out already in the October report.

 However, by doing the studies, as part of implementation, you presuppose that you've 
already crossed the threshold, that you've met the gating condition to say that the harms 
of the current WHOIS, undocumented though they may be, are sufficient to justify 
moving ahead with an unformed, incomplete plan.

 So I would say there's a fundamental difference there, in that I would -- the BC wants the 
studies done first, as a gating condition, because I truly believe that a study of the uses 
and abuses after taking a look at how well proxy services and registrar protection 
mechanisms have solved the problem would reveal that there's insufficient harm to justify 
changing the status quo of WHOIS.  So it becomes a gating, rather than enabling of the 
implementation plan.

 >>AVRI DORIA:  Okay.  Okay.  Yeah, I -- I'd like to basically take a general queue and 
start opening up the discussion.

 >>MARILYN CADE:  Sorry.  I just wanted as a BC member, to just support something 
that Steve said and note that I think you saw in the BC positions that the -- there was also 
a request to study the characteristics of registrants in order to inform the policy-making, 
and I think that was consistent with why it needed to come first.

 [Speaker is off microphone]

 >>AVRI DORIA:  Okay.  So I have Milton and then Chuck.  And anyone else while I'm 
building a list at this point?  Okay.

 >>MILTON MUELLER:  Okay.  So Steve, the studies.  What would you say if a 
European data protection commissioner said to you that, "This is against the law in my 
country"?  

 Would you say, "Well, let me study it and see if it's harmful, by our criteria that we'll 
establish at ICANN, and if we sort of -- you know, we do an empirical study and we just 
don't think your laws have any rationale, we're just going to blow them off," is that sort of 
what you're saying here?  

 I don't really want you to answer that question.  It's rhetorical.

 >>STEVE DelBIANCO:  Well, since you asked --

 >>AVRI DORIA:  Yeah, you asked.

 >>MILTON MUELLER:  Yeah.  I know.  

 >>STEVE DelBIANCO:  Since you asked -- 

 >>MILTON MUELLER:  I know what you'll say.

 >>STEVE DelBIANCO:  If -- if The European Commission came up -- or some 
European government came up with a statement like that, if -- and that's a big "if" -- but 
if they did, my next question immediately is, "Can we conceive of a less restrictive means 
of actually solving your problem than throwing out the baby with the bathwater on 
WHOIS."  

 And I would -- I would hope that the study, since the study would incorporate the 
characteristics of registrants and the study would incorporate, as we requested, an 
examination of the proxy service.  If the proxy service can actually fulfill the privacy 
directives concerns, then it's a matter of educating people, of going to registrars that offer 
a proxy service.  And that way we solve that problem if, in fact, there's a documentation 
that the problem exists.

 >>MILTON MUELLER:  Okay.  As a social scientist, I have an another question about 
studies, and that is, are you willing to turn the tables a bit and allow us to do a study of 
countries that do shield WHOIS data, and find out whether the levels of cyber crime and 
other kinds of problems that are alleged to happen, if we shield the street address of 
domain name registrants, all of these terrible things that are going to happen, can we find 
out whether they're actually happening?

 In other words, underlying my question there is a sense that these studies are -- and the 
way they're being framed are not exactly unbiased, that we are putting the burden of 
proof on people who want to protect privacy to prove that they have a need for privacy, 
which in some cases is a legal right, not an empirical matter.

 And we're not asking questions about how much you really need the data, how much it 
really has to be there, where there are perfectly feasible empirical tests of that 
proposition, which we could -- we could do.  That's all.

 >>CHUCK GOMES:  The four questions I mentioned at the end of my comments a 
minute ago, I think at least three out of the four are policy questions, not implementation 
questions.

 The first one probably is -- or one of them, the one -- how are requests for access 
authenticated, that's probably an implementation question, but the -- who decides who 
gets access, to whom should access be given, who provides access, how would access be 
given, in my mind, at least in large part, involve policy questions and, therefore, I would 
think it's premature to turn it over to ICANN to implement until those are answered.  And 
they're very complex policy questions, as we already know.

 As I said in my statement, I'm actually supportive of us working on those.  I'm not sure 
we're at a state right now where we can do anything constructive in that regard.  In fact, I 
seriously doubt that.  But that's why I would think it would be premature to go to 
implementation because I really think those are significant policy issues.

 >>AVRI DORIA:  Okay.

 >>LYNN GOODENDORF:  Is this on.

 >>AVRI DORIA:  Sounds like.  Yes.

 >>LYNN GOODENDORF:  Okay.  I just want to say that I think that the studies that 
have been recommended are a very positive way to build consensus, and everyone has 
acknowledged the lack of consensus on this issue, and we have been operating on a lot of 
assumptions and a lot of anecdotal evidence, and the benefit of these studies is to actually 
have more facts to move forward on.

 >>AVRI DORIA:  Okay.  Thank you.

 >>JON BING:  Thank you.  I also would like to echo the last -- last comment.  As far as 
data protection is concerned, there is at least the regional directive in Europe.  We have 
had anecdotes that the Dutch data protection authority has accepted a certain version with 
respect to WHOIS.

 I have made great efforts in trying to verify that -- that story.  I have been in personal 
contact with the Dutch regulatory agency, and I be that as head of the Norwegian data 
protection tribunal.  We have not been able to verify that story.  That may, of course, be 
because the Dutch data protection authorities do not have sufficient -- sufficient overview 
over their own decisions or comments.

 But it is a rather straightforward analysis to see to what extent there is complication -- a 
policy would comply, or what it requires to have a policy to comply with the directive.

 This is only a regional directive, but one could also have a look at other regional 
directives like the OPoC directive or Asian and the Pacific, and they are not, in my mind, 
major studies and they should be rather objective and then one could take the result from 
them and have a look at them.

 I have also -- and I'm sure, again, this is my own naive background that shows through, 
but as far as law enforcement agencies are concerned, I -- I have difficulties really to 
grasp what is going on.  I'm thinking if I'd been a bank and this had been -- we had had a 
discussion about our customers' data or data relating to customers and others, we would 
be concerned if there is anything we could do between ourselves to stop or to reduce 
fraud or misuse of accounts and so on.  We would also be very eager to help law 
enforcement agencies, but we wouldn't try to formulate their policy.  We would say that 
if they have a policy and they have authority and they approach us, of course we will 
comply.  But that is the extent to which I think an agency or an institution like a bank 
would respond.  It may even also encourage law enforcement, say, agencies to take an 
interest in the field and say that we will provide you the data when you come up with a 
request -- with the necessary authority.

 But I have difficulty seeing that that should form part of an internal policy.  Thank you.

 >>AVRI DORIA:  I have Ross next.

 >>ROSS RADER:  We've been discussing -- "discussing" is not the right word.  We 
have been engaged in a PDP on this topic since before we actually had PDPs in the 
ICANN bylaws.  WHOIS is the perennial policy question.  

 I really think it is time for the council to complete this policy process.  There is one of 
two ways we can do that.

 We can either move the stuff that's on the table forward or we can say the stuff on the 
table isn't good enough to be a policy recommendation.  

 We hear talk of additional study on this issue, and I think that's fine for the council -- for 
the community to engage in that type of study.  But to do that within the ambit of this 
existing policy development process without any clear direction on how we're going to 
move this policy forward is not something that I'm even remotely convinced will bear 
any fruit in the next two to three years.

 I would like to see the question of WHOIS policy closed off in our lifetimes, and I think 
the only way we can do that is by taking a vote at this next meeting as to whether or not 
these recommendations are sufficiently well-rounded enough to become policy.  And if 
they're not, then we stop the policy development process until such time that we can 
actually figure out what we might possibly have grounds to agree on.

 And I think within that, we can engage in the further study that's being called for.  It 
need not necessarily be a gating item, I don't think, to moving or not moving our 
recommendations forward.

 >>AVRI DORIA:  Thank you.  Steve?

 >>STEVE DelBIANCO:  The fruit of a PDP may well -- may be my apples and Ross's 
oranges, but the fruit is not necessarily the moving forward of a new replacement for 
WHOIS.  

 The fruit of a PDP properly conducted, that took way too long, may well be there is 
insufficient harm to justify changing it.  That is also fruit to the process.  

 I simply want to respond to a direct question from Milton and one challenge.  The direct 
question was would the B.C. in its call for the uses and abuses study be willing to really 
have scrutiny of the uses of WHOIS and to what extent do they contribute to law 
enforcement, consumer protection and the protection of rights. 

 And, Milton, the answer is, yes, we should.  We should definitely count the uses of 
WHOIS when we balance it against the abuses so that we should ask governments to 
what extent are you using WHOIS to be part of the investigations.  I think that was the 
essence of your investigation.  Would we want to live with the study if the results could 
come out and -- they might say the law enforcement doesn't use WHOIS, and I'm willing 
to take that chance.

 At the tail end of it, you said to me the B.C. was somehow saying to people that we were 
saying it is a burden on you to prove that you have a right to privacy.  

 Now hang on.  The burden here -- and it is a burden that hasn't been met -- is the burden 
to show that your right to privacy is being compromised by the WHOIS system.  That is 
the burden that hasn't been met yet.

 >>AVRI DORIA:  Jeff?

 >>JEFF NEUMAN:  I have a question for the B.C. because I think this is the first time -- 
I was one of the co-chairs of the original WHOIS group back in 2002, 2003.  I can't 
remember now.  This is the first time I have ever heard someone from the B.C. say that 
the proxy service might actually be a solution.  

 But I feel like the B.C. statement is missing something.  My gut tells me once we say the 
current WHOIS system is fine, the next step is okay, now let's regulate the proxy service.  
Let's regulate what the registrars, when they have to make access, who they have to make 
access.  

 I'm asking you now in the open, B.C., is your next step, if the vote by the council -- And 
I'm not on the council.  But if the vote by the council is to use the current mechanism and 
one of the rationals because market forces may be working, I want you to tell this group, 
is the next step to study proxies and to regulate proxies and have new process to do that?

 >>STEVE DelBIANCO:  I will give you a partial answer and rely on our counselors to 
help out.  I did say the first part of the study is where you try to figure out the uses and 
abuses.  I would like to know whether the uses and abuses, including a study of proxy, 
would reveal that registrars that operate proxy services, are they living within the RAA, 
to both relay and reveal, as I understand the current registrar accreditation agreement 
requires.

 If that's truly the case in that registrars do relay through the proxy and that the proxy 
does reveal information when evidence of harm is shown, then that would indicate that 
that is a mechanism that both protects privacy and also allows for law enforcement and 
consumer protection to get through the information to the true registrant.

 >>JEFF NEUMAN:  Okay.  If it doesn't reveal or relay in your satisfaction, then your 
answer is yes, we would want to seek to regulate what those proxy services do?

 >>STEVE DelBIANCO:  The answer is yes.

 >>AVRI DORIA:  Thank you.  Okay, Bruce.

 >>BRUCE TONKIN:  This is really just some process comments and partly picking up 
on what Ross said because I think one of the challenges -- the purpose of what you're 
describing of a study should be what was in the issues report.  I guess the last issues 
report on WHOIS -- I was trying to get online.  Maybe someone else can look at that.  
Was that about 2001 or something?  When was the last WHOIS issues report?

 >>MARILYN CADE:  The last issues report is --

 >>AVRI DORIA:  Microphone, please, if you have got an answer.

 >>MARILYN CADE:  The last issues report was -- I was thinking it was 2002 because I 
made -- because I co-chaired with Tony Harris.  Sorry, I don't remember Jeff was a co-
chair.

 >>JEFF NEUMAN:  He was the first.

 >>BRUCE TONKIN:  Let's just say it was a number of years ago.  I think what you're 
saying or if I hear what some people are saying is the world's changed quite a bit since 
that issues report.  A notion of what needs to be an issues report has probably evolved as 
well.  

 One of the comments, I think -- I'm again putting this from the perspective of some of 
the things that have come up in the various reviews of the GNSO.  And that is around 
getting more data to help drive our policy processes and in the past, the issues reports 
have, more or less, been here are some issues individuals have raised. 

 And so the last issues report on WHOIS contained a number of issues that have been 
raised by people concerned about privacy. The fact that there is also in that same time 
frame there have been new laws and number of countries in the world have instantiated 
privacy laws that probably weren't in place at the time the original WHOIS protocol was 
put into place.

 I think one of the options is, basically, as Ross says, you can say we have reached a level 
of agreement on a current policy and you are putting that before the council or the current 
PDP has not reached agreement.  In which case you'd say you have got to have some 
point that a PDP ends, otherwise you've got no control of process.

 Then you could reinitiate the process starting from square one, which is to say we need 
an issues report.  These are -- this is the pieces of information we need.  What are the new 
privacy laws that have happened in the last four years?  What are the new changes that 
people have made?  Are they having impact or not with proxy services or changes to the 
protocol and then you reinitiate the process.

 But I think you've got to be careful of having something that is certainly perceived to be 
externally -- because the failure of the GNSO is that we never converge, we just keep 
going around in loops and we don't seem to be following any process anymore.  

 And I am sort of concerned that the process -- there should be a vote on what you have 
gotten to.  

 You have had a WHOIS report.  You have a group that has given some comments on the 
implementation of that report.  You have to make a decision, are you prepared to move 
forward or not and that's the end of that PDP.

 And then you are starting a new process is what I'm hearing, which is perfectly 
legitimate.  That starts at the top and that's something, okay, we are creating an issues 
report.  What do you need in that issues report?  The lessons you have learned so far 
mean that that issues report hopefully is a lot more helpful to drive the development than 
the previous issues report.

 >>AVRI DORIA:  Milton.

 >>MILTON MUELLER:  I think the problem with the study option, Steve, is really that 
the study just becomes a sublimated way of fighting over the policy in the current context 
so that the question of what question the study asks, who does the studies would all 
simply become a continuation of the political fight that we're already in.

 So what I would suggest is a superior option would be you guys commission a study 
about the issues that concern you, and actually you may do a perfectly fine study.

 I mean, I am going to go over it with a fine-toothed comb but you may do us a service by 
documenting, for example, how many registrants are actually natural persons versus 
corporate persons, how many proxy services are being sold.  This is all very interesting 
data, very useful data.

 I would like to do a cross-correlational study with ccTLDs with more restrictive WHOIS 
display policies and see how that correlates with cyber crime in those jurisdictions.  I 
think that would be a very interesting study.

 Maybe I should go out and do that or find somebody to fund that study.  But I don't think 
that the process of having one of these studies is going to converge us.  I suspect one side 
or the other would try to use the nature of the study to beat the other side over the head 
with, and it really wouldn't get us anywhere.

 >>AVRI DORIA:  Thank you.

 Do you have the microphone?  Anyone else want to be in the queue?

 >>LYNN GOODENDORF:  I would just like to confirm, I have the impression that no 
data protection authorities have made inquiries of ICANN regarding data protection and 
the WHOIS.  Is that correct?  Have data protection authorities made inquiries of ICANN 
on this point?

 And the reason I ask is that our company has received inquiries which we have 
satisfactorily responded to and they never progressed to complaints, but I'm thinking that 
if our company has received inquiries on our privacy practices and this is such a 
tremendous concern here, have there actually been formal inquiries received by data 
protection authorities?

 >>AVRI DORIA:  Would you repeat your question.

 >>LYNN GOODENDORF:  Has ICANN received in I formal inquiries from data 
protection authorities?

 >>AVRI DORIA:  Bruce, got to use your mike.

 >>BRUCE TONKIN:  Normally, inquiring about what?  I don't understand the question.

 >>LYNN GOODENDORF:  The inquiries that our company has received is different 
from a complaint.  The inquiry is where they will contact us to clarify a particular 
practice, and we submit a response.  And if they're satisfied, it doesn't progress to a 
complaint.  When it progresses to a complaint, there is further investigation.

 So that's the process of the data protection authorities.  

 And then, I guess, since I work in privacy, I would also add that anyone who registers a 
domain name has the capability of collecting personal data.  And as such, there is a 
regulatory requirement to give notice and to follow the principal of transparency which is 
internationally accepted in privacy that you must disclose who you are and that contact 
details of name and address are not considered sensitive personally identifiable 
information.  It's considered personal data but not sensitive personal data.  So I would just 
-- again, my question is, has ICANN received inquiries?

 >>DAN HALLORAN:  I can't be 100% sure.  This is Dan Halloran.  I don't think we 
have ever received an inquiry just along the lines you said because we don't publish data.  
We don't hold data of registrants.  We have, I guess, a tiny little bit of data and we do 
maintain a WHOIS at the root level so we list who is the admin contact for dot UK and 
dot DE, but beyond that we don't have registrant so I don't think the data protection 
agencies would be interested in us because we are not a data keeper.

 We have received communications from those by entities but not about data we're 
holding.  It would be about our policies.

 >>LYNN GOODENDORF:  The question here on data protection would be disclosing 
personal data in the publicly available WHOIS database.  So if it was a concern to a data 
protection authority, I believe they would make a formal inquiry.

 >>DAN HALLORAN:  I think that would go -- there is no such thing as "the public 
WHOIS database."  We certainly don't maintain it.  Each registrar has its own database.  
They collect its own data and discloses it.  I would imagine if a regulatory agency had a 
concern about that, they would direct the inquiry to the registrar.

 >>LYNN GOODENDORF:  So then I think the next question was have any registrars 
communicated that -- have any registrars reported they have been contacted by data 
protection authorities?

 >>AVRI DORIA:  I have Milton in the queue but I'm wondering whether any registrars 
here.

 >>AVRI DORIA:  You got -- Bruce, you got to use the microphone.

 >>BRUCE TONKIN:  I am trying to clarify your previous question about what the 
inquiry is about. We have been contacted by data protection agencies in Australia 
regarding data we hold.  It is usually on a case-by-case basis.  It is usually in relation to a 
complaint from somebody to that agency, and then that agency  has then contacted us 
regarding the complaint.  

 >>LYNN GOODENDORF:  Has there been anything specific to WHOIS and the 
personal data being publicly available or disclosed?

 >>BRUCE TONKIN:  Not in the context of the way you have described it.  It was more 
a case of that particular individual's data.  That's not a complaint about the system.  It is a 
complaint about that individual's data.  But I would be -- I'd expect that a lot of registrars 
would receive case-by-case stuff.  It is not a policy question they're coming to us about.  
They're coming to us about a particular registrar.

 >>LYNN GOODENDORF:  I would just make one final point that again -- and making -
- or considering a change in policy decision that if the whole premise of changing the 
policy is a belief that we need to comply with data privacy regulations then it just 
supports again that we need more study and more information on this.

 >>AVRI DORIA:  Thank you.  Liz, did you want to comment on this specific issue?  
Okay, please.

 >>LIZ GASSTER:  It is more of a question.  There has been discussion on the part of the 
Government Advisory Committee on this issue, which it is my impression anyway that 
the concerns and issues in discussion, that those government representatives are raising 
are at least in part on behalf of the DPCs in their countries.  

 So I am kind of raising the question as to the linkage there and drawing your attention to 
the work in the GAC on that because I think that would be relevant.

 >>STEVE METALITZ:  This is Steve Metalitz.  Could I get in the queue at some point?

 >>AVRI DORIA:  I have Milton and then I have got you next in the queue. 

 Are you ready to be in the queue?

 >>MILTON MUELLER:  Just phoning a friend.  This is why I am skeptical of studies.  
We have a set of facts stretching back to 2000 and somebody's questioning whether they 
exist or not.  So let me just go through them for you.  

 May 2000, international working group on data protection and telecommunication warns 
ICANN immediately after the publication of the first RAA publication of personal data of 
domain name holders gives rise to data protection and privacy issues.

 Okay.  Second instance -- it is hard to find these things when you need them.  There is a 
2003 letter from the Article 29 working group which I can't find the exact data.  In 2004, 
Giovanni Buttarelli of the  European Union data protection entity spoke at an ICANN 
meeting and said both bulk access and the current approach to WHOIS was illegal 
according to EU privacy law.

 Let's see.  There is a 2006 letter -- No.  There is a March 12, 2007 letter from the Article 
29 working party on the draft procedure on potential conflict with WHOIS requirements 
and national laws.  And just a few days ago there was a follow-up letter from Peter  Shar, 
the Article 29 working group again.  

 I'm not even counting all of the instances in which data protection authorities -- of 
course, there is the Telnic case which is right now happening.

 So I just don't -- I don't know how we get to this spot where we are saying -- I can 
understand we want to debate how much we should shield WHOIS and how we can 
respond to these concerns without doing damage to legitimate law enforcement interests.  
I don't know why we're debating whether these queries or even happening.

 >>AVRI DORIA:  Steve.

 >>STEVE METALITZ:  I really had two points to make.  One was having heard from 
Ross and from Bruce and others, it seems to me that, I think, they've framed the question 
correctly here.  If the council thinks that the OPoC proposal should be endorsed, which is 
the language of motion one and we should move ahead to implement it then we should 
vote for motion one.  If you think the work that has been done does not amount to 
something that has been implemented as a policy, then you would vote against motion 
one.

 In terms of the study, I think Milton has raised some good points about other well-be 
could be tension over the form of the study and it is not a panacea by any means.  There 
may be some things that private parties can do, although some of the studies he talked 
about like finding out how proxy services operate, I know that the private -- only ICANN 
could do such a study because that information would not be made available to others 
since we've tried to get it in the past.

 But if the thinking is it really wouldn't be useful to have these studies then I guess the 
council would vote against motion two.  But if you think that -- and I think Bruce's point 
about whether the study is kind of happening out there and not in the context of a PDP, I 
mean, that may be a valid process point.  But if you think getting more of this 
information may be useful down the road to better policy-making on WHOIS in the 
future, then I think that would be the justification for motion two.

 I would just add on this last thread that I don't think any of the documents that Milton 
referred to really is responsive to the question Lynn was asking.  If a data protection 
authority thinks there is a legal issue, they certainly have a mechanism for raising that 
and none of the documents that he referred to would really do that.  Thank you.

 >>AVRI DORIA:  Steve, I would just like to ask one quick question for clarification.  
On the motion two, I think -- if I was understanding a difference, the motion two as it 
currently stands is we would continue this particular PDP process until after the studies as 
opposed to what I think Bruce was hinting at in terms -- or stating in terms of process was 
that certainly studies could continue but this PDP process would end and another one 
would continue.  Now, there is one motion that's not on the table which is top this PDP 
process and remain with status quo, whatever that is.  No one made that particular motion 
so it is not on the table, but that is the other possibility that falls out of the discussions.  
Not that I am making that motion and it is late, et cetera.  I said not that I am making that 
motion.  But that is the motion that no one did put on the table in terms of terminate the 
PDP and leave things as they are.  And that's not there but people talk almost as if it were 
but it's not.

 Okay.  Is someone else in the queue wanting to speak?  Okay, Chuck.

 >>CHUCK GOMES:  Ross, I really like the way you framed the issues before us, I don't 
know, 20, 30 minutes ago in that we really need to decide whether to end this process or 
not.

 And I really think there is value in us separating -- and maybe motion two needs to be 
changed a little bit -- separating whether or not any PDP happens again in the future from 
the studies.

 I probably have one of those personally -- I am not speaking for the registries right now -
- mixed feeling about the studies.  I can see some value and am not sure that there is 
going to be a need.

 But I do think we need to make a decision with regard to if we haven't reached 
consensus -- and I think it is clear we have not -- that we end that process.  I also believe -
- and this is me speaking personally right now, not for the registries.  We will speak about 
this again on Tuesday and then I will represent the registry position.

 But I really do not believe that we are at a point right now where we are going to make 
any more progress with regard to WHOIS.  We can continue the working group.  We can 
start a new one.  We can open a new PDP.

 I don't think we're at a point where we're going to have any success in that and all we 
will do is add to the frustration that has already been experienced.  At the same time, as 
several people have pointed out, there are some market mechanisms that work that are 
dealing with some of these issues and it may be over the next six to 12 months that 
maybe we -- either we find that those are solving some of the needs that have been 
expressed or we find that at that point maybe the varying parties are willing to work 
together constructively to do something.  But we could make that decision then if, in fact, 
there is the motivation to do that and the need is recognized by a significant portion of us 
so that we will indeed sincerely work together to come up with a plan to deal with that.

 >>AVRI DORIA:  Anyone?  Okay.  Werner.

 >>WERNER STAUB:  Many of us have been following this debate from the outside 
with growing sense of frustration as well because many of us have believed that this 
would, of course, lead to some result.  I think if governments have been kind of -- how do 
you say -- gentle over this period because they are expecting something to be concluded.

 Now, it is no problem to conclude we were on the wrong track.  It is certainly not for us 
who did not actively participate in the process to look, this is all wrong.  But it still strikes 
me that we have talked about radical methods, whereas we could have done easier things 
and we actually neglected the easy things and looked at the difficult things, simply 
because maybe we were too ambitious.  It could, indeed, be the best solution to close the 
PDP at this stage and, basically, just look at a similar process as to what has been done 
just now with in the context of the registrar transfers with a clarification in spirit of the 
original setup is being published right now.  Where we could just look at the technology 
used for the WHOIS and not the question of whether something is published or not.

 If you have -- if you look at the problems we have, much of it is linked to the Port 43 
protocol which is not in a position to do what it should.  At least minimal information 
about who gets that data.  We cannot get that decently with Port 43.

 If we just allow some restriction in terms of the output on Port 43, we maintain the same 
obligations on a normal Web interface where normal technologies as it captures, 
whatever, as selected by the registry or the registrar enable the consultation of that data 
by people as opposed to robots and make sure it is the listing procedures that have been 
actually been initiated by ICANN for registrars and others are upheld and respected by 
registrars, I think we could make big progress.

 >>AVRI DORIA:  Okay, thank you.

 Jon.

 >>JON BING:  Thank you, Mr. Chairman -- Madam Chairman.  Sorry.  My concern is 
perhaps not well-funded, but I noticed that in citing the documents that have been made 
available to ICANN, several -- at least two from Group 26 was mentioned, I'm not quite 
sure whether all are around the table understand that reference but that's actually the 
highest data protection authority in Europe, consisting of all the data protection agencies 
and their directors, headed by the data protection office of the commission itself.

 That makes it, of course, extremely important to take such a request from an 
international organization, too, what they concede and other international organizations 
rather seriously and to react to it in a responsible way.

 And it only strikes me that a lack of being able to cope with this in a responsible way 
might have affects outside the sector we are currently discussing because it will indicate 
how ICANN as an international organization is able to cope with requests on the 
international scene with other international organizations.

 And I think, therefore, this matter is rather serious.  Thank you.

 >>AVRI DORIA:  Thank you.  Any comments?  Okay.  So we pretty much good all the 
constituency and comments.

 One of the things I would like to ask is, in people's readings, and I know from talking to 
a lot of people, you have been reading the comments from the community.  I've read 
probably about half of them.  I have got about half to read yet.

 In my half, I don't know that I've noticed new arguments coming up, but I would like to 
open the floor to people that have, perhaps, read them, to people that have found a new 
argument in there that hasn't been discussed to sort of bring it in.  This is, basically, 
almost like a sanity check to make sure there isn't something in there that we haven't 
considered.

 And I don't have one of those, but I admit that I have only read about half of them so far.  
I will try to get the rest of them read before the vote on Wednesday.

 So does anyone have anything to add about the community comments that they've been 
reading?  Would anybody like to reinforce or champion any of the comments that people 
have made?

 >>MARGIE MILAM:  Sure.  I would like to follow up a lip bit on what Lynn was 
saying about the privacy issues and the data privacy concerns.  I think one of the issues 
that really hasn't been explored is how valuable WHOIS is in protecting private 
information, and I think that's -- you know, when we talk about some of these laws in 
Europe, there's certainly an element of balance written into the policies where you look at 
how the public is affected by the changes.

 And that's one of the things that I think may be a different angle on this, you know, to 
what extent is WHOIS used to help protect the privacy of the millions of consumers that 
actually go on to Web sites and provide their information and maybe that's something -- 
an issue we haven't discussed before.

 >>AVRI DORIA:  Can okay, thank you.  Yes, Alan.

 >>ALAN GREENBERG:  I don't have anything new to say, but I have read a lot of the 
comments also and I have talked to a lot of the people.  I can echo the absolute frustration 
of the community, certainly my community but not only my community, and the fact that 
there is no -- we have shown no ability to come to some compromised solution that meets 
the end despite all of the discussion.  The level of frustration is growing and is coming 
out more and more.

 >>AVRI DORIA:  In that level of frustration, have you picked up any solution that the 
frustrated community wants?  I see your hand, I will get to you.

 >>ALAN GREENBERG:  Certainly if I look at comments from people at-large, some of 
them disagree with each other.  There is not necessarily a single front.  There seems to be 
a general agreement that individuals need to be shielded under some situations and that a 
large company doesn't need to be.  I mean, some of those things are evident.  Exactly 
how we do it, how we make sure that law enforcement or other non-law enforcement 
people who have access can get access is not clear.  But the problem cannot be that 
difficult.  It is obviously.

 >>AVRI DORIA:  It could be an intractable problem.  I mean, it's possible.

 >>ALAN GREENBERG:  But we still need to solve it.

 [ Laughter ]

 >>AVRI DORIA:  We still need to resolve the PDP.

 Okay, Marilyn.

 >>MARILYN CADE:  I want to reference the comment that Vernon made.  It's very 
consistent with a contribution that I made quite a long time ago, now it seems to be, but it 
is actually only in the past PDP and it was about some small steps we could take, and 
that's what I want to address, Avri, because, you know, are there small steps we could 
take that improve or lessen the harms that people perceive to exist.  And I -- I think, in 
fact, we could.

 We could -- as Werner suggested, we could take some steps to address the technology.  
We could look for ways of limiting the ability for mechanized harvesting of displayed 
data.  We could look at rules for Port 43.  Those may not address the larger issues, but 
they might be smaller steps to be taken in the meantime that would still have significant 
meaning to parties who are concerned about whether WHOIS is being used with spam.

 >>AVRI DORIA:  Would those be policy actions or are those like proxy services and 
such sort of implementation things that -- and tools and such, or are they policy issues?

 >>MARILYN CADE:  Well, I would say that if we go back to what justifies to be a 
PDP.  You know, we must remember that there was a time when we decided that we 
wanted to tell the board there should be a policy about something, but we left the 
operational details up to the staff to present.  But we said that there should be a policy.  
That is, there should be a framework.

 I think that in this case, since I assume we would be looking for adherence to practices 
across all accredited registrars, and that there is the potential of having impact on other 
parties, that it probably would take a like policy, at least.

 >>AVRI DORIA:  Okay.  Thanks.  Okay.  Werner, I saw your hand up and then Steve 
and then Chuck.

 >>WERNER STAUB:  I just wanted to add, basically, why I think it is not a policy 
development question, but actually a simple tuning question, remaining in the spirit in 
those small steps of the original WHOIS requirement.  

 I can give an anecdote which actually happened here -- almost here -- the eight years 
ago.  

 There was -- the WHOIS was discussed in the ICANN meeting.  Actually one of the first 
that was held.  And Becky Burr, from the U.S. government, presented the WHOIS 
requirement.  And it appeared at that point that people didn't understand what she was 
talking about, and only at that point, Becky Burr and many other people learned about 
what Port 43 WHOIS meant.

 The original intent was WHOIS over the Web.  Nobody in the policy-making area -- and 
even in the IP area -- had even understood that there was something like Port 43 WHOIS, 
yet Port 43 WHOIS is what, of course, is very practical for scripting, and easy, but we 
registrars are able to handle it, if it becomes a little bit more complicated there.

 >>AVRI DORIA:  Okay.  Thank you.  Steve?

 >>STEVE DelBIANCO:  I would characterize two kinds of frustration.  I'm relatively 
new to the process, having been only here for about a year and a half.  But there's 
frustration over process and this is something I see deep-seated in the comments, as well 
as what I've heard today from people that have been with ICANN for years.  You're very 
frustrated with the process and I'd make a distinction between being frustrated over 
process and frustrated over an unsolved problem.

 There's frustration over the process in that it's simply taking too long and makes a 
mockery of a PDP that goes on for six years.  That's a process concern.  This frustration 
over a process, if the status quo is really stubborn and sticky and it's hard to change the 
status quo, and that would be perceived as a -- as a frustration if somebody wanted to 
change, because the burden of pushing a change is rather high.  And that, again, is a 
process frustration.

 But when it comes to where is the frustration over an unsolved problem that's dying to be 
solved, I'm hearing over and over again that the nature of the problem has changed quite 
a bit from the time when the two sides staked out where they were and have fought this 
death -- death fight for seven years.

 Things have changed, and we keep hearing comments that maybe you have to close this 
PDP down.  I'm not familiar enough with the process to know if that makes sense.  But if 
you closed it down and immediately initiated a new issues report that looked at 2007 state 
of the world and took a look at the problems, at least you should overcome the frustration 
of the type that says, "This has gone on too long."  You should overcome the frustration 
of those that don't like the fact that the status quo is somewhat sticky.  And then we move 
on to truly looking at what is the problem to solve.

 >>AVRI DORIA:  Thank you.  Agree with almost all of that except for "immediately."

 [Laughter]

 >>AVRI DORIA:  Chuck, you were next and then --

 >>CHUCK GOMES:  I don't know how many had a chance to look at the latest draft of 
the WHOIS provisions in the Telnic agreement but I looked at those this week, and I was 
actually quite fascinated by the work that's been done to try and solve some of the 
problems that we're talking about.  Now, I don't know whether they scale to other TLDs 
and so forth or whether that one will even be approved, okay?

 But I think it is evidence, at least, that some work has been done to try and grapple with 
these issues that we've had a terrible time solving, and if, in fact, it's approved, I think it 
will be very good data for us, and a model, maybe, that we can watch, to see how it 
works.

 Because it confronts the issues we're dealing with here head-on.

 >>AVRI DORIA:  Thank you.  Jeff?

 >>JEFF NEUMAN:  I was actually going to make -- I echo Chuck's comments 
wholeheartedly.  I think it's something to watch and it's something that, by the way, the 
inability of the policy process to solve the problem will result in things like funnel 
requests and others to shape the policy.

 So that's one ramification that the council needs to consider is that it's kind of pushing it 
off to another realm, because I think if the Telnic proposal goes through, you're going to 
have others that make the similar proposal and I'm not saying that that's good or bad. I'm 
just saying that that's inevitable.

 >>AVRI DORIA:  Right.

 >>JEFF NEUMAN:  The other thing is, just to address Steve's point as one who has 
been involved for seven or eight years on this issue, the frustration is not the process.  
The frustration that I see is that we have sides that are completely unwilling to move an 
inch or at all, either because they think that their position is right or because they're afraid 
that they -- if they give an inch, it's going to lead to a mile.  So I'm not frustrated with the 
process; I'm frustrated with the lack of ability to focus on a compromise solution.

 >>AVRI DORIA:  Okay.  I'd like to make actually a comment on that one.

 I actually think that there's been a fair amount of compromise over the period.  I look at -
- when I look at the working group and what's -- I see about like 80% compromise.  I see 
a lot of compromising happening.

 I do see some final areas where people haven't been able to reach compromise, but I 
think in a lot of areas, there has been a lot.  So I wouldn't go so far as to say we've got 
people unwilling to compromise.  I think we've got people who are unable to compromise 
some last bit of the way, that prevents it.

 I think some of the -- the things that have been said about terminating a process -- I 
mean, I look at the motions we've got, and I look at Motion 2, and it almost says, "Stop, 
stay with the status co, do studies and then after those studies we'll figure out what to do 
with the WHOIS policy development," but doesn't quite say it.

 And at some point, somebody may make a friendly amendment to it that does make it 
say it.  I don't know.

 We have basically three motions that basically -- two of them say stop it in one way.  
One of them says stop it, move it to an implementation, let's see what comes out of it.  
One of them almost says stop it and stay with the status quo.  One of them says stop it, 
there is no consensus.  A policy without consensus shouldn't be.

 The other thing on the Telnic that I wanted to bring up is:  Part of that is really based 
upon a policy decision that was made that sort of said when you've got a government 
issue that forces you to do something different, propose something different.  In other 
words, we already passed that policy.

 >>JEFF NEUMAN:  But not in that form.  I mean, but it was supposed to be a -- you 
know, but it hasn't been ratified by the GAC or whatever process that has to go through.

 >>AVRI DORIA:  Well, that's another issue that the GAC hasn't ratified what the board 
decided, but, you know --

 >>JEFF NEUMAN:  And again, I'm a registry and I'm fine with taking certain things 
through the funnel if that's the way, you know, those issues have to be decided.  

 But I'm just saying an inability to make a decision here is just going to result in more 
there.

 >>AVRI DORIA:  Okay.  Thanks.  I had a comment in the back?  Okay.  I had Susan.

 >>SUSAN CRAWFORD:  Avri, just a friendly amendment to your characterization of 
the third motion, which is an interesting proposal that I think should be explored in a little 
bit more depth.  It doesn't necessarily say stop.  It says, "Unless this is resolved within the 
next year and a half or so, no more WHOIS."

 This has been characterized as dropping the WHOIS clause from the contracts.  It could 
also be understood as, "All right, now it's time to go the rest -- the next 15 to 20% to get 
to a resolution."

 >>AVRI DORIA:  Yes.

 >>SUSAN CRAWFORD:  So I just want to make sure that that's understood by the 
council.  I think that's the import of the third motion, and I think -- I think it's interesting 
and at least worth discussion.  Thanks.

 >>AVRI DORIA:  Thank you.  Okay.  Who did I -- I had Ross but I had you, right.  
Yeah.  There is a microphone.  There's the microphone.

 >>DAVE PISCITELLO:  Dave Piscitello.  I'm with ICANN, and the Security and 
Stability Advisory Committee and I wanted to ask a question in response to your 
comment about making 80% progress and having seen it in here.

 One of the things I worry about is the effect on the perception of the ability of a 
multistakeholder and consensus process having -- or being perceived as failing if -- you 
know, if we don't do this correctly or we don't come up with an outcome for WHOIS.

 And I think a lot of people in here may see significant progress.  I don't think that the 
community at large is aware of that, and I think at the very least, it's incumbent on the 
GNSO to do a very good job of explaining the kind of progress that they have made here, 
because that is not visible outside, you know, the confines of these meetings.

 >>AVRI DORIA:  Okay.  Thank you.  Ross, I had you next.

 >>ROSS RADER:  Yes.  I think I was going to -- not "I think."  I was going to raise the 
same clarification that Susan had raised.

 You know, I'm not sure that it calls for an end to this PDP as much as it calls for an 
incentive to move forward with something.  Certainly Motion No. 1 does call -- it 
naturally must mean the end of the PDP.  But I -- I think the -- I would certainly be much 
more comfortable with the statements or the intent of Motion No. 2 if that was made 
explicit within that motion that this was, in fact, going to be an end to the PDP.

 My question is:  You know, at that point whatever our intent is moving forward, but I 
think that we can deal with that as part of that process going forward.

 >>AVRI DORIA:  Okay.  Yeah.  Chuck, you.  Oh, and then Milton.

 >>CHUCK GOMES:  Some of you have heard me say this quite a few times before, but 
I strongly believe that it's a faulty assumption to assume that any PDP should result in a 
consensus position.  Somebody -- maybe a couple people -- have already made this point.

 It is good data when you find out you can't reach consensus.  I understand that people are 
frustrated by that, especially if you wanted something to happen there.  But it is, I 
believe, totally false to assume that we should always be able to reach a consensus 
position, and if we can't, that is information we should accept -- now, maybe it will 
change going forward, circumstances will change and so forth, but I really strongly 
believe that's a faulty assumption, and we need to get rid of that assumption.  Otherwise, 
we will look at failure every time we can't reach consensus.  It's naive to think that we 
can always reach consensus on any issue.

 >>AVRI DORIA:  Okay.  At the moment I've got Milton, Jeff, Susan, Alan.  Okay.  
Milton.

 >>MILTON MUELLER:  Yeah.  Chuck, that's precisely the point I wanted to make is 
that let's -- let's face it when we don't have consensus.

 However, let's be also honest about when we don't have consensus, let's not make 
something into a policy, okay?  And that's the genius of Motion No. 3 in this case, is that 
it's the way ICANN was supposed to work.  And you know that because you registries 
insisted that nothing that wasn't a consensus policy could ever regulate you.  Right?

 Now, our end users, the people who register domains, are being regulated by a policy 
that has no consensus, so let's face that fact and get -- you know, not get rid of it, but -- 
but sunset it, and the genius of that, again, is that it makes us go back to the table on 
equal terms in terms of defining what the consensus is.  Okay?

 If you say, "Okay, I'm sitting here on a big pile of money and it's considered mine" and 
you're all negotiating about who should get pieces of that big pile of money, all of you 
have none and I have it all, and I say, "Well, I just don't agree that anybody else should 
get a red cent, and since we don't have consensus, I guess I just get to keep it all, right?"  
I mean that's not an intelligent or honest bargaining for anybody to be in but that's the 
position we're in with WHOIS.  People who have open access have what they want.  Why 
should they agree to anything different?  Now, you know, it may seem radical to sunset 
WHOIS, but I just think that's the way -- I thought that's the way ICANN was supposed 
to work.  That if we really didn't have consensus, it wasn't supposed to be a policy.  It 
was supposed to be up to the market.  And so that's why we're supporting this Motion No. 
3.

 >>AVRI DORIA:  Okay.  I've got Susan, Alan, Steve, Mike.  Huh?  Oh, no, I've got Jeff.  
Sorry.  I -- forgive me.  I've got Jeff, Susan, Alan, Steve, Michael.

 >>JEFF NEUMAN:  Yeah.  I just -- Chuck, you made a point, and you constantly make 
it.  I think you're right, you know, that there's nothing wrong with not being able to make 
consensus.  But to state Milton's position a little bit different is, okay, so then what are 
the ramifications of not reaching consensus?  

 And it's different if we were thinking, okay, what's the best practice way to implement a 
new program that's never been implemented before, and you can't reach consensus, then -
- then your position can be, well, let's let market forces work it out.  But here, Milton's 
absolutely right.  If that -- if the position is you can't reach consensus, therefore, you 
always rely on the status quo, then there's not going to be an incentive by a certain subset 
of groups to ever reach that consensus.

 >>AVRI DORIA:  Okay.  Now Susan.

 >>SUSAN CRAWFORD:  What he said.

 [Laughter]

 >>AVRI DORIA:  Thank you.  Alan?

 >>ALAN GREENBERG:  I'll just state a bit of -- a bit of unease I have over both 2, the 
way it's been slightly reworked -- that is, stop this PDP, do a study and then start another 
one or something --

 >>AVRI DORIA:  By the way, that hasn't happened.

 >>ALAN GREENBERG:  No, no.  I understand.  But the way the discussion has gone a 
little bit.

 -- and No. 3, which says twilight the WHOIS policies and then people will be forced to 
discuss it.

 Both of them have an almost unending time frame associated with an eventual 
resolution.

 >>AVRI DORIA:  Actually, No. 3 has a sunset of 2008.

 >>ALAN GREENBERG:  No, no.  Right.  But then we have to start discussion and we 
start all over again.

 [Speaker off microphone]

 >>ALAN GREENBERG:  Perhaps.  But if not --

 >>AVRI DORIA:  Yeah.

 >>ALAN GREENBERG:  As people have pointed out, it's seven years already or eight 
years or something.  I -- I understand the concept of intractable problems.  I understand 
the problem of not reaching consensus.  On the other hand, the Internet's going to keep on 
going, and we have to make decisions.

 >>AVRI DORIA:  And -- yeah.  Okay.  Steve?

 >>STEVE DelBIANCO:  And I can concur with the cleverness or even brilliance of the 
sunset proposal, but, well, the nuclear bomb was a brilliant invention too.

 [Laughter]

 >>STEVE DelBIANCO:  And I would ask you to think about this for a second:  How 
many contractual provisions that we have today at ICANN, how many policies that we 
have at ICANN today, were not the result of a PDP?  Count them.  Let me count the 
ways.  And every single one of those would be subject to the very same challenge to say 
that this needs to come out, this needs to shut down unless in 18 months someone can 
develop a consensus-driven PDP.

 That is not a process you want to set loose right now on this organization.

 >>AVRI DORIA:  I'm not sure the atom bomb analogy holds, but...

 [Laughter]

 >>CHUCK GOMES:  Hey, we liked it.

 >>AVRI DORIA:  I didn't.  Mike?

 >>MIKE RODENBAUGH:  So here's to follow on, Steve, and maybe finish the point, 
it's -- you know, while the current status quo is not, you know, quote, capital C, capital P, 
consensus policy through a PDP, it seems to me when the RAA was put in place with 
these provisions there had to be consensus between the registrars and ICANN staff --

 >>SUSAN CRAWFORD:  No.

 >>MIKE RODENBAUGH:  And the other people, but honest -- everyone else, I wasn't 
here then in 2000, so please educate me.  How did it get if there.

 >>ROSS RADER:  If I could just clarify from a historical perspective what happened 
there, there was no consensus around WHOIS.  It was put in as a placeholder.  There are 
policies governing the fact that we have registrants and that led to the creation of an 
RAA.  There is consensus policy that wasn't developed through the PDP back in 1999 
that led to that happening.  But there --

 [Speaker is off microphone]

 >>ROSS RADER:  No.  It exists.  There is consensus policy there.  There's official 
ICANN consensus policy on these subjects.

 So we're bound to those things.  The community is bound to uphold those until that 
consensus goes away.  Then we need to form new policy to replace them.

 The WHOIS is the one area where we have neither consensus nor policy to support 
what's in these contracts, so -- I'll stop there because I'm now -- it's not factual anymore, 
it's my opinion, so -- but there is consensus policy behind -- behind this stuff.

 >>MIKE RODENBAUGH:  It just seems to me again on Steve's point, there's many 
situations where there's not been consensus on contractual conditions.  There's certainly 
no -- by no means consensus on VeriSign's, you know, 7%, you know, price hike for 
every year six out of seven years forever, you know, but it is.  So -- WHOIS, same thing.  
It is.  Not only is it, but it has been for eight years.  I think very strongly that the burden 
on -- is on those who seek to change it to prove that it needs to be changed.

 >>AVRI DORIA:  Okay.  I have Chuck and then Kristina.  Oh, and then I got Marilyn.  
Thank you.  And --

 >>CHUCK GOMES:  And I certainly -- and there's a few other people in the room that 
can probably provide this history but I certainly was there when the first contract -- and it 
was just one contract for com, net and org -- with Network Solutions and ICANN.  

 The WHOIS provision was basically a historical artifact because the technical WHOIS 
that was provided was pretty much, other than maybe adding a billing contact because we 
had just a couple years before started charging, so that was a new element, but it really 
was a historical artifact in that that's the way it always was.

 And I don't think anybody at that time -- and I welcome others to challenge this if I'm 
wrong -- really thought about the ramifications of WHOIS because it had always been 
public, it had always been that way, and so I don't even believe it was even discussed or 
negotiated.  It was just kind of assumed, "This is the way it's always been" and nobody 
questioned it.

 >>MILTON MUELLER:  Could I introduce a quick factual correction.

 >>CHUCK GOMES:  Sure.

 >>MILTON MUELLER:  Actually, the process was actually very carefully thought 
about, because when you created registrars, the whole technical basis of WHOIS was 
changed, and you had to make it an obligation of the registrar rather than the integrated 
registry.  And the trademark attorneys at the time knew exactly what they were asking for 
and what they were getting by insisting, for example, on bulk access, and there were also 
attempts by -- by your company to fend off the massive inundation of requests.  There 
was a zone file access agreement, for example, just before ICANN was created in which 
you were saying, "My God, we're being inundated with too much requests."  

 I guess this is mainly of historical interest, but the main point is, people did know what 
they were doing when they created these contractual conditions, and it was done to serve 
the interests of the trademark people who were going crazy with, you know, 
cybersquatting at the time, and thought that they needed this -- this capability, but it was 
not a consensus policy.

 >>AVRI DORIA:  Okay.  Kristina?

 >>KRISTINA ROSETTE:  This is not intended to be inflammatory.  Having said that --

 [Laughter]

 >>KRISTINA ROSETTE:  No.  It's really not.

 I am sitting here as someone who is relatively new to this process, and I can certainly 
understand why those of you who have been working on it for so long are extraordinarily 
frustrated with what you may perceive to be the inability to reach some kind of 
resolution.

 But as far as I'm concerned, it seems to me that it's more important that we get it right, 
that we make sure that we either get to the point where we acknowledge that there's no 
way we're ever going to come to an agreement or we say, "Look, there's more work to be 
done."  There should have been more work in the first instance.  And as far as I'm 
concerned, that's really -- you know, that's the camp I'm in.  That's why I proposed 
Motion 2 in the first place.

 I mean Bruce has just posted to the council list something -- a quote from the issues 
report back in 2003 where the staff recommended that the council not initiate a PDP until 
there was significant additional factual work done.

 The council itself has recently recognized that, as recently as San Juan, when we decided 
to hold off on going ahead with the PDP on domain tasting until we had the opportunity 
to gather more facts.

 And as far as I'm concerned, it seems more important to me that we get it right than we 
just throw up our hands and say, "We can't do this anymore, and we have to just decide 
now because we're just tired of it."

 >>AVRI DORIA:  Okay.  I had Marilyn next.

 >>MARILYN CADE:  I was actually in the queue a little earlier, but now I can -- having 
not spoken then, I can only applaud the comments that have just been made.

 I remember the staff managers issues report of 2003, which very clearly suggested that 
there had to be more analysis done before we started a PDP.

 I also believe that we have all come to understand the importance of starting our 
understanding of an issue with the data gathering and analysis before we get into opinion 
vetting, and, you know, our present policy process frankly has put us too early for many 
topics into opinion vetting.

 I don't think we can suggest that it's good to make uninformed policy.  Even if we have 
spent a lot of time so far, the question really is:  Do we have the data we need to make 
informed policy?  And if we don't have, I think we actually have the means to get that 
data and then decide whether to move forward.  So I'm in the camp, as well, as a member 
of the community, of thinking it would be worth knowing these facts, and then deciding 
whether or not we modify policy.

 I'll just make one final point.  You certainly can pass a resolution that says, "Okay, we've 
decided we've had enough and so now we're going to sunset something," but I'll point out 
that you actually didn't start with an issues report that took that into account, and so I 
would say you actually haven't thoroughly considered the consequences of that.

 >>AVRI DORIA:  Thank you.  Any other comments?  Okay.  Susan?  Oh, I have a 
Susan hand and what other --

 >>PAUL STAHURA:  I just didn't want Marilyn to have the last word, so go ahead, 
Susan.

 [Laughter]

 [Speaker is off microphone]

 >>SUSAN CRAWFORD:  Just very briefly, there hasn't been a lot of discussion about 
the working group report.  Just this afternoon.  And I actually didn't feel it was so lacking 
in substance as some of the comments seem to suggest.  Are there any supporters of the 
working group report here in the room who think that there's enough flesh on the bones?  
Anybody have that view?

 [Speaker is off microphone]

 >>SUSAN CRAWFORD:  What's that?

 >>AVRI DORIA:  I'm not sure I understand the question.

 >>SUSAN CRAWFORD:  Okay.  Here's the question:  I'm not hearing a lot of 
discussion about the OPoC proposal, what's left to be done on it.  I mean, I haven't heard 
anybody saying there's enough in the working group report to use to go forward with an 
implementation document with staff.  So far, I've only heard the negative of that, that 
there isn't enough, we shouldn't go forward with the implementation.

 I just, as an observer here, I'd be interested in hearing from anybody who has the other 
point of view, that there's enough to go forward with implementation.

 >>AVRI DORIA:  Yeah.  I mean that's certainly the point that I was arguing in putting 
through the motion and saying that there's enough in the report, plus community 
viewpoints, for the staff to go forward with an implementation.  Maybe it's -- it's from my 
background in coming from you design, you code, you change the design because the 
code didn't look quite right.

 And so at a point of -- I see a lot of stuff has happened, and I certainly think enough has 
been done for the staff to implement the 80% or put an implementation proposal forward 
for the 80% that is in fair agreement.

 There's a few things that don't have agreement.  There's a few things that are still open 
issues.  I've noticed from working with the staff on the gTLD process that when they 
have one of those issues that we haven't responded to adequately, they get really creative 
in asking the questions about, "Well, did you mean this or do you mean that?  How would 
this work?  Does this satisfy?"  And at that point, you've left the realm of us arguing 
about our principles and are arguing about, well, does this satisfy, does that.  That was 
just sort of trying to answer, was there anyone that thought there was enough.  Yeah, I 
thought so.  And now I've got Ron and Steve but I had Paul before, right?

 >>PAUL STAHURA:  I'm good.

 >>AVRI DORIA:  Oh, you pass and I have Milton.  So I have --

 [Speaker is off microphone]

 >>AVRI DORIA:  Okay.  I just wanted to make sure.  So I've got Ross, Steve, and I 
couldn't tell which of you got your hand up first because I was so busy rattling on that I 
wasn't looking.  And I have Milton.

 >>ROSS RADER:  I'll just take the mic then.

 >>AVRI DORIA:  Oh, okay.

 [Laughter]

 >>ROSS RADER:  I don't want to forget how we got here, and I think Susan's question 
kind of turns that rock over for us.

 Back in March, there was a -- a view that there was -- there wasn't a view.  There was a 
vote of council whereby the majority of the council supported the recommendations as 
written at that point in time.  There was a proposal put forward which benefitted from 
supermajority support of the council that further discussion might bring about further 
agreement.  We then went through a working group process whereby we had reams of 
paper and multiple recommendations put forward that turned into a report that magically 
nobody now agrees with.

 I think to answer Susan's question, nobody supports -- as far as I can tell -- what 
happened in that working group, which means we need to go back to the last point of 
agreement and move forward from that basis, or take an explicit action to move in a 
completely different direction, as has been discussed today.  But I'm not hearing that that 
includes the work of that working group.

 >>AVRI DORIA:  Okay.  Thanks.  Steve and then Milton.

 >>STEVE DelBIANCO:  As Susan indicated, there's quite a bit of meat in there, and I 
agree:  The meat that's in there, however, is a problem.  

 Milton said, just as you were saying that, there's too much meat on those bones in the 
working group report, and that's because the working group report, it really didn't go 
away.  It's resurfaced.  Staff -- and by the way, staff has done an outstanding job on these 
WHOIS summary reports and the implementation notes.  Read the implementation notes.  
You'll see that once you get back the seemingly simple decision to proceed with OPoC, 
you're left with the critical confrontation problems about, well, what responsibility does 
the OPoC have?

 Take a look at relay and reveal as indicated in the implementation notes.  These are 
problems the staff has identified are going to have to be dealt with anyway.  I don't even 
know what mechanism ICANN has to work out controversies when staff is being charged 
with doing implementation.  I mean, in the PDP is over and they're in implementation, 
what process do we invent to work that out?  And then go to the next page of the staff 
implementation notes.  Once we figure out what are the responsibilities of an OPoC, you 
know, reveal and relay, then there's access.  And as Chuck indicated at the beginning, in 
the registries' comments, access isn't worked out at all.

 Motion No. 1 of approving a proceeding with OPoC doesn't really say anything about 
access to unpublished data, so all those controversies, the place where the meat of the 
report is and the place where the controversy still lives, are still there.  The 
implementation notes reveal that we are -- we are not really making a giant leap forward 
by approving OPoC.  We're just simply changing the venue in which those controversies 
have to get worked out.

 >>AVRI DORIA:  Okay.  Milton?

 >>MILTON MUELLER:  Yeah, I think in some ways, I'm agreeing with Steve, which is 
interesting, but --

 [Laughter]

 But I did want to emphasize there is a lot of good stuff in the working group report, we 
did work out details of a lot of things.  For example, it was clear that it was a crazy idea 
to try to accredit OPoCs.  Nobody wanted to do that.  Well, some people wanted to do 
that.

 It was clear that we would only protect the data of natural persons and we rejected the 
idea of trying to also add on to that the criterion of non-commercial natural person 
activity.  That was a good discussion.  We came pretty much to an agreement on that, 
agency and so on.

 So we got quite a bit down the road and then it came down to the reveal which is where 
some of us just started getting really scared about the implications of this.

 And when it came to access, I never understood what is the difference between "access" 
and "reveal."  If you can tell people to reveal the data, you are getting access, aren't you? 
that's what we called Tier 1 access.  But it really was -- it came down to these 
disagreements about taking it the next step and giving people access with conditions 
under that and that's where it broke down.

 >>AVRI DORIA:  I had Jeff next.

 >>JEFF NEUMAN:  The same arguments you raised, Steve, number one be could be 
raised  against number two because instead of going forth trying to figure out a solution 
to reveal, the proposal is to do studies opposite what the actual harms are in privacy that's 
affected which seems to me be to a huge step backwards.

 It shouldn't be future studies.  It should be maybe solicitation of experts from different 
industries to figure out if there's any parallel or some kind of expert analysis on how to 
solve the problem rather than let's just do a study of how people are affected because that 
takes us back to the workshops way back.  Marilyn led the workshops in Montreal in 
2003.

 There is plenty of data from different groups on how they're affected.  Plenty of data 
from law enforcement of how much they needed.

 I don't think anyone should take a step back and do those kinds of studies.  It should be -- 
two should not be studies, but it should be -- let's figure out how to get a solution.

 >>AVRI DORIA:  Okay.  Steve?

 >>STEVE DelBIANCO:  Jeff, I'm more optimistic because I really trust the innovative 
drive of the registrars in the market.  Samuel Johnson once said, The man is seldom as 
innocently employed as in the making of money.  

 And it is certainly the case that services that registrars and others, that registries can offer 
are actually going to be a much better answer than another round of ICANN processes.

 So I'm optimistic that if we shut down the PDP and do an issues report that if we 
discover -- to Milton's point, if we truly discover there are nations -- privacy officers that 
are concerned and we discover that certain spammers can still get access to unprotected 
WHOIS data, that he we can see market solutions to those two that are far less 
controversial than moving forward with something like OPoC where we haven't worked 
out any of the details behind "reveal" or details behind "access."  So I'm optimistic.

 >>AVRI DORIA:  I was going to object that we haven't worked out of the detail but 
having worked out any details to "reveal," that's...

 Was there any other comment at this point?  Okay, Ross.

 >>ROSS RADER:  I had a question, actually.

 >>AVRI DORIA:  Sure.

 >>ROSS RADER:  Was pressure points for the registrars, registrants, is the lack of 
meaningful exemptions under the current contractual conditions.  I believe that we 
implemented a policy recommendation -- or we forwarded policy recommendations to 
the board many, many moons ago.  It's been hijacked -- I mean, analyzed, considered by 
the GAC.

 What's the current status of that?

 >>AVRI DORIA:  Okay.  And someone from the board will correct me.  As I 
understand it, the board actually approved -- I mean, we sent it as a supermajority opinion 
so the board did not have a supermajority opinion against it and approved it, I believe, by 
a supermajority.

 And I believe that if there is an issue anywhere, it's in the implementation.  Now, I 
personally -- maybe someone from the board can explain where the waiting for the GAC 
to respond becomes material at this point.  The GAC certainly has the ability to -- while 
the board is considering something, to send advice and ask for that, but the board has 
already approved it.

 So I'm not really sure that I understand -- I understand that there is some issues in the 
implementation of that.

 >>ROSS RADER:  The only reason I ask that question is because -- I'm sympathetic to 
Steve's argument that the market will help take care of the problem.  Unfortunately, there 
are legal reasons for following the law as opposed to selling a service.

 I'm not sure that the capability to sell a proxy service will necessarily fulfill the 
requirements, for instance, Canadian privacy legislation.

 I'm not saying that WHOIS is currently consistent or inconsistent with Canadian privacy 
legislation.  But were it found to be inconsistent, it would be nice if we could avail 
ourselves of those exemptions sooner than later.

 >>AVRI DORIA:  And as I understood it -- I don't know if there is anyone either from 
staff or the board that can respond to the question.  Yes, Olof?

 >>OLOF NORDLING:  Just give full background of the situation, I think there is an 
expectation that the GAC should provide a comment to this, and that is part of solving it.

 >>AVRI DORIA:  But on what -- I mean, certainly the GAC by bylaws was certainly 
free to comment before the board made its decision.  The board having made its decision, 
why would people still be waiting for a GAC comment for implementing the decision?

 >>DAN HALLORAN:  If I could -- I know this is of interest.  I saw there was 
something about I think Kurt in some minutes that said something about this.  I thought 
Milton had a block of specific interest, so I'm guessing there will be a better answer 
coming at some point.

 >>AVRI DORIA:  But there is a fair amount of interest.

 >>DAN HALLORAN:  Just to respond to Ross' immediate question, I don't know what 
will be the formal answer.  Keep in mind, this is -- the thing that the GNSO 
recommended and that the board adopted was that ICANN should have a procedure.  It 
wasn't a new -- like a consensus policy that was going to be binding on registries and 
registrars.  It was we want you guys to have a procedure when a registrar or registry 
comes to you and says we got a problem with our privacy laws.

 We posted a draft implementation of that procedure in order to comply with the 
recommendation.  That doesn't mean you guys can't come to us if you got a problem 
today and means we might not follow exactly that procedure that's documented.  I am not 
sure exactly what procedure we would follow.  It doesn't mean you guys are out in the 
cold if you do have a problem today.

 >>AVRI DORIA:  Any other -- yes, Milton?

 >>MILTON MUELLER:  So what's the problem with just implementing the procedure 
that was passed unanimously by the board?

 >>ROSS RADER:  (inaudible).

 >>AVRI DORIA:  You don't want that one on the microphone?

 >>MILTON MUELLER:  I didn't hear you.

 >>AVRI DORIA:  Tell you later.

 >>DAN HALLORAN:  I won't comment.  I don't know the official answer about all the 
niceties of what's going on with the board, the GAC, the policy implementation.  

 But whether or not -- even before we had a procedure, if Ross as a contracted party came 
to us and said we got a problem, we will sit down and deal with that problem like we did 
-- in the past, we made changes to WHOIS.  I think it was dot name we modified their 
WHOIS.  

 Just because we haven't  implemented this procedure based just on your consensus 
policy advice doesn't mean the contracted parties are -- I just didn't want Ross as an 
important partner of ICANN to think he is left out twisting in the wind because we 
haven't implemented this procedure yet.

 >>AVRI DORIA:  Okay.  Anyone else have a comment?

 So we've talked about the motions.  As I say, the motions are on schedule to be voted on 
on Wednesday.  We will have more discussion on this.  We will have open discussion.  
There can still be proposed amendments on the motions, either amendments that need to 
be voted on or friendly amendments or self-amendments, now that we've talked about it.

 If anyone feels -- especially with discussions on constituency day, whether people come 
up with, you know, some other that takes into this.

 I would actually like to add one last comment as I close and one of the things that I think 
has also -- and this is sort of in this success but hard to touch, I think some of the changes 
in the status quo, some of the new features, some of the new whatevers may have actually 
had some sort of origin in the discussions that have been going on as part of the PDP.

 And so I think in going along with sometimes the process can be a success even if it fails 
is because people understand the whole lot more about the concerns of each other, what 
the problems are and it is what allows the people to be creative and say, Oh, okay, I 
understand the problem, let me create a widget that fixes it.

 So I in no way -- seven years -- fortunately I have only done three of those seven years -- 
maybe four.  No, three of  those seven years is a long time not to reach a closing and 
consensus.

 I truly believe that we have to bring this one to a close one way or another, but 
whichever way it ends, whether it's sunset, whether it's whatever, I don't believe it is a 
failure because the status quo has changed, the world has changed, we understand a 
whole lot more about what the role and non-roles of WHOIS are.

 So at that, I would like to say there is break -- coffee break and then we will come back 
and we will start betting into some of the studies to date and what facts are actually on the 
table at this point.  Thanks for these discussions.

 (Break)

 >>AVRI DORIA:  Okay.  Hello, hello?  It is now time to get started again.  In fact, I'm 
actually a minute late in doing this.  I apologize.  But I know people don't want to go too 
late tonight and I did stick an extra hour on to the schedule so we should get started.  
Okay.  That's great, thank you.

 Okay.  What we've got on at the moment is for the next essentially hour and half we, 
basically, have a discussion on the studies that are being done.  The first one is on the 
WHOIS study that the council asked ICANN to do, and then there will be discussion on 
the SSAC report on the WHOIS spam study.  Obviously, it is a time for us to ask 
questions to try and understand what's going on.

 Certainly, the -- many of these studies are not complete yet so it is a really good time, 
perhaps, to comment on them so I guess, Liz, you'll start and I'm not sure.  Is Steve 
coming in -- you will be doing it, okay?

 So in which case...

 >>LIZ GASSTER:  Great.  The slides that I am going to take you through are essentially 
just an abbreviated version of the staff report on the WHOIS study requested by the 
GNSO Council that was distributed on the 4th of October and also is available on the 
GNSO and the WHOIS Web site.

 So if you want to kind of follow along, that's the document to look at.  And the purpose 
of the slides is really twofold.  One is just so I can summarize very briefly questions that 
staff had and the thought that staff gave to the resolution that the GNSO Council 
approved and also just to highlight the questions that we as the staff had in terms of 
actually implementing the studies.  So hopefully we will stimulate some discussion.

 And what we'd really like out of that discussion is further guidance from the council on 
the questions that we've identified.

 The first slide here just restates the resolution that was passed with regard to the studies.  
And I'm just going to read through it.  The GNSO Council requests ICANN staff proceed 
with a study of gTLD registrations and registrant it's and how WHOIS data is used and 
misused as described in the GAC principles regarding gTLD WHOIS service, paragraph 
4.2, and by the working group final outcomes report.  This study should include a review 
and analysis of the different proxy services available today and summary of any other 
statistical studies that staff can locate and the GNSO Council ask that the staff report 
back to the council on the 4th of October.

 That is the resolution that was passed, and what we did as staff was essentially just tried 
to parse through the language in the resolution to understand what was really being asked 
of us to do and so that's what the rest of the slides are intended to do, just highlight the 
specific directives that we were given and highlight questions that we had about what was 
really being asked of us in terms of proceeding with the report.

 So when you look at this statement of the resolution, you notice that the first substantive 
phrase talks about requesting ICANN staff to proceed with the study of gTLD 
registrations and registrants.

 So let's just stop right there and calling that first clause, if you will, study number one or 
study portion number one because I think it is a discrete -- if we're understanding what 
has been asked of us in the resolution, I think that's a discrete concept and so the question 
that staff is really asking you-all is how should the school of this study of registrants and 
registrations be defined.  What is it that we should actually be studying?  What are the 
questions that the council has that they want this study to answer?

 And what we've done is just highlighted what we think would be some possible or, 
perhaps, likely areas of interest just based on the discussion to date but these are by no 
means definite at all.  They can be changed, modified, amended, deleted, added to at your 
direction.  

 So, you know, just to kind of throw these ideas out, we could do a study that would look 
at the number of total registrations that are natural persons, or try to determine how many 
are natural persons versus legal persons.  

 We could try to assess levels of accuracy of registration data.  And just as an aside there, 
that's not something that we would do independently, meaning there is already a study 
underway by the ICANN compliance group to look at who -- the accuracy of registration 
data.

 If that is the kind of information that's being sought, if people feel that greater 
understanding of accuracy of registration data would be useful for the purpose of 
exploring WHOIS, then we would look to that study which is underway and which I 
think there will be an update to that study provided in the course of the next week.  We 
would look to that data as fulfilling that need but we could possibly tweak future 
accuracy assessments by the compliance group if there were additional attributes or 
aspects that you'd want to include.

 Certainly, we could look at the use of proxy services and privacy services among 
registrants and just to distinguish between this and the request further on in the resolution 
that asks us to look at proxy services available today, what we are suggesting is an area of 
study would be the quantifiable aspects rather than the qualitative what is a proxy service 
and what is available today and what is a privacy service.  So it is a quantified of how 
many registrations are using proxy services.

 What other characterizations of registrants and registrations should be studied.

 I should briefly tell you that the subsequent slides look at the other phrases in the 
resolution.  

 The next one being uses and misuses of WHOIS.  The third aspect of the study more 
detail and looking for more understanding on the proxy services.  And then the fourth 
aspect is just the -- what other studies that staff is aware of.

 What I would suggest, Avri, is that I pause after each slide and give you a chance to 
discuss maybe what was meant here and we will capture that and then go on to the next 
area of study.

 >>AVRI DORIA:  Great suggestion because I was about to ask you if it would be okay 
if we did that.  I have Steve and I have Lynn and I have Chuck and Ross for an initial list.  
Okay.  Steve.

 >>STEVE DelBIANCO:  Thanks, Liz.  With respect to the third bullet on there, 
percentage use of proxy services, it won't be sufficient to just analyze the current stock of 
all registrants and those which use proxy and not.  What would be necessary to support 
the decisions we would want to make is to look at the new flow of new registrations and 
of the new registrations how many of them are electing proxy.  So it is more of looking at 
the flow of decisions that are made by consumers than just the stock because there is 
quite a big stock in place and it is very hard to move that average.

 Secondarily, looking at some registrars who are -- registrars who are vocal about 
advertising, the ability to offer proxy because with some registrars, there will be a higher 
percentage accepting because there is a better consumer awareness of that option.  So it 
would actually be -- flows, perhaps, by month, by registrar in order to know the data of 
consumer uptake of a privacy protecting service like proxy.

 >>AVRI DORIA:  Okay.  Lynn, do you have the --

 >>LYNN GOODENDORF:  I will just use this one.  On the last point about what other 
characters of registrations and registrants should be studied, I think it would be very 
relevant to try and study what percentage of registrants in all categories are collecting 
personally identifiable data.

 >>BRUCE TONKIN:  Do you mean registrants?

 >>LYNN GOODENDORF:  I'm sorry, I may have said this wrong, registrants who 
register domain names that I think it would be relevant to try and determine how many of 
those domain name registrants are collecting personally identifiable data.

 >>MARILYN CADE:  Can I ask a question of clarification?  I think I probably 
understand what you would mean but it would be better to illustrate it.  So, for example, 
hypothetically, not to pick on an industry, sector, but a hotel or a bank might themselves -
- they are a registrant.  They may in a service they provide also collect identifiable 
information.  

 I'm not sure that would be in any way visible or measurable, but I wanted to make sure 
that was what you were asking.  Is that --

 >>LYNN GOODENDORF:  Yeah.

 >>MARILYN CADE:  I will pick on AT&T as my client as an example.  AT&T is a 
Tier 1 in the U.S. and they are also a broadband provider in ISP.  There would be no way 
of telling of their registration of ATT.net or ATT.com what the services are that they 
operate that might collect data.

 They are subject to U.S. law, and they have an online privacy policy so you can tell from 
going to their Web site but you couldn't tell from going -- you couldn't tell -- I mean, I 
think it really depends on how this test -- how this were structured.

 >>BRUCE TONKIN:  (inaudible).

 >>MARILYN CADE:  You have to do an online survey.

 >>AVRI DORIA:  Did you want to comment?  Yeah, grab a microphone.

 >>DAVE PISCITELLO:  So -- 

 >>AVRI DORIA:  Give your name.  >>DAVE PISCITELLO:  This is Dave Piscitello.  
There are two different aspects of what you're asking.  One is, I think, Marilyn addressed.  
If the company has a domain, there are any number of ways that they would collect 
personal information.

 The second way is that you can go to the Web site and you could check the privacy 
policy.  If they are P3P compliant they would have a privacy policy that would disclose 
whether or not they're collecting personal data.

 That could be automated.  The problem is that the degree of acceptance of P3P policy is 
relatively low and so the accuracy of the study would be biased by the ability to automate 
to the sites that would be compliant to P3P.

 >>AVRI DORIA:  Go ahead to the queue ahead.  Chuck, you were next.

 >>CHUCK GOMES:  As I look at the third bullet there, it seems like it would be useful 
to not only give the broad percentage but to identify the percentage of use of proxy 
services for natural persons and for legal persons so that you see the use of both there to 
the extent that it's visible.

 >>AVRI DORIA:  I have Ross next.  I have got you on the list.

 >>ROSS RADER:  Just two quick comments.  Each TLD has policies that would affect 
the use of those TLDs so I think it would be interesting to see that broken up by TLD.  I 
think it would be useful to see the inverse of this data.  I think if we see 30% of 
registrants are natural persons -- or even a better one.  30% of registrants using proxy 
services, I would like to know a little bit about the 70%.  For instance, are there a 
conscious segment of the population that is declining proxy services because they see a 
benefit in being publicly known?

 >>AVRI DORIA:  Okay, thank you.  At the moment I have Paul and Alan, then Jeff, 
then Tim, and then Milton.  Okay.

 Paul?

 >>PAUL STAHURA:  Besides looking at which registrars are offering the proxy 
services or marketing them, I think we should also look at resellers because I know, for 
example, Google, every name they register is automatically on proxy service.  So I 
wouldn't single out just registrars.  I would look further down the chain into the resellers.

 And then also, I think I agree that we need to look at what's happening  most recently, 
and it takes a lot to move the needle in the giant mass.  I would split that up into the 
names that choose to use proxy during the tasting -- during the five-day -- people call it 
tasting period and then also look at which ones that exit the five-day add-grace period, 
which ones are on proxy after that.  So I would split that up into two components.

 >>AVRI DORIA:  Okay, thank you.  Alan?

 >>ALAN GREENBERG:  I would like to think the results of this kind of study mean a 
lot.  I'm not 100% convinced we'd only have organizations like Google that put things 
into proxy.  We would have all of the Web site hosting services that sell a Web site for $3 
a month and free domain name which they register in their own name and the name of the 
real customer never gets outside of the hosting company.

 So there is just so many noise in the data that we out there right now, it is hard to know 
how much faith to put in the final results.

 >>AVRI DORIA:  Dave, were you going to comment on that?

 >>DAVE PISCITELLO:  Yeah, just one more.  I think you are right about the noise.  
Addressing an earlier comment about trying to understand degrees of harm or misuse, 
one of the things that we have been discussing with some of the people from the anti-
phishing working group is trying to correlate use of proxy services with domain names 
that are demonstrated to have been used for phishing attacks.

 And so that actually gives you a correlation in saying are natural persons using proxy 
services or are people using proxy services to conceal themselves or their identities from 
a malicious act.

 >>AVRI DORIA:  Okay, thanks.  Going back to my list, I now have Jeff, Tim, Milton, 
Paul.

 Okay, Jeff?

 >>JEFF NEUMAN:  So as a non-council --

 >>AVRI DORIA:  And Margie.

 >>JEFF NEUMAN:  As a non-councillor, I have a question and then a point.  My 
question is, what is the relationship between these studies and what we were just talking 
about in the last -- for the last three hours or so?  In other words, I guess, my ultimate 
question is why are these studies being done and being led by the GNSO Council as a 
mandate?  I don't understand the relationship to the last few hours.

 Because let's say hypothetically if option one is voted, which is to go forward with 
OPoC, then why is this being done?  Or number two is are these the studies that are 
referred to by the motion number two?

 >>AVRI DORIA:  Okay.  I will answer the question, even though I am not on the list.  
In terms of motion one, the way I conceive of it is we would have results of these studies 
pretty much the same time we had the draft implementations and that one would serve as 
almost a sanity check on the other.

 In other words, they would proceed in parallel.  Why are we doing this?  Partly because 
the working group recommended that the studies be done.  The GAC recommended that 
some studies be done.  Therefore, we requested that studies be done.

 The difference between motion one and motion two as I understand them is motion two 
says wait for the studies before proceeding with OPoC or anything else.  Whereas, 
motion one says proceed with OPoC in parallel with the studies and then when you've got 
the draft there and you've got the studies, then you, basically, check and obviously staff is 
working on it all at the same time and it's, basically, proceed on parallel tracks.

 So I would say that's the relationship.  And the relationship to motion three is the studies 
go on in parallel with the moves to --

 >>JEFF NEUMAN:  I guess, I'm not sure it is in the GNSO Council role of manager or 
policy developer.  I'm not sure why the GNSO Council is leading this.  It certainly -- if 
GAC recommended studies be done, that's great.

 >>AVRI DORIA:  And working groups.

 >>JEFF NEUMAN:  Putting that aside I am always a step aside.  So what are we going 
to do with the results.  Studies are great and good and maybe even academic.  But what's 
the purpose?  How are we going to use them?

 Let me get to my actual comment.

 >>AVRI DORIA:  Sorry.

 >>JEFF NEUMAN:  On proxy services, it is kind of interesting because you need to 
define it because a lot of people -- us as an intellectual property owner do it a lot.  We 
have law firms that register names on our behalf, and they are in essence our proxy until 
we decide to make it public that it is actually us that owns the name for a number of 
business reasons.  It is not uncommon for companies to do that.

 So you really need to define what a proxy service is or a privacy service.  Paul and I 
were having the conversation.  A lot of companies use so-called privacy services for a 
number of different reasons.

 >>AVRI DORIA:  Okay, thanks.  I have Tim, Milton, Paul, Margie, Steve.

 >>TIM RUIZ:  My question or comment was, basically, what Jeff just had expressed 
that defining what proxy service is or defining what privacy service is they have existed 
for a long time, long before registrars or anyone else started calling them proxy services 
or privacy services.  

 So that was a question if that was going to be all-encompassing or just how that was 
going to be defined.

 And then the other question I had is there a potential outcome on Wednesday where the 
studies would not be done.  I guess, what I am hearing is that regardless of what 
resolution is passed or how it is amended or anything changes these studies are going 
forward.  Is that correct?

 >>AVRI DORIA:  I believe so unless someone comes up with a motion to recommend 
that they stop the studies.  But GAC also asked for it.  So, yes, I believe none of the 
motions stop the studies.

 >>BRUCE TONKIN:  Because the GAC is, I guess, providing advice whereas the 
GNSO is the policy body that can initiate a request to staff to do it.  I guess under your -- 
I just want to clarify, is this being done under the current UDRP or are you requesting an 
issues report and saying this is the information you need?

 >>AVRI DORIA:  Right.  It was not done as an issues report.  It was a request under the 
PDP.

 >>BRUCE TONKIN:  Under the current?

 >>AVRI DORIA:  Yeah.

 >>TIM RUIZ:  Can I finish the question?

 >>AVRI DORIA:  Yes.

 >>TIM RUIZ:  So then, I guess, what my follow-up question would be then is that if the 
outcome on Wednesday is that, you know, "thanks for all the hard work but there is no 
consensus, we can't move forward with anything, we are not making any 
recommendations and this is the end of the PDP," if that's the outcome, then what policy 
development process or what policy work are the studies supporting or being initiated for.

 >>AVRI DORIA:  Okay.  Thanks for the question.  It is a good question.

 Okay.  I will have you on the list.  I have Milton next.

 >>MILTON MUELLER:  Yes.  Part of what I was going to say was covered well by 
Jeff, thank you very much.

 I think just to put a finer point on it, I want to know when you're saying a particular piece 
of data should be collected, how does that relate to a particular policy decision that we 
would be making?  For example, if we discover that, you know, 30% of the natural 
persons are registers under proxy services and -- does that say something meaningful to 
you?  Does that 40% mean -- I can understand this is interesting data.  It provides a 
factual basis that we need to know.

 But I would want any GNSO-supported study to be extremely closely tied to specific 
policy questions that we're trying to answer and we feel we can't answer properly without 
having the data.

 >>BRUCE TONKIN:  The cost to do so (inaudible).

 >>AVRI DORIA:  Let me put you on the list or use the microphone.

 >>MILTON MUELLER:  Aside from that I wanted to say that the GAO had done a 
study of accuracy of registration data, of fairly systematic analysis of that.

 And just partly in fun I wanted to add some other data points we might collect.  For 
example, number of automated cease and desist letters sent out by trademark attorneys 
based on WHOIS data.  That would be interesting to know.  Number of automated cease 
and desist letters that have to be withdrawn because they weren't really dealing with 
infringement.  Identification of companies that make money selling and compiling 
WHOIS data.  How much money they make, how much they charge for it.  That would 
be interesting to know a couple of those.  That's it.

 >>AVRI DORIA:  Thank you.  Paul?

 >>PAUL STAHURA:  They are going to make a lot on this survey because this is a 
really difficult, in my opinion, nut to crack, especially -- the first subbullet on the second 
bullet, percentage of registrants that's natural persons, that's going to be really difficult 
because, first off, you have proxy.  How do you know the information behind the proxy?  
You'd have to somehow -- right -- get through the proxy service or the protection service 
amongst all the registrars to get that information.  That's going to be -- or a giant sample 
size or something.  That's going to be a tough one.

 Then the data that's not behind the proxy, it's just by looking at the data, it is not easy to 
detect whether or not it is a person or a sole proprietorship or whatever.  I just think it is 
going to be a tough problem to solve.

 >>AVRI DORIA:  Margie?

 >>MARGIE MILAM:  My point follows up on what Paul just said.  I think it might be 
interesting to study because it is difficult to determine whether someone is a person or 
not, whether the use of the Web site is commercial or non-commercial because I think the 
policy may depend upon what the actual use of the Web site associated with that domain 
name is.

 >>AVRI DORIA:  Can, thank you.  Steve?

 >>STEVE DelBIANCO:  Jeff's question about why is the study being done under GNSO 
auspices, and then Avri your answer was about being in parallel with regard to your 
motion, motion number one of proceeding with OPoC.

 But just before the break in response to a question that Susan brought up, the working 
groups said that the responsibilities of the OPoC were unspecified in the OPoC proposal.  
Does that mean that on purpose there was to be no responsibilities or was that simply left 
to be an implementation option?  And the working group took it as the latter, that doing 
the implementation plans for the OPoC would include an assessment of what could and 
should be the responsibilities of the OPoC for relay and reveal in the same sense a proxy 
does a relay and reveal.

 So the need for the study, I said earlier, should be, in my opinion, a gating mechanism as 
to whether to proceed.  But even under your motion to proceed with OPoC, I think staff 
has to do the study to figure out what the responsibility should be in implementation.

 And then the second part of the study that has to be done, what are the mechanisms for 
getting access to unpublished data.  That's another of the studies we had asked for in the 
BC motion because again the OPoC proposal as written says nothing about access 
mechanisms to the unpublished data.  Therefore, there has to be an implementation plan 
done by staff.  

 So if staff does a study in order to do an implementation plan, I guess it is under GNSO 
auspices because we've asked them to do an implementation plan.  But it isn't if it's a 
study as an end in itself.  Rather, it is a study to feed the implementation plan.

 >>AVRI DORIA:  Okay, thank you.  I had Marilyn next.  I got you on the list.

 Marilyn?

 >>MARILYN CADE:  I'm just going to point something out on a document that I'm 
reading here published --

 >>AVRI DORIA:  On your Mike.

 >>MARILYN CADE:  On the question of percentage of registrants that are natural 
persons, there is a 2005 study by VeriSign that has data about natural versus legal persons 
and dot com and dot net.  And what I recall is it gave an estimate of X percent.  So, 
clearly, there is some methodology that can be used to get at that.

 I think there is another characteristic that would be helpful to just remember, and that is 
not all registrations turn into live DNS.  So let's say there are one or two or three, four, 
five million names that are registered but do not have live DNS, you won't be able to go 
to a Web site to verify them.

 The only -- and so you probably need to know that because those are names that are, 
perhaps, in the secondary market or, perhaps, they're on  my shelf and I polish them.  But 
whatever reason they're registered but they're not -- there is not going to be a Web site.  
So we ought to think about that whenever we think about structuring the study.

 But I did just want to call your attention to this 2005 study by VeriSign which apparently 
able was to discern the difference between natural versus legal persons.

 >>AVRI DORIA:  Thank you.  Ross?

 >>ROSS RADER:  I guess, I'm confused again.  Going into this first slide, I was under 
the impression that we were conducting the study pursuant to passing motion number 
two.  I'm hearing that's not the case.  We are proceeding with these studies no matter 
what?

 >>AVRI DORIA:  That had been my assumption.  But on hearing a lot of people speak, 
I am coming to the conclusion that's something that we'll have to discuss on whether the 
studies would continue or not.  My presumption had been that, yes, and certainly with 
motion one it seemed reasonable to me that they would proceed.

 With motion three, it seems less reasonable to me.  But it is something that obviously we 
would need to discuss.  And because of the formality, I guess, of the studies being part of 
the PDP and if the PDP has terminated under what study -- under what authority is the 
study being done, we would need to look at it under one or three.

 That under two, yes, it is automatic that the studies would continue.  Under one and 
three, for the studies to continue, based on the corrections that I've gotten and the 
feedback, it seems that we'd have to look at it.

 >>ROSS RADER:  Okay, okay.  I guess my only concern around -- that's great.  Thanks.

 >>AVRI DORIA:  So, yeah.  Okay.  I've got Chuck, Jeff, Kristina.

 >>CHUCK GOMES:  A couple things, just to follow up on Marilyn's comment about 
the VeriSign study, as well as the comment from Paul that some of these things are really 
difficult to do.  

 VeriSign doesn't have any data about registrants.  I think everybody knows that, okay?  
So that study -- and I was not involved in it, so -- but it had to be done by hiring 
somebody to make some calls.  And the data that you were saying is not available, you 
probably have to call and if they get -- you know, see if they will identify themselves as a 
proxy or the user or whatever.  So some of these things are more expensive to do because 
they would actually require a phone call or a letter or something like that.

 Now, that was not what I wanted to say.

 It seems to me it would be useful for -- to identify how many of the proxy services are 
operated directly by registrars versus those who are operated by third parties.  And the 
basis where I think that -- why I think that would be valuable is because ICANN 
obviously has a direct relationship with registrars, a contractual relationship.  They don't 
with the third parties.  So that would -- could be useful data, going forward, on that.

 >>AVRI DORIA:  Okay.  Thank you.  Kristina?  Oh, sorry.  I had Jeff, yes.  I'm sorry.

 >>JEFF NEUMAN:  This is the second time I was skipped.  So someone humor me, 
please, and to pick up on Bruce's point about the relationship to the policy process, so let 
me give you some numbers and just made-up, but just help me understand what you 
would do with that data as part of the policy process.

 So, in other words, let's say the answer to No. 1 is that there are 40% of registrants who 
are natural persons.  The level of accuracy is moderate, okay?

 The percentage of proxy services is 12%.  And the characteristics -- all right.  So that's it.

 So, great.  Now, how does that relate to the policy process?

 In other words, if we went with Option 1, which is, "Go OPoC" okay? -- the data I just 
made you, I completely made it up.  It can go either way, right?  How is that going to 
help you further the implementation of the policy?

 Aside from the fact that the GAC asked you to do a study and aside from the fact that the 
ICANN budget is just way beyond control to begin with, and to ask them to do a study of 
this, this is not a thousand dollar project or even a hundred thousand dollar project.  
You're talking about a million or higher to do a study like this with phone calls and 
everything else.

 [Speaker is off microphone]

 >>JEFF NEUMAN:  All right.  Maybe half of it, but --

 [Speaker is off microphone]

 >>AVRI DORIA:  Excuse me.

 >>JEFF NEUMAN:  So my ultimate point is, I've given you mock data.  Someone help 
me understand what you would do with that data and how it would lead you to the next 
step in the policy process.

 >>MILTON MUELLER:  The Cade/Miller consultancy wishes to --

 >>AVRI DORIA:  Excuse me.

 >>MILTON MUELLER:  Trust the result.

 >>AVRI DORIA:  Okay.  I have Kristina, I have Patrick, I have Steve.  Oh, and I have 
Marjorie.  I expect one of those will give you an answer.  Okay.  Kristina?

 >>KRISTINA ROSETTE:  I am under the understanding that our motion of September 
6th is still in place and if that's the case, then I would read that to indicate that the study 
does, in fact, have to go forward, regardless of how we vote on Wednesday, unless those 
motions are amended between now and then to indicate to the contrary, I guess would be 
the first point.

 And second, Jeff, as to your specific question, I mean, for me, at least, it helps me 
understand -- and I think it's important information to have -- if, for example, our concern 
or the stated objective, the stated impetus for revisiting and revising WHOIS is a concern 
out of the harm to individuals based on having their public -- their personal data, their 
contact information, publicly accessible.  I think it's important to know what the scale of 
that harm is likely to be in terms of the scope of the number of registrants, to what extent 
we can try and figure out, for example, what cross-section is actually availing themselves 
of market mechanisms, and to essentially get a true sense of, I guess, the benefits side of 
going forward.

 >>JEFF NEUMAN:  But if the choice is already made to go forward with one decision, I 
don't understand.  Sorry.  If the choice is already made to go forward with one 
mechanism, and some would argue -- I'm not going to argue the noncommercial position, 
but some would argue whether that number is 5% of people or 1% or 60, 70%, that 
percentage is being harmed and still -- that still needs to be addressed.  It's not -- whether 
it's 10%, 1%, who are we to judge, you know, what the threshold is?

 >>KRISTINA ROSETTE:  Well, no, if the decision is made to go forward with OPoC, 
then it may be that knowing the exact numbers of registrants, affected strategists that 
we're talking about is going to be critically valuable information in determining 
implementation.

 >>JEFF NEUMAN:  Why?

 >>KRISTINA ROSETTE:  You know, how quickly do we do it, how far do we do it, 
how many people are we talking about?  Are we talking about having to go -- are we 
doing it for, you know, a point forward for, you know, 10 million registrants or are we 
doing it for a point forward for 150 million registrants?  I mean I think that's where this 
information is going to come in particularly useful with regard -- I mean, if it is OPoC 
implementation.  I mean, I think that's going to be valuable information to have in trying 
to figure out how to make it happen.

 >>JEFF NEUMAN:  I don't -- I don't agree, but that's --

 >>AVRI DORIA:  Okay.  That's...

 You wanted to make a comment about --

 >>MARILYN CADE:  Directly about that.

 >>AVRI DORIA:  Okay.  Please.

 >>MARILYN CADE:  And I'm not suggesting I'm going to persuade but I'm going to try 
from my new vantage point of my partnership with Milton.

 [Laughter]

 >>MARILYN CADE:  Even if it's temporary.

 I do think that the information about how many registrants have to be informed about a 
change that is going to be systemwide is going to matter, and I think the -- I think that if I 
were running a business that potentially was going to get customer support calls about 
how do I do this, how do I do that, who do I pick to represent me, I'd like to know 
whether I'm dealing with 70% are corporations who will have 500 to 1,000 to 1500 
names, and I'll be dealing with one person to make that decision, or whether I'm going to 
be dealing with 150,000 individual -- 150 million individuals who are going to be making 
customer support calls, Jeff.

 So, you know, from the point of implementation, I think it's valid information.

 >>JEFF NEUMAN:  Yeah, but that's for like the company to do.  So if there's a policy 
that's passed and let's say it's consensus and it's required upon the registry -- you know, 
OPoC's going forward already.  Let's assume.  Right?

 At that point in time, it's definitely useful for a company like Go Daddy that offers proxy 
services, they're going to need to know, okay, how many of my registrants is this going to 
affect and then they're going to need to work on how they're going to implement it.

 But for the GNSO -- again, my whole point in asking these questions, it's not that it's not 
good data to know or we can make some use of the data.  The question is:  How does it 
further the policy development process or the implementation, if the choice has already 
been made to go forward in a certain direction.

 >>MARILYN CADE:  And the follow-on to that question would be:  And how is this 
going to implement -- how is this going to affect an implementation practice that is going 
to involve the ICANN staff where they will get calls asking for information or guidance 
or what to do.  And I think it's going to be information that will be helpful to inform 
them.  I didn't suggest I was going to persuade you.

 >>AVRI DORIA:  Okay.  I'd like to stop the -- yeah.  We've got -- I've got three more 
people on this particular list.  Yeah, I've got you.  And then I'd like to move on to the 
other slides so that we have some time to talk about them.

 So I still have Patrick, Steve, and Marjorie.  And -- yeah.  Marilyn spoke.  Okay.

 >>PATRICK JONES:  Okay.  I'm Patrick Jones from ICANN staff and I just wanted to 
raise a point before I have to leave that the staff implementation notes, the document of 
October 11th, raised a lot of questions that have yet to be discussed by the council and 
they're questions that should be addressed before -- or at least within the context of the 
studies because -- or at least outside the proposed studies as it goes to the heart of how 
OPoC could potentially be implemented.  And they're just a wide range of questions that 
are in this document that we don't have answers to that staff would need before OPoC, if 
it's going forward, would need addressed.

 >>AVRI DORIA:  Okay.

 >>MARILYN CADE:  And could we just ask for you, before you disappear, to -- are 
there particular pages that you would call our attention on or just the whole report?

 >>PATRICK JONES:  It's throughout the document.

 >>AVRI DORIA:  Okay.  Steve?

 >>STEVE Del BIANCO:  Patrick, what you said is exactly what we have tried to do to 
answer Jeff's question earlier.  Motion No. 2, which was the gating motion:  Do the 
studies as a gate whether to do OPoC.  If we got off 12% or 13% number for the 
percentage of natural persons using proxy, it would be -- that would be the number we'd 
look at to say, "Wow, are people who are aware of and have available to them proxy 
taking advantage of that as a way to protect their privacy?"  And the higher that number 
is, then the more feasible it is that the market has already given us a mechanism to give 
the privacy protection they seek.  So that would be in the gating.  Because the higher that 
number is, the less need there is to do OPoC at all.

 But under Avri's motion, Motion No. 1.

 >>JEFF NEUMAN:  But No. 1 would have already passed.

 >>STEVE Del BIANCO:  Okay.  Right.  I'm going to go to that next.  I'll go to No. 1.  
As Patrick just indicated under No. 1 where he's doing this implementation plan about 
what staff needs to know to implement, think about OPoC is already implemented, it's 
already done and I go in to register a domain name and suddenly I don't see technical 
administrative, I see the OPoC.  When I fill in a name and address for my OPoC, well, 
what is the registrar going to be telling me about the roles and responsibilities of the 
person whose name I just typed in?  Don't they have to tell me with respect to like a 
proxy that there is a reveal and a relay, legal responsibility there?

 >>JEFF NEUMAN:  Absolutely.  Those questions are relevant.  I'm talking about the 
percentage of registrants who are natural persons.

 >>AVRI DORIA:  Okay.  Yeah.  I -- I didn't want to --

 >>JEFF NEUMAN:  But what does that have to do --

 >>AVRI DORIA:  Reopen the debate at this point.  Okay.  Marjorie?

 >>MARGIE MILAM:  Maybe this will address it.  If we knew the number of natural 
persons were really low -- say 1%, as an example -- if you're looking at the cost of 
implementing OPoC, you may end up deciding that the cost is far in excess of the benefit 
for the, you know, 1% or less of natural persons that -- you know, that would benefit 
from this OPoC proposal.

 So that's why I see that information as being relevant, because you could do a 
cost/benefit analysis and you could use it in the implementation in determining how 
onerous or how difficult -- you know, what kind of procedures are involved in actually 
implementing the OPoC.

 >>JEFF NEUMAN:  Aren't we a couple of years late on the first part.

 >>AVRI DORIA:  Okay.  Thanks.

 >>JEFF NEUMAN:  I agree with the second part as far as implementation and 
companies needing to do their own studies of how -- and whether to implement in a cost-
effective way but I think we're a few years past the first part.

 >>AVRI DORIA:  Okay.  Thank you.  Okay.  Liz, would you go on?

 >>LIZ GASSTER:  Yes.

 >>AVRI DORIA:  And perhaps we'll go through the slides and then come back for any -
-

 >>LIZ GASSTER:  Okay.

 >>AVRI DORIA:  -- other questions at this point.  I'm sure many of the questions have 
already sort of come out.

 >>LIZ GASSTER:  So the next piece of the resolution dealt with how WHOIS data is 
used and misused, and in trying to assess what the scope of the study would be to take a 
look at how WHOIS data is used and misused, unlike the preceding phrase which focuses 
on registrations and registrants, this would really deal with WHOIS queries, and, you 
know, whether queries of WHOIS are being used for good or bad purposes, misused or 
used for legitimate purposes, in quotes.

 So I think the questions, again, that we're attempting to get clarification on is, first of all, 
if we were to proceed with such a study cataloguing uses and misuses might be one place 
we would start.  A qualitative review of what might be good uses, if you will, and what 
might be bad uses, if you will.  And the question there is, you know, is there a common 
understanding?  Is there a consensus understanding if staff were to engage in such a 
qualitative review of what would guide us in terms of the legitimate uses and illegitimate 
uses.

 And just on that point, there is some qualitative, descriptive data available from a variety 
of different sources that try to -- and one place -- the GAC principles, for example, 
enumerate many uses of WHOIS data that might be considered legitimate or ill legitimate 
and other sources do that sort of thing.

 So the question really is:  Is that useful?  Is that part of what the council would be 
looking for?

 It's our view that that could be done.  Just the qualitative piece.  But would be perhaps of 
-- tell you only a limited story, because it's not going to give you data about the volumes 
of each, or the percentages of each.

 It would be just kind of a qualitative description of what good things might be done and 
what bad things might be done.

 It may be harder to collect accurate quantitative data which may be more in line with 
what the council was envisioning when they recommended studying how data was used 
and misused, because, you know, obviously the data -- the underlying data to make those 
determinations -- may be difficult to come by, and I think it will be important to get input 
on the methodology or approach that should be taken.

 In other words, there are approaches that might be, in a sense, simpler to implement, and 
I again use all of -- it's all relatively speaking, but, for example, a survey of queriers.  
Why are you asking for this data?

 But of course that would be self-reported data not unlike a study that had been done 
several years ago by various participants in the community, and so the question would be:  
Is that what the GNSO Council is looking for, understanding that self-reported data is 
perhaps going to be more useful on the side of providing uses than providing misuses 
since it's unlikely to think that people are going to self-report that they're misusing the 
data.

 And then, you know, beyond that, if there's concern about that being not sufficient for 
that reason, should we, in turn, look at some more, I think, challenging but perhaps useful 
independent study that would try to get at, in a more systematic way or quantifiable way, 
uses versus misuses.  But again, I think access to the underlying data in order to make 
those determinations might be re- -- might require, or at least be facilitated by willing 
service providers, either registrars or registries or both, and may still have limitations in 
the information that's resolved, and certainly the utility of the study may be enhanced by 
participation from service providers.

 So you want me to go on to the next slide.

 >>AVRI DORIA:  Yeah, I think at this point, we should go on and then people can come 
back for questions.  Otherwise, we won't get all of the questions listed.

 >>LIZ GASSTER:  The third study that was --

 >>AVRI DORIA:  But I've got the two names, your two names on the list already.

 >>LIZ GASSTER:  -- was a review and analysis of the different proxy services available 
today and noting some of the clarifications and comments that folks have contributed 
already today, I think it provides some additional food for thought on that.

 But I -- you know, I think staff does intend to engage a researcher to perform this 
analysis of the proxy marketplace based upon the GNSO resolution, but the question still 
is:  Are there specific aspects of proxies or privacy services that we should study or that 
we should be specifically looking at, based on your interest and your resolution.

 And then lastly, we will -- we have already provided you with a summary of available 
WHOIS data points, available data points, and we will be happy to continue to compile 
new studies or studies and data that may be old but may be useful, and that we haven't 
identified previously, so we encourage your input, continued input, on that, and there is a 
second version that you all have that actually does include a lot of additional reference 
points that you all have provided me.

 So any additional reference points that are provided, I'd be glad to include in future 
studies, and we would continue to support that as well.

 >>AVRI DORIA:  Okay.  Thanks.  We've got about -- like to give another 10 minutes or 
so to the discussion.  I've got three people on the list before moving on to the SSAC 
report.  So I'd like to ask people to make comments, talk about the questions, but try to 
avoid getting into a one-on-one discussion at any point.  And I have so far Jeff, Ross, and 
Milton.  Who else should I put in the -- in the queue?  Okay.  And Kristina.  Okay.

 >>JEFF NEUMAN:  So with respect to No. 2 -- and I wish -- I guess Marilyn walked 
out.  But I feel like I'm back in 2002 or 2001.  No. 2 is, there was a survey done in 2000 -
- 2001.  We've had workshop after workshop of law enforcement, you know, FBI, DOJ, 
EU -- God, person after person -- and even on the privacy side we've had so many people 
come in and give reports and comments about how we -- how WHOIS is used or misused 
or both.

 Please don't do it again.  Please don't waste your money.

 [Laughter]

 >>JEFF NEUMAN:  I don't think there's anyone in this room that doesn't know how 
WHOIS is used or misused.  I think -- there may be some additional things, and I think, 
you know, the SSAC report on front-running -- I think is the term -- that's kind of new, in 
that people didn't really necessarily know.  

 But please don't go down that road of studying why WHOIS is used and misused.

 But No. 3 is actually something that has not been looked at in detail and if there is a 
study, that's -- if there is a way to tell what a proxy service is versus a privacy, that's 
something that has not been studied before.  But please don't do No. 2.  Please!

 >>AVRI DORIA:  Thank you.  Got the message.

 [Laughter]

 >>AVRI DORIA:  Okay.  I'll put you on the list.  Ross?

 >>ROSS RADER:  To the extent that we actually move forward with these, Liz, I think 
it would be useful for us to focus on gathering statistically significant data, which would 
imply that we would avoid collecting qualitative data, to the extent that we can.  I think I 
-- I would really agree with what Jeff has said.  We've seen a lot of kind of surveys, 
gathering of opinion, comments, et cetera, et cetera, et cetera over the years, but what we 
lack is real hard-core concrete data that we can base decisions on and form new opinions 
on, and I think at this point, we're completely -- there are no new opinions that I'm aware 
of.  And maybe this data will help drive some formation of those.

 >>AVRI DORIA:  Okay.  I now have Milton, Kristina, Mike.

 >>MILTON MUELLER:  Yeah.  Quickly, I just have to agree with Jeff about the -- the 
sort of weariness with which we can only approach the No. 2 part that the last thing we 
need is another laundry list of how people are using WHOIS.  We just don't need that.  
Don't do it, please.

 With respect to -- I mean, I don't know if you're privy to this, Liz.  You're an innocent 
staff member.  But, you know, when you say that the GAC principles call for this study, I 
mean you got to understand the politics of what's going on there.

 The U.S. government had to concede to the Europeans that whatever happens with 
WHOIS, it has to conform to national law.  And they had to get something sort of to 
cover themselves, and so they said, "Well let's -- let's do studies that show that there's 
really no abuse of it."  And that was the bargain that gave us the GAC principles.  At least 
one of them.

 And the -- if this is going to be taken as gospel, you know, every time the U.S. wants to 
stall on something or somebody else wants to stall on something, they call for a study and 
then our staff is going to devote massive resources to doing studies of things that have 
already sort of been done, I think we're in trouble.

 And just to -- to -- to me, the fundamental point is, if you think that shielding private 
data is a legal and ethical right, you know, you don't have to prove abuse.  It's like, you 
know, you sort of say, "Well, I've been peeking in your window all night, but I didn't do 
anything.  I didn't, you know, come in and rape you or you -- nothing really bad 
happened to you, so you shouldn't worry about it," right?

 I mean it's just something about it is inconsistent with the spirit of privacy protection, 
which is that the data is yours and you should have control over it.  You don't have to 
prove that somebody's abusing it.

 Now, there probably are abuses.  Maybe they're not gigantic.  Maybe they -- maybe 
they're more pervasive than we think.  But fundamentally, this -- as far as ICANN is 
concerned, ICANN is not a policymaker.  It's an administrator of the DNS.  So the issue 
of -- the only issue, as far as ICANN is:  Where can they draw the line that is consistent 
with the legal regimes that governments have established?  And it's pretty clear that for 
natural persons, you have to do something, and it doesn't -- the policy decision does not 
hinge in any way on proving, you know, how many times it's been abused.

 >>AVRI DORIA:  Okay.  Thank you.  Kristina?

 >>KRISTINA ROSETTE:  I just -- I have a clarifying question that relates, in part, to 
the analysis of proxy services, and that is:  To what extent is the current review of the 
RAA looking at providing some definition of reasonable evidence of actionable harm 
under 3773?  Can anyone answer that?

 >>AVRI DORIA:  It looks like something we're going to have to find out.

 >>KRISTINA ROSETTE:  Okay.  Because the one thing that I would note is that it's all 
well and good for us to encourage marketplace innovation and to encourage the 
movement to proxy services, but if, as a practical matter, the registered name holders are 
not compliant with that provision, then I think we need to revisit to what extent we really 
want to rely on it.

 And just to give you kind of some more specific examples, you know, I can go to an ISP 
with information that -- a U.S.-based ISP that with all the information I need for notice 
and takedown under DMCA, and I get a remedy.  I don't get a reveal; I get a remedy.

 I can take that same information and go to a U.S.-based registrar that's operating a proxy 
service and get nothing.  Not a reveal, not a remedy.

 As far as I'm concerned, that's not acceptable.  And I'm not in a position to endorse 
adopting that scheme wholesale unless we're going to have some definition and some 
agreement as to what exactly is the scope of reasonable evidence of actionable harm.

 >>AVRI DORIA:  Okay.  Thank you.  Mike?

 >>MIKE RODENBAUGH:  Yeah, I was going to make a similar point on that.  I would 
just call for No. 3, a study about how many registrars by their stated policy or how many 
proxy services by their stated policy even comply with this RAA.

 Because I'm not sure it's a majority of them.

 And then, you know, re- -- outside of what their stated policy is, I'd like to get some 
impression on how many of them actually follow the policy, the ones that do have an 
acceptable policy.

 Then the second point I wanted to make was kind of in response to Milton.

 I don't understand the argument why we at ICANN need to accept that privacy of name 
and address is, you know, a God-given right.  I mean, it's really clear in the United States 
it is not.  I mean, when you buy a house, your mortgage records and the amount you paid 
for your house is all a matter of public information and you're deluged with direct mail 
and for whatever reason, I'm not really in favor of that, but Americans generally accept 
that.

 So, you know, I do understand that we need to try to have our policies as consistent with 
as many nations' laws as possible but I don't think that means we have to go fall to the 
lowest common denominator.

 >>AVRI DORIA:  Okay.  Thank you.  Was there any further clarifying comment or 
question on these?  No?  Great.  Thank you, Liz.  And we're going to have -- on the 
question of the continuation of the study on the motions, one, I have passed on a question 
to legal.  I'm looking at the motion.  I'm not sure that the motion is subject to a PDP 
ending or not.  So it's something that we'll have to talk about some more.  I have asked, 
though, for a sort of view from legal that if the study was originally designated as part of 
a PDP, does it need to stop if the PDP is concluded.

 And also, though, we need to look at it, and I don't believe that -- well, anyhow, so that's 
-- I've asked for more information on that before we do the vote.  So we'll see where 
we're at on that.

 I'd like to ask -- and I guess it was Dave was going to do the -- I mean who was going to 
do the report on --

 >>DAVE PISCITELLO:  I will.

 >>AVRI DORIA:  You are?  Okay.  Do you need the -- the thing to plug in?

 >>DAVE PISCITELLO:  Yeah, that would be nice.

 >>AVRI DORIA:  Okay.  So Liz has it at the moment.  Do you want to come sit -- are 
you going to do from back there?

 [Speaker is off microphone]

 >>DAVE PISCITELLO:  Yeah, you can project it.  We can use Bruce -- I just sent it to 
him thinking it would be easier to sit next to him and he could poke me if I said 
something wrong.

 >>AVRI DORIA:  Oh, okay.  Ah, the projector plug is in the middle.

 >>DAVE PISCITELLO:  Are we all set?  Okay.  Well, thank you for having me, and for 
the record, my name is Dave Piscitello, and I'm a fellow to the ICANN Security and 
Stability Advisory Committee, and I'd like to report on a study that, you know, Ram 
Mohan and staff at Afilias and other members of SSAC conducted from approximately 
February to April, and then again revisited some data in the August/September time 
frame looking into the WHOIS service as a source of e-mail addresses for spammers.

 So our objectives were relatively simple.  We sought to study the correlation between the 
publication of WHOIS data and the delivery of spam to e-mail addresses that were 
accessible through WHOIS services.

 I don't want to go into a lot of detail about the different ways that spammers obtain e-
mail addresses.  I think that you're all exhausted by that, and so I'm not going to cover 
that.  I think that's all covered quite nicely in the report, which is available now at the 
SSAC Web site.  It's sac023.  It's in PDF format.

 What we wanted to do was not necessarily say or claim that the WHOIS service is the 
definitive source of spam, or e-mail addresses for spammers, but it is one of perhaps 
many.

 And it's important to keep that in context, because the primary reason why we actually 
are considering both protected WHOIS services and delegated WHOIS services in this 
study was that it was a way for us to discern whether or not any sort of measures might 
abate the delivery of spam.

 When we were formulating the study, what we tried to do was consider, you know, a 
variety of protective measures that registrars and registries offer to either rate-limit or 
block the delivery of unsolicited mail to registrant e-mail addresses.

 We categorized these into two groups.  The one group that we looked at that essentially 
attempts to thwart automated collection of addresses either through port-based WHOIS or 
query-based WHOIS, through rate-limiting or CAPTCHA or other anti-scripting 
techniques and measures we call protected WHOIS.

 There is also a second form that is -- that is popular that we call "delegated WHOIS" and 
in delegated WHOIS, we have either an e-mail substitution alone or an e-mail 
substitution by the registrar, along with some sort of spam and antivirus filtering 
measures to protect the registrant from receiving not only unsolicited mail to his 
published e-mail address, but also any sort of malware that might be attached to that mail.

 So we had fundamentally, you know, the following objectives.

 The first objective was to determine whether or not spammers collect e-mail addresses 
from domain name registration records using the query-based WHOIS service.  And then 
in our studies, what we attempted to do was carefully prevent the publication of an e-mail 
address anywhere other than the WHOIS, and we decided to try to measure two things:  
Do measures to protect query-based services from automated collection reduce the spam 
delivery to the registrant?  And do substitution and anti-spam measures reduce the 
volume of spam delivered to the registrant?

 Finally, we wanted to see whether the traditional security notion of layering defense 
would even further abate the delivery of spam, so what we did was we ran a study of 
another set of -- you know, of test domains to determine whether combining both those 
measures would result in even further, you know, abatement of spam delivery.

 Our methodology was relatively straightforward.  We took and registered domain names 
in four TLDs -- com, de, info, and org -- and at the second level label, what we did is we 
randomly composed rather large and what we viewed to be non-guessable second-level 
labels.

 For the address that we published as the registrant e-mail address in the registration 
record, we also randomly composed the user ID of that e-mail component.

 As I said before, we tried to keep the e-mail addresses off the radar, so they were not 
published anywhere.  They weren't used in a forum.  They weren't used in any other 
venue that people normally use to harvest e-mail addresses.

 And then we began monitoring.  And we monitored for a period of approximately six 
weeks.

 This basically talks about our experiments, you know.  Our experiments essentially 
wanted to take a look at and determine whether there were differences when there was no 
protection used, where -- when there was protection in the form of a protected WHOIS 
access or a delegated WHOIS access were used, and whether there was even more 
significant protection when both services are used.

 As a sort of side effect of doing this analysis, we also tried to look and classify the kinds 
of spam that were delivered to these addresses over that same time frame.  I'm not going 
to talk about that today because it's -- it's -- was really, you know, something that we 
considered later on in the study and we just offered it as anecdotal information.

 In the Case 1, where we had neither protected WHOIS service and we didn't -- also 
didn't have a delegated WHOIS service, as you can see, the spam delivered to the 
published addresses accounted for approximately 29% of the overall spam delivered, but 
the numbers were fairly -- you know, fairly considerable.  Spam delivered to all other 
addresses than the published address was even, you know, more pronounced, at 
approximately 70% of the total of 200 -- nearly 280,000 spam that were delivered to 
these addresses.

 You can also see by the statistics and actually these are worth looking -- you know, 
looking at more carefully when you look at the results in the report, that there's -- there's 
significantly, you know, large in number spam delivered to dot com.  However, we don't 
have any significant data yet to determine whether or not an it would is a particular target 
or not for a spammer.  Yes.

 >>ROSS RADER:  Just a quick question about that last column there, Dave.  Do you 
mean that spam delivered two other recipient addresses on the domain registered, in other 
words, unpublished but existing at that domain?

 >>DAVE PISCITELLO:  A typical spammer, if they grab a domain from the DNS, what 
they'll do is they'll grab a domain and, basically, generate either from a keyword list of 
admin, user, all staff and any other -- common surnames, common given names and 
combinations.

 So once you were on a spammer's list as the domain, the chances are that you are going 
to receive anywhere from 100 to 1,000 possible recipients in addition to the specific 
published address.  

 So these two columns say, in the first column, we published an address and we got lots -- 
or we got spam to that address.

 The second column says, in addition to those, we also received spam to all these other 
addresses.

 >>ROSS RADER:  Here is all the dictionary stuff.

 >>DAVE PISCITELLO:  The dictionary stuff, right.  It could have been a harvest attack.  
It could have been a dictionary or just random string.

 >>BRUCE TONKIN:  What was the period?

 >>DAVE PISCITELLO:  The period was approximately six weeks.  The period was 
from February to about mid March.  And that's -- if I'm incorrect, it will be correct in the 
report.  You have to remember that.

 In the second case, what we did was we had protected WHOIS service offered from one 
of the registrars but not a delegated WHOIS.

 Just going quickly, so we have some time for discussion, you can see that there is a 
pronounced drop in the amount of spam to almost all the domains and accounts that we 
used and so the percentage of total actually is sort of interesting as well because it was 
rather evenly distributed between any address and published address.  

 We don't actually have any insight yet as to why that might be the case, but we just put it 
up as a data point.

 In the third case, we used a registrar and registry where we could get delegated WHOIS 
but no protected WHOIS.  You can see that there is a fairly significant drop in the amount 
of spam that's delivered to any of these registered addresses or published addresses.

 And in the fourth case -- Yes?

 >>MILTON MUELLER:  I guess, I'm not sure what you mean by "delegated WHOIS."

 >>DAVE PISCITELLO:  The delegated WHOIS is the substitution of an e-mail address 
by the registrar for the registrant's e-mail address.

 >>MILTON MUELLER:  Okay.

 >>DAVE PISCITELLO:  It would be something similar to the proxy by domain kind of 
service.

 >>AVRI DORIA:  Quick question.  I know it doesn't relate to the percentages, but were 
the sample size of each of the kind of problem the same?  So, in other words, from your 
case one to the case three?

 >>DAVE PISCITELLO:  The sampling period was the same, or the result -- the 
resulting spam was significantly different.

 >>AVRI DORIA:  Right, right.  But the same number of domain names?

 >>DAVE PISCITELLO:  Oh, yes.  >>AVRI DORIA:  That's what I meant, the basic 
sample.

 >>DAVE PISCITELLO:  We used ten in each.

 In the last case, what we said let's pile on the defenses and we used both protected 
WHOIS and delegated WHOIS.  In this case, we had again ten domains and when you 
use the combination of the two, we get some very, very significant results, if you are 
looking to block spam.  

 If you compare the results in Steve Crocker's favorite chart, which is a logarithmic 
illustration of the data, one of the things that you get to see is that unprotected registrant 
e-mail addresses received the most significant amounts of spam.

 If you protected yourself with the protected WHOIS services, you could achieve up to 
two orders of magnitude better defense against spam.

 If you used a delegated WHOIS service, you could get up to three orders of magnitude 
better defense against spam.  And if you used the combination, you could get almost four.

 What does this all tell us?  We only had one very small objective here.  We weren't 
trying to demonstrate whether or not proxy services are good or bad or whether they 
satisfy any other criteria than to provide some sort of protection against the delivery of 
spam because prior studies had suggested that the WHOIS was not a source of e-mail 
addresses for spam.

 So our first conclusion -- Yes?

 >>TIM RUIZ:  Were the domain names used, were they actually in the DNS?

 >>DAVE PISCITELLO:  They had to be in the DNS so we could resolve NX records 
and be able to forward mail to those domains.

 >>TIM RUIZ:  So if I am a spammer and I am just looking at the DNS, say I got the 
zone file and I see a new domain shows up, how can you tell the difference between -- 
that they actually used the WHOIS versus just grabbing the name out of the DNS --

 >>DAVE PISCITELLO:  Right.  The way that we tried to make that discrimination was 
to use a random user I.D. as the registrant contact e-mail, one that would not be easily 
deduced by anything other than brute force attack.  So you had a 
randomlygeneratedstring@randomlygeneratedstring.TLD.

 >>TIM RUIZ:  The first column was mailed.

 >>DAVE PISCITELLO:  The first column was e-mailed to that randomly generated 
string at --

 >>TIM RUIZ:  So it could be anything.

 >>PAUL STAHURA:  Was that user changed periodically, like every 12 hours in the 
WHOIS output or was it just set once and forget it?

 >>DAVE PISCITELLO:  It was set once. 

 >>PAUL STAHURA:  And then on the protected, that's the CAPTCHA code?  By 
"protected," you mean protected by the CAPTHCA code?

 >>DAVE PISCITELLO:  It is either protected by CAPTCHA code or rate limiting or 
some other vehicle.

 >>PAUL STAHURA:  (inaudible).

 >>DAVE PISCITELLO:   It was dependent on the registrar/registry combination.

 >>BRUCE TONKIN:  Would you know what they were doing?  You say the 
CAPTCHA, but you wouldn't necessarily know what sort of rate limiting is being 
applied.  How did you know what sort of rate limiting they were using?

 >>DAVE PISCITELLO:  We used -- Was it DE?  We used Afilias.  I'm sorry.  Afilias 
ran the study, and I believe that they -- they used one registry that provided one particular 
rate limiting mechanism, which was one I.P. per hour.

 >>PAUL STAHURA:  On the dot com names at the registrar level, can you just tell us 
which registrar the dot com names were registered at?  That will help me.

 >>DAVE PISCITELLO:  I can't.  You can ask Ram.

 >>PAUL STAHURA:  It would depend on that particular registrar's mechanism.

 >>DAVE PISCITELLO:  There's different types, exactly.  

 As I said before, to determine whether or not you could block spam using these services 
not to determine whether or not the particular registrar's proxy service was the most 
efficacious service of doing so.  And it may be the case that some of the anomalous data 
that we have in some of the instances of domain names illustrates that for given 
spammers' mechanism of generating e-mail addresses, this particular registrar's protected 
WHOIS service is not as effective as it could be.  We didn't go into that analysis.  That 
might be something we could do in the future, but that's not what we did.

 >>PAUL STAHURA:  I am making sure I have it straight in my mind.  What you're 
saying, I think, is there was an earlier study that said the WHOIS was not a source for 
spamming.  But now you are, basically, contradicting that and saying there is.

 >>DAVE PISCITELLO:  That's correct.  The study was performed in 2003 by the FTC 
and they had come to a meeting earlier -- I guess, late last year in Marrakech, was it?  Is 
that the meeting?  

 And they had made it very clear that the WHOIS isn't used at all for pharming addresses.

 One of the things that Ram and I considered was that that doesn't seem consistent to 
what we've seen, and that's one of the reasons why we started this study.

 Dr. Crocker has a comment.

 >>STEVE CROCKER:  Let me emphasize exactly the point that you've just made.  That 
was the motivation, that was the trigger for this piece of work.  All of the additional effort 
looking at the difference of protected versus delegated or all of these controls were 
secondary because as long as we were in there, we might as well take a look at that.

 And all of the additional questions one might ask about, that's interesting, what about 
this registrar versus that or so forth are way, way beyond the scope of what we set out to 
do and we invite others to go after that avidly.  

 We wanted to nail exactly the single point that the claim was made in a somewhat 
reputable venue that WHOIS didn't seem to be the source of spam.  That just seemed 
completely contrary to our daily experience.

 And we said we could run a short study and nail that and just drive a stake through that.  
And everything else above that is gravy.

 >>MILTON MUELLER:  The FTC did not do the study.  It was CDT.

 >>DAVE PISCITELLO:  It was FTC researchers.  The paper cited -- And we finally 
found a copy of it because it had been removed from the FTC site.  But we do have a 
citation in the report and the FTC did, in fact, perform the study.  They took, I believe, 
like 180 to 190 domains and they put them up under various circumstances, publishing 
them on the Web, put them in an I.M. chatroom, putting them on an IRC and then they 
compared the results.  Their methodology was very different than ours.

 The conclusion was we received no spam to any of the domains where we created a 
registrant e-mail address.  I just found that to be rather astonishing.

 >>BRUCE TONKIN:  (inaudible).

 >>MILTON MUELLER:  We have somebody from the FTC here.

 >>AVRI DORIA:  Did you want to respond to that?  I had questions from others, but if 
you wanted to respond.

 >>SHAUNDRA WATSON:  I felt like I should say something.

 [ Laughter ]

 My name is Shaundra Watson, and I am an employee at the FTC but I don't speak on 
behalf of the commission or any individual commissioner.  I think there was a study in 
2002 and I think the interesting thing to point out is that it looked at the source of spam.  

 Generally, WHOIS is not the only source of spam, nor is it the primary source of spam.  
So they looked at the chatrooms and everything else and they did conduct a study.  We 
have a Bureau of Economics who advised them on the methodology.

 So in that study, they found the WHOIS database -- And the WHOIS database was 
actually not the primary focus of that study but they went ahead and seeded names on the 
WHOIS databases as well in addition to all of the other locations.

 And while they found abuses in other locations in the e-mail addresses that they had 
actually seeded, they concluded that they did not receive spam at any of the e-mail 
addresses.  

 So there was a study done but that study did indicate in 2002, which is a long time ago, 
in that study it was not a significant source of spam by itself nor was it the primary source 
of spam that people receive.

 And during the visit that you refer to it was in Morocco where Commissioner Leibowitz 
participated on a panel with other consumer protection agencies.  He referred to that 
study and Commissioner Leibowitz acknowledged that that study had been done a while 
ago and that it could possibly be revisited, but I don't want to just kind of disparage the 
results of that study because it was conducted with different methodology.

 >>DAVE PISCITELLO:  We tried not to do that in our report.

 >>SHAUNDRA WATSON:  It was not a significant source of spam or primary source 
of spam.

 >>DAVE PISCITELLO:  Just for the record, we try very hard not to disparage the study 
because this is just data and you performed a study five years ago and you came up with a 
conclusion and we performed one five months ago and came up with a different 
conclusion.

 That's the beauty and horror of data in doing studies.  You can put together a study to 
look at something and it is not necessarily going to tell you what is true forever.  A lot 
has changed in the phishing industry, in the pharming industry, in the spam industry.  I 
call them industries because they are -- in the last five years.

 I would appreciate it if you would read the report because you will find that we are not 
jumping all over you at all.

 >>AVRI DORIA:  Alan, you had a question but couldn't be seen.

 >>ALAN GREENBERG:  Just a very quick question.  You said you ran the study for six 
weeks.  How quickly did the spam start flowing in?

 >>DAVE PISCITELLO:  You would have to ask Ram, but it was very quick.  I can tell 
you that I put up an e-mail address for SSAC-dnfr@ICANN.org for the domain name 
front running report.  I started receiving spam four hours after that mail was published on 
that one PDF file so go figure.

 So PDFs, there is another good data point.  PDFs are not a great way to prevent an e-
mail address from being pulled out of cyberspace.  They can be harvested there as well.

 >>AVRI DORIA:  And you had a question?

 >>TIM RUIZ:  I was just going to make the comment.  It sounds like the difference 
between this report and the FTC report, although I haven't read it for quite some time, is 
this a matter of one's looking at a relative picture of how -- what contribution WHOIS 
plays and yours is just looking at raw numbers that WHOIS is a factor, was there any -- 
was there any attempt or is there likely to be any attempt on the SSAC's part to look at it 
from a relative point of view in the overall spam picture?

 >>DAVE PISCITELLO:  I'll let Dr. Crocker answer that question.

 >>AVRI DORIA:  Yeah.  Do you have the microphone or...

 >>STEVE CROCKER:  So thank you, Tim, because that's exactly a point that I wanted 
to emphasize, that the FTC study looked at the relative contribution, as you said, and 
found that the relative contribution due to WHOIS was zero or minimal or low by 
comparison with others.  And we don't take any issue with that.  That's undoubtedly true.

 The thing that motivated our work was, in the dialogue about WHOIS, that result was 
being transformed into publication of e-mail addresses in WHOIS is not a source of 
spam.

 We thought that was not accurate with respect to the facts on the ground.  Whether or not 
that's a correct interpretation of the FTC data is maybe a more subtle distinction but in 
any case we wanted to highlight exactly that point, and say, "Hey, it really is the case that 
even if you only put the e-mail address in WHOIS, you're going to get a lot of spam.  Full 
stop."

 And so your point about the relative versus the absolute is -- is exactly what we wanted 
to do.  We wanted to separate that out, and have that contribute, and it was motivated by 
the WHOIS discussion taking place here as opposed to a general discussion about spam 
that's taking place in the world.

 You then asked the question do we intend to do a study about the relative contributions 
of spam.  And the answer is no.  We got a lot of other fish to fry, and we really just 
wanted to try to help the discussion and the dialogue in the ICANN framework with 
respect to what's happening with WHOIS, and there are more -- spam is just too big for 
us to go after and it's outside, in general, the ICANN scope.

 >>AVRI DORIA:  Okay.  Thanks.  Kristina, you had a --

 >>KRISTINA ROSETTE:  I have a feeling I might know the answer to this, but I just 
want to make sure that I'm right.

 Do you have information about, for example, the percentage of -- or even just the 
absolute number of registrations with registrars in each of these TLDs that are neither 
delegated nor protected?

 In other words, I'm trying to kind of put all of this in a big picture.

 >>DAVE PISCITELLO:  The answer is:  No.

 >>KRISTINA ROSETTE:  Okay.

 >>DAVE PISCITELLO:  What we did -- I mean, that's something that's interesting to 
me and, you know, if I had, you know, my way, I'd be -- you know, convincing Mr. 
Crocker that that's an interesting thing for us to pursue but that's a topic for the SSAC, not 
-- you know, not here.

 We don't know that, but it would be a very useful, you know, data point.

 It's particularly useful from the perspective of trying to understand whether proxy 
services are being -- you know, are being used, not only by natural persons, you know, 
but also being abused as a way to -- you know, to essentially, you know, operate covertly 
and get registered phishing sites.  My suspicion is not but it would just be nice to know 
that my suspicion is correct.

 >>KRISTINA ROSETTE:  Okay.  Thank you.

 >>DAVE PISCITELLO:  Yeah.  So quickly going through the rest of the findings 
because I think lots of people want to get to alcohol, Finding No. 2 essentially 
summarizes the results of that -- you know, of that logarithmic graph that we produced in 
the report.  Basically depending on the kinds of protective measures that you apply when 
you are -- when you register a domain name, you will -- you will be able to get 
incremental or orders of magnitude better production against spam delivery if you use 
protected WHOIS, delegated WHOIS, or combinations.

 When we looked at our study, which is admittedly relatively small to draw -- you know, 
draw a definitive conclusion, in our study the delegated WHOIS appears to be somewhat 
more affected than the protected WHOIS.

 This means that rate-limiting measures, you know, and CAPTCHA measures are not as 
effective as an e-mail substitution measure.

 I have to read this because it's so long.

 Spam messages were delivered to the e-mail address registered as the contact for domain 
name and to other addresses as well.  We don't draw a definitive conclusion, you know, 
as a -- you know, as a body on why there's -- you know, there's so many other deliveries 
but it's fairly -- you know, fairly well-known in the spam community, in the anti-spam 
community, that once a domain name is out there, it is used -- you know, it is pulled from 
-- you know, from the Domain Name System and all sorts of measures are used to try to 
find recipients at those addresses.  And then once those recipients are known, those 
known recipients are generated into a list.  Those lists are marketed.  And so, you know, 
once you get hit, you just -- you know, it's just like a massive infection.  It's like a virus 
attack.  You'll just keep getting hit again.  And we believe that that's contributed to some 
of the anomalous results we had with one or two domains that we had in our study.

 We believe that it's very possible that, you know, by sheer luck or sheer brute force, one 
spammer managed to deduce the, you know, user ID of one of our e-mail address -- one 
of our e-mail recipients and once it was let loose in the wild, it was used everywhere.

 So our conclusions were -- are that registries and registrars that implement anti-abuse 
measures such as rate-limiting, CAPTCHA , and nonpublication of zone file data and 
similar measures can protect WHOIS date from automated collection.

 Conclusion No. 2 is that anti-spam measures provided with the domain name registration 
services are effective in protecting e-mail addresses not published anywhere other than 
the WHOIS from spam.

 Again, it is very important to remember we're always talking about "if it's not published 
anywhere else."  Once it's published anywhere else, all this data goes -- you know, goes 
out the window.  And this is one of the reasons why I think the FTC result is very, very, 
you know, meaningful, even still.

 Once it's published anywhere on the Internet, it's going to be used.  It's good going to be 
collected.  Because the collecting measures -- collecting methods of spammers are -- you 
know, are vast.

 The appearance of e-mail addresses in responses to WHOIS queries virtually assures that 
spam will be delivered to these e-mail addresses.  This is just, you know, a confirmation 
of what I just said.

 The protection -- the combination of protected WHOIS and delegated WHOIS services, 
as defined in our report, are an effective way to prevent e-mail addresses publish new 
WHOIS service from being used as a source of spam.  And again, that's in the limited 
context of saying if I'm going to register an address and I have a specific e-mail address 
that I want to use as an administrator or a mail administrator and I want to keep that 
solely for communication with my registrar or solely for communication in a very, very 
limited context, I don't want to be publishing it in the WHOIS.

 Some of the things that we did was think -- you know, in the processing of all this data 
was think about other studies that we might want to look into or that might be interesting 
to the community at large.  One might be, you know, are certain TLDs more attractive to 
spammers?

 If you look at our results, it sort of looks like, you know, com is a big -- you know, com 
is more attractive than info.  Well, that's sort of, you know, intuitive to some people but 
maybe that's not the case and we'd like to find out more about that.

 We also wanted to look at whether or not large or small registrars are more commonly 
targeted for automated, you know, collection.

 Do spammers favor registrars who have a reseller or a retail business model?

 Does the price of an it would affect its popularity for use in spam?

 Can registries adopt any measures that would reduce the level of spam in general?  You 
know, is there some best practice that we could recommend as -- you know, as SSAC for 
all registrars to implement that would essentially help abate spam to their registrant e-
mail addresses?  And is there any material difference in the spam level for ccTLDs versus 
gTLDs?

 So that's it.  Thank you very much.  I appreciate your attention.

 >>AVRI DORIA:  Thank you.

 [Applause]

 >>AVRI DORIA:  Okay.  So I don't know if anyone had any last questions before we 
moved on to -- you guys can go to the alcohol.  We had one more thing on our schedule.

 >>DAVE PISCITELLO:  Rock on!

 >>AVRI DORIA:  But Mike, you had a question.

 >>MIKE RODENBAUGH:  I hope it's a quick question.  I feel like I'm just having a 
mind block here or something.  But I'm not understanding why, with delegated WHOIS 
service, why so much less?  There's still an e-mail address there that's published.  Why is 
it not getting spam, or were you just not collecting it because it was going to the proxy?

 >>AVRI DORIA:  Microphone, please.

 >>DAVE PISCITELLO:  I'm sorry.  The published address is getting spam.  So if --

 >>MIKE RODENBAUGH:  Okay.

 >>DAVE PISCITELLO:  Yeah.  And it's getting probably as much spam, if not more, 
because it's -- you know, it's a fairly well-known domain.

 >>MIKE RODENBAUGH:  But it's not getting forwarded to the registrant.

 >>DAVE PISCITELLO:  But it's not getting forwarded by some mechanism that is very 
registrar-specific at this point.  Yes.

 [Speaker is off microphone]

 >>AVRI DORIA:  You don't have a mic, please.

 >>PAUL STAHURA:  I just wanted to quickly add that if he was to change that address 
every, like, 12 hours or once a day, then that address wouldn't get spam -- the new 
address wouldn't get spam because the spammer has to remind the WHOIS, you know, 
every 12 hours to get the new address.

 >>DAVE PISCITELLO:  And that may be, you know, a mechanism that -- you know, 
that a registrar could use in providing the e-mail obfuscation, yeah.

 >>STEVE CROCKER:  Let me... I haven't actually tried to change my e-mail address 
that frequently but there's Type 1 and Type 2 errors.

 [Speaker is off microphone]

 >>STEVE CROCKER:  I'm sure I have a lot to learn from you and I should probably 
spend more time doing so, but it occurs to me there's Type 1 and Type 2 errors in that 
kind of process, so that things can get lost that ought to go through, and we can take it up 
over dinner or something.

 >>AVRI DORIA:  Okay.  I thank you.

 >>DAVE PISCITELLO:  Thank you.

 >>AVRI DORIA:  So thank you, Dave, and thank you, Steve, for coming.  And talking 
to us about it.

 >>STEVE CROCKER:  Thank you.

 >>AVRI DORIA:  Interesting report.

 >>AVRI DORIA:  So now to the last one for the day, the add-on subject of the day, and 
I've asked basically we got -- we asked for and got an issues report relating to inter-
registrar transfers, and so Karen's going to give us an overview on the issues report.  
Where we are at in this meeting is that we need to decide whether we're going to initiate a 
PDP on this, and if we decide that we are going to initiate a PDP, then we'll need to 
decide on the task force versus non-task force process.  Or whether we're going to say, 
"Gee, you know, we need to spend some more time and we'll do this at our next 
teleconference."

 But in any case, we need to talk about the issues report and see where we go from here, 
so -- Karen?

 >>KAREN LENTZ:  Okay.  Thank you.  This should be pretty quick.  I'm going to go 
through the major parts of the issues report which are some background on what the 
issues are, well, some background to how we got to this point, what the specific issues 
are that are in the report, and then what the staff recommendation is, in terms of moving 
forward.

 So the -- the issues report concerns a specific set of issues relating to the inter-registrar 
transfer policy, or transfer policy for short, which is an existing GNSO consensus policy 
from 2004.

 And it -- you know, the policy relates to, you know, transfers of domain names between 
registrars, so what procedures and requirements need to be followed, if I'm -- if I have a 
domain name and I want to move from registrar A to registrar B.

 The original consensus policy recommendations also had recommended that there be 
some monitoring by the GNSO for the effectiveness of the policy at certain intervals, and 
so a working group was formed by the council to review some of the issues based on 
experiences after implementation of the policy, and then recommend possible further 
steps toward the work to be done on it.

 The working group outputs came out last month.  There were three pieces to that, and 
each of those had a resolution from the council as far as next steps.

 And that was discussed at the meeting on the 20th of September.

 The first output was a draft advisory which contained certain reminders and 
clarifications about the policy, and what the council resolved was to -- that that draft 
advisory would be distributed to the constituencies for comment, and then based on that, 
you know, a decision about whether to go ahead and post it as an advisory to the 
community.

 The second output from the working group was an overall list of policy issues that could 
possibly be referred to the council to do some more work on, and the council resolved on 
that one to form a short-term working group to look at the whole broad list and do some 
prioritization in terms of what should be -- you know, what's really important to address, 
and when.

 And then finally, the third output was a short list of issues that all had to do with Section 
3 of the policy, and what is in Section 3 of the policy is a specific list of reasons when -- 
or circumstances where a registrar can prevent a registrant from transferring a domain 
name, so they can actually deny a transfer that's been requested.

 And there are listed in the policy nine specific limited cases when that can happen.

 And so -- and I'll talk about those issues in more detail in a second.

 So there's a list of four of those, and the council resolved to request an issues report just 
on those particular -- that particular set of issues as Step 1 to possibly doing a policy 
development process on those.

 So as I said, there are four issues that are discussed in the issues report, and I'll just talk 
about them really briefly.  There's a lot more detail in the report.

 But the first one is non- -- you know, to put it briefly, is nonpayment.  That's the reason 
that the transfer can be denied.  But there is quite a bit of ambiguity or lack of definition 
in terms of the time frames that are listed in that clause in the policy.  It lists some terms 
like current, previous, pending or future registration period, which are not defined and 
can be sort of calculated differently, depending on which set of data that you're looking 
at.

 The second issue or second point in the policy is registrar lock status, and that one, you 
know, provides that a registrar can deny a transfer if the name is on registrar lock status, 
but the registrar also has to provide a, quote, readily accessible and reasonable means for 
the lock status to be removed.

 And so, you know, clearly there's -- it's difficult to uniformly apply something like 
readily accessible and reasonable without a little more -- you know, some more standards 
or tests around that.

 The third one is 60 days of an initial registration period.  "Initial registration period" is 
not defined.  There are, you know, views of that as meaning one thing or another thing, or 
maybe several things.  And then the same -- the last one is 60 days of a previous transfer, 
which as above, "a previous transfer" can be interpreted to mean a few different things.

 For example, if I've sold my name to somebody else, is that considered to be a previous 
transfer or is it only an inter-registrar transfer?  Which happens under the policy.

 So really the -- the aim at having an issues report on these -- on this specific set of issues 
is to do some clarification and tightening of the language that's there.  And the approach 
that's being suggested is to sort of separate this set of issues from the whole broad list, 
and do something that I think is expected to be relatively quick, if you limit it to these 
particular things and that, you know -- set the scope of what you're trying to achieve.

 So in the report, there -- the last part of it is a staff recommendation on how to proceed, 
and what the bylaws require is that staff look at some questions about whether the issues 
are within the scope of ICANN's mission statement, whether it -- whether they're broadly 
applicable to multiple situations or organizations, whether they're likely to have lasting 
value or applicability, whether they will establish a guide or framework for future 
decision making, and whether they will implicate or affect an existing ICANN policy.

 And the analysis from staff was positive on all of those points.

 So it was concluded that the issues are within scope of -- of ICANN policy process and 
the GNSO, something that could be appropriately worked on.  Staff thought that it would 
be beneficial to do some work towards further clarification and tightening of the language 
that's there in the existing policy, and staff also recognized that there is -- and this is not 
the only set of issues that has to do with the transfer policy.  There are others, and staff 
would also continue to support the further work on -- possible further work on some of 
those.

 So that's an overview of what's in the report, and I'll be happy to take any questions.

 >>AVRI DORIA:  Okay.  Yeah.  Thank you.  I'd like to open it to both taking questions 
and to comments.  Ross first.

 >>ROSS RADER:  I just wanted to make a follow-up comment to Karen's statement just 
outlining why this is important work for the council.

 These -- the original domain name portability or domain name policy recommendations 
were made under the old DNSO policy development processes which were very, very 
loose, and a lot of it had to really do with -- it really came down to, you know, what did 
Louie think the best way to proceed on specific issue was.

 So the guidance that we received from staff under this old structure and this old 
management was simply leave the implementation to us.  Just give us the high-level 
policy recommendations and we'll figure out how to write it into the contract.

 Then the DNSO went away and Louie went away and all memory of these conversations 
kind of fade into the background and the GNSO was left with these policy 
recommendations that couldn't really be tightly implemented.  They were implemented 
nonetheless, but there's a lot of confusion over them.

 So really, I think, what we're asking for at this point is the opportunity to go back under a 
much more defined process to tighten it up so that we can actually complete the 
implementation that we started four years ago now.

 >>AVRI DORIA:  Okay.  Thanks.  Chuck.  Anyone else want to be --

 >>KRISTINA ROSETTE:  Yeah, Avri.

 >>AVRI DORIA:  Kristina.  Anyone else?

 >>CHUCK GOMES:  Yeah.  The -- I'd like to communicate my opinion that I don't 
think we're talking about a very complicated process here.  I don't even think it's very 
controversial.  It just needs to be cleaned up.  And not only these things in this PDP, but I 
think your group that you're working on now is actually going to prioritize some other 
things that was -- that came out of the working group's report, which will also, in 
subsequent PDPs, could clean it up even a little bit more.  Some issues especially I know 
that we as a registry, because we have to manage the dispute process, there are certain 
things that we've found that if -- with some tweaks could clean it up and reduce even 
more confusion.

 So I would hope that we, as a council, can treat this as a -- as one of our rare, simple 
PDPs, and not make it over -- overcomplicated, because I really think it can be.

 I do believe that registry and registrar participation is really important because they have 
the firsthand experience of what's going on, but should also involve others as well that 
are interested in that.

 >>AVRI DORIA:  Okay.  Kristina?

 >>KRISTINA ROSETTE:  I've read the initial recommendation -- I guess it was last 
month -- and I read this, but what I don't remember is:  Is there any historical document 
that's accessible on the site anywhere that would kind of delineate, for example, why 60 
days as opposed to like 30, 15, what some of the -- the policy considerations at the time 
were, so that for those of us who haven't been involved in this from the beginning, we can 
have a context for it?

 >>KAREN LENTZ:  There is -- you know, the policy that we have now is based on the -
- I think it was called something like "Final Report on Gaining and Losing Registrars" 
that the task force did, and there's -- it's a pretty long report and there's a lot of discussion 
about why certain things were arrived at, and not -- you know, that aren't reflected.  You 
can't just from reading, "Here are the 29 recommendations themselves."  You know, sort 
of like the new gTLDs report.  Here's the set of recommendations but there's a whole lot 
of, you know, discussion about that in the -- in that report, which is on line.

 >>KRISTINA ROSETTE:  Okay.

 >>ROSS RADER:  To answer the specific question, though, that came out of a 
compromise.  It was originally 10 days and then somebody said 6 months and we settled 
on something that was in the middle.

 >>KRISTINA ROSETTE:  So it's not as if -- if I'm understanding correctly, there's no 
kind of technical or operational reason for having 60 days as opposed to any other?

 [Speaker is off microphone]

 >>KRISTINA ROSETTE:  Got it.

 >>CHUCK GOMES:  If I can just -- it's important to realize, too, that the transfer 
working group was one that was really struggling for a long time, and got to -- so, you 
know, this is maybe good for -- in light of the fact that we talked about WHOIS today.

 Didn't last that long, but it was a long process, and there were competing sides within the 
registrar community that were, you know -- and so it was going nowhere.

 But a lot of these things that came out -- and Ross talked about compromises.  There was 
some good work that ultimately happened to develop what we have now, and it's one of 
the positive -- it's definitely positive evidence of what can happen even in a very difficult 
and contentious situation.

 >>AVRI DORIA:  Anyone else want to comment?  Discuss this issue at the moment?  I 
mean, we'll be bringing it up on Wednesday to decide -- was that a hand?

 >>MIKE RODENBAUGH:  Again, am I missing something here?  It just seems like 
you're really inconsistent there.  This was a torturous process for four years, yet now you 
think we can have a targeted PDP that resolves the situation a few months?

 >>AVRI DORIA:  Well, there is experience now.

 >>CHUCK GOMES:  Yeah, that's absolutely -- that's absolutely correct.

 >>AVRI DORIA:  And I think that's often the case when you haven't had experience 
doing something and have.  Anyone else want to comment?  Yes, Ross.

 >>ROSS RADER:  You just -- it's just the question of timeliness.  You know, I don't see 
anything in there that's controversial at all, unless you're holding back on something that I 
don't know about.

 [Laughter]

 >>MIKE RODENBAUGH:  No, no.

 >>ROSS RADER:  But, you know, this really is -- I'd almost characterize this, and 
anybody feel free to correct me but I'd almost correct this as an administrative process at 
this point.  I think we've all got a -- at least the people that are involved with -- at least 
with prioritization committee a good sense of history on there.  There's a good sense of 
both operational practical knowledge balanced with some good, you know, more 
academic view, and there's people from all sides of the community in there, whether it be 
the operators or the users or the suppliers, et cetera, et cetera, et cetera.  But -- so 
everybody is kind of on the same page that, you know, domain portability is good.  How 
do we make it work best, right?  I think it's just -- it's -- I think we do have our work cut 
out for us.

 >>MIKE RODENBAUGH:  Just to respond that, just an administrative item, the BC has 
appointed somebody to that prioritization committee.  I don't think it's been 
communicated to you yet.  But it's Mike O'Connor so please, let's get him on the list.

 >>AVRI DORIA:  Okay.  I have J. Scott and Paul.

 >>J. SCOTT EVANS:  J. Scott Evans for IPC.  I think that this is an example of what 
you're going to find yourself going on as ICANN matures.  You're always going to have 
these issues that went through a torturous process and then, because technology changes 
and the fixes you think you have put into place to resolve the situations have been gamed 
or there's misunderstanding or there's using ambiguity to clog up the process.  So I agree, 
you're always going to have to come back and do these administrative fixes, and I can tell 
you that as somebody who represents domain name owners, both large and small, this is a 
huge problem when you're doing mergers and acquisitions and you've got someone who 
clogs up the process and you're talking about millions of domains you're trying to move 
over for a large institution that you're trying to get security agreements and things done at 
the bank so that you can get your financing in place for your revolving credit agreements.  
This is a very big deal.  But it's also a big deal for a woman who's running a cookie 
company out of her home and has a Web site and has found a better process because she's 
had processing problems with her server and she wants to change and she finds now she's 
spending more time trying to get her domain name moved to someone who can handle 
the volume of business she's now doing rather than running her cookie business.

 So this is a really important thing for all levels of domain name holders and I hope that 
you all will clean it up, so that you take the gamesmanship out of it, and that the process 
and the portability that is recognized that is important can work.

 >>AVRI DORIA:  Okay.  Thank you.  Paul?

 >>PAUL STAHURA:  I agree with Chuck.  The first time, you know, took a long time, 
was very contentious and controversial.  Sorry.  The first time was pretty contentious and 
controversial, took a long time, and -- but I don't -- I agree that this time, it's not that.  
The only controversial piece, and it's not even that controversial, would be transfers after 
expiration and that's that just essentially needs to be clarified.  So I pretty much agree 
with what's been said.  It's -- it's not that controversial this time around.

 >>AVRI DORIA:  Anyone else wish to comment on this?  I mean I don't want to drag it 
on, but I want to make sure that everything -- yes, Chuck.  You've got your finger on the 
speak button.

 >>CHUCK GOMES:  Sure.  Well, just I think, you know, we're -- we're often criticized 
because of how long we take to do things.  This is actually an opportunity to make 
something -- get something going quickly, and I would hope if we don't discover any 
reasons to the contrary that we could actually, on Wednesday, just vote to initiate the 
PDP on this.

 >>AVRI DORIA:  Yeah.  Well, actually once we vote to initiate a PDP and this is 
something that will happen, and several others, we will immediately have that discussion 
of whether we're doing task force or non-task force.  And that's something that we're 
going to have to explore, especially in light of the conversation that we're going to start 
out with tomorrow in terms of working groups and organizations and the notion that task 
forces put us in that constituency bucket, whereas non-task force doesn't necessarily.

 So, you know, that's something -- we, basically -- as soon as we have one vote, we've got 
the other decision to make, too.

 Yes, Ross?

 >>ROSS RADER:  I think that's almost a conversation that's worth having now.

 >>AVRI DORIA:  That's kind of why I brought it up.  But I didn't want to extend the 
day if people didn't want to do it.

 >>ROSS RADER:  I think we have time.

 >>AVRI DORIA:  I did schedule it for another hour.

 >>BRUCE TONKIN:  You have a number of things on the agenda.

 >>AVRI DORIA:  But they all have that same question.

 >>BRUCE TONKIN:  The question about whether to form working groups and how you 
do it is a good question.  It is not specific to transfers.

 >>AVRI DORIA:  It is not specific to transfers, but it is specific to each one of them.  
The question has to be answered for each one.  Now, there may be a general question -- 
and I should have asked you to put on the mike.

 But there may be a general question -- I mean, a general answer, a general form of 
thought.  But for each individual one we have to say, Okay, do we use the task force 
which is very defined, very constituency-oriented?  Or do we use the non-task force 
where we go to the constituencies, we get their viewpoints, we get the community 
viewpoint, we put out a report and then we go into deliberations of the council?  At which 
point we may say, Okay, it is done, we understand, from the work we've done.  Or we 
say, Oh, a working group to figure this one out that's not constituency based is the way to 
go.

 And goes to whereas we could do the same thing with a task force except that at that 
point we start out with people having voted and having our barriers created.  So it is a 
discussion we need to have on each one unless we can resolve it in some sort of general 
form of thought.

 So Tim.

 >>TIM RUIZ:  Just a quick question.  You keep saying not constituency based.  I'm just 
wondering, what kind of policy can proceed that doesn't involve the constituencies?

 >>AVRI DORIA:  Not that doesn't involve the constituencies.  But if you look, the 
constituencies are always there.  They're always at the root of it all.

 But if you look at the recommendations -- And as I say we will get more of that 
tomorrow when the board comes in.  It's how do we open up to a larger working group 
process.  It's not necessarily just the people on the council.  It is not even necessarily just 
the people in the constituencies that contribute to the work.  In other words, we've had 
ALAC members in working groups.  We've had GAC members in working groups.  
We've had people who were individuals who weren't members of any constituency 
participating in working groups that then came back.

 Certainly, the council was always constituency based and the council making its 
decisions.  But in a task force by bylaw we vote and, you know, we vote at the task force 
before voting at the council.

 So we really do a vote twice.

 >>CHUCK GOMES:  Can I add to that?  I guess your question is really good, Tim.  In 
fact, Avri and I am having some discussions, I had to go back and read the Annex A and 
the bylaws especially for this part with the way they read because I was automatically 
concluded that a task force is better because I think we need to get away from the council 
doing everything.

 But the task force approach, the way it is outlined, is much more restrictive in the sense 
that you do have to have members from each constituency.  It's more -- you can involve 
others from the outside but they don't have any votes.  It doesn't really encapsulate the 
working group concept that we've been working on in some other areas that involves 
broader participation.

 It requires -- seems to require more voting.  

 She actually convinced me, I think, that the council has a whole approach is maybe the 
better way to go.

 But I will say that with this qualification.  I only think we should do that if that doesn't 
translate into what it has meant in the past, that the council does all the work.  To the 
extent that we use that approach to use working groups to do a lot of the work, I think 
that's a good way to go because I don't think it scales for us just to keep doing everything 
ourselves.  It is the wrong way to go.

 >>AVRI DORIA:  And so the point about the constituencies is the working groups don't 
need to be formed purely out of constituency.

 >>CHUCK GOMES:  Ultimately, you still have to come back -- the council still has to 
vote on anything that's done so you have the structure that we have in place now.  So it 
doesn't minimize that at all.  It spreads -- hopefully spreads the work out better.

 >>AVRI DORIA:  So any further discussion on that one?  As I say, we are not trying to 
get a resolution on it now but just trying to make sure when we get to the task force or not 
task force we have sort of thought that through.

 >>ROSS RADER:  This is, I think, a rather, let's call it, low-risk exercise.  In other 
words, there is not a lot at stake.  We already have policy.  There is not a lot of 
controversy around the subject matter and the work seems to be relatively 
straightforward.  I think it's safe to consider taking an alternate approach, in other words, 
experiment a little bit with this.

 It may not make it easier to do it, as Mike as very suspiciously points out but I think it is 
worth giving a shot to.  I don't have any serious objections to proceeding on that matter.  I 
think it would be an interesting exercise to try and use this as a -- I wouldn't call it a 
prototype but at least as a learning mechanism.

 >>AVRI DORIA:  And it still would be -- we still have to function within the bylaws.  It 
is just that the bylaws are very open about how we do our deliberations.

 >>CHUCK GOMES:  It could be an example of us applying some of the 
recommendations in the GNSO review.  Like she said, we are kind of stuck with the 
bylaws we have right now.  But within that, we should be able to actually exercise some 
of the principles that they're suggesting that I think are really sound.

 >>AVRI DORIA:  Any other comments on that now while we're still here, still talking, 
still not in the bar?  Not that I'm heading directly to the bar.

 [ Laughter ]

 But Dave brought up the bar and it was so very IETF.  So if no one else has any 
comment on this now, I thank everybody for their endurance today and see you tomorrow 
at 9:00 when we'll talk about GNSO -- what's the word -- reform.  Thank you all.  Thank 
you.