Hello Jo,

my feedback on the draft whois policy -
http://www.auda.org.au/docs/auda-whois-draft.pdf follows.  And copied to the
dns listserver for general discussion :)



I believe that the "Registrant Street" field should not be visible in the
public whois.  That is, it should be visible to a holder of the domain PIN,
but not visible otherwise.


The benefit of removing that field is that the whois data cannot be used as
a source of address information to generate spam paper mail.  Also, there
appears to be no downside to removing this field from the visible whois.


Measuring this proposal against each of the three principles listed as
auDA's objective in section 2.2 of the draft gives the following analysis:


> a) the rights of registrants, under Australian law,
> in relation to how their personal information is handled;

Clearly, removing "Registrant Street" enhances point a)

> b) the role of auDA to promote a competitive and
> efficient domain name industry;

Point b) is unaffected by removing "Registrant Street" from the publicly
visible whois data.  The domain name's existing Registrar, plus any new
Registrar that the Registrant had chosen to move to and had provided the
domain name PIN to, would have access to the "Registrant Street" data
anyway.

> c) the interests of law enforcement agencies in accessing
> information about domain names for consumer protection and
> other public interest purposes.

Removing "Registrant Street" from the whois has no detrimental affect on the
operation of law enforcement agencies because:

* Law enforcement agencies can determine the street address of the
organisation that holds the domain name using a search of the existing
information such as the white pages phone directory.
* Law enforcement agencies can get legal access to the whois database if
they so choose.

The nature of the eligibility rules for domain names issued under existing
third level domains under .au (i.e. names are issued to organisations not
individuals) supports my comments about the ability of law enforcement
agencies to identify domain name holders without having the "Registrant
Street" details.  Organisations are much easier to trace than individuals.

Since auDA (according to the draft) is happy that individuals with .id.au
domain names don't have ANY of their location details public in the whois,
it's difficult to support any argument that law enforcement agencies would
be affected by "Registrant Street" not being visible for Organisations that
have domain names.


On this issue, I recommend that auDA follow the procedure used by ASIC.
Their public information on companies and registered business names - see
http://www.search.asic.gov.au/gns001.html - has a similar purpose to the
domain name whois.

For example, their public information on .au Domain Administration Limited
is:

Name                           .AU DOMAIN ADMINISTRATION LIMITED
ACN                            079 009 340
ABN                            38 079 009 340
Type                           Australian Public Company, Limited By
Guarantee
Registration Date              23/06/1997
Status                         Registered
Locality of Registered Office  Carlton VIC 3053
Jurisdiction                   Australian Securities & Investments
Commission

Note that they do NOT make the street details public, and this prohibits
people using ASIC's on-line database as a source of addresses for spam paper
mail.

It is difficult to see how auDA could justify not following an identical
strategy to ASIC, especially given the history of unsolicited .au domain
name renewal notices over the past 18 months.


As there are clear benefits but no identifiable downside, I strongly support
removing "Registrant Street" from the publicly visible whois data.



Regards, Mark

Mark Hughes
Effective Business Applications Pty Ltd
effectivebusiness§pplications.com.au
www.pplications.com.au
+61 4 1374 3959