Minutes of the Meeting of the CIRA Board of Directors held via teleconference on May 7, 2008, at 3:30 p.m. Ottawa time.
Directors attending: Paul Andersen, Annette Cyr, John Demco (ex-officio and Secretary), Heather Dryden (ex-officio), Christopher Goodfellow, Robert Ford, Byron Holland (ex-officio), Ron Kawchuk, Lynne Mackan-Roy (Vice-Chair), Ross Rader, Bill Reid, Debi Rosati (Chair), Jeff Rybak, Rick Sutcliffe
Regrets: Richard Anderson
Guests: Albert Chang (CIRA), Michael Stewart (CIRA)
Recording Secretary: Lynn Gravel (CIRA)
1. Approval of Agenda
Be it resolved that the agenda be adopted as presented.
(Moved: L. Mackan-Roy, seconded: R. Rader)
R. Ford joined the meeting
2. WHOIS Status and Issue Update
…We will disclose personal information, other than via the WHOIS, as stated below, and the “Registration Information Access Rules and Procedures”, as explained above, only:
(a) in the event that a law enforcement agency, court of competent jurisdiction, tribunal, judicial board, administrative body, judicial commission, or any other judicial body of competent jurisdiction requests personal information by way of an order, ruling, decision, subpoena, warrant, or judgment; or
(b) pursuant to the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5;…”
B. Holland noted that under this proposed mechanism, CIRA would disclose the name of the Registrant and the contact details for the administrative and technical contact only to requestors who are clearly able to establish that they have a legitimate reason for access to this information and backed by supporting documentation. Supporting documentation would consist of independent or third party proof or validation showing that the requestor has a legitimate reason for access to WHOIS information. Staff foresees two categories of issues: 1) the domain name violates an intellectual property right of the requestor; and 2) the domain name gives rise to a personal claim such as identity theft. Registrants would be advised of this process and consent to it in advance.
Certain members of the Board of Directors raised concerns that this process implied a policy change inconsistent with a previous Board’s original intent and that the process favoured one group over the others. For example, it involved giving administrative process driven disclosure to intellectual property rights holders in advance of other groups such as law enforcement.
Staff also noted that they were working in parallel with other groups, namely, law enforcement, with respect to the circumstances in which CIRA will disclose Registrant information. In this regard, the processes for disclosure of WHOIS information for private parties and for law enforcement were working in parallel, and one group was not being favoured over the other.
A. Chang, L. Gravel, B. Holland and M. Stewart withdrew from the meeting and the Board of Directors held an in camera session.
J. Rybak joined the in camera session.
Following the in camera session, A. Chang, L. Gravel, B. Holland and M. Stewart rejoined the meeting.
There was considerable debate between the Board and staff over staff’s proposed implementation procedure where certain of the Board members were of the view that staff was moving too quickly. R. Ford and other Directors suggested that the scheduled June 10th "go live" date for the WHOIS implementation be delayed to complete discussions with Industry Canada and the RCMP. It was suggested that the timelines are now very short and important implementation issues have been raised which need to be properly flushed out and debated. A discussion was held on the advantages and disadvantages of delaying implementation. Several directors and B. Holland commented against delaying implementation given the impact that would have on the WHOIS rollout and CIRA’s credibility, especially given the prior delays. Staff indicated that they felt the discussions with Industry Canada and the RCMP could be properly completed in time for the currently scheduled June 10th implementation. The Board of Directors proposed that staff proceed with the implementation of the new WHOIS on June 10, 2008, with expedited public consultations conducted at the same time on the issue of disclosure of Registrant information. Staff noted that if this was the plan, this meant that there could not be any disclosure exceptions in the interim for any particular stakeholder, and that the discussions with groups such as law enforcement would have to be deferred and be part of the public consultations.
The meeting was adjourned at 6:00 p.m. and it was agreed to reconvene on May 9, 2008 at a time to be determined.
Minutes of the Meeting of the CIRA Board of Directors held via teleconference on May 9, 2008 at 8:30 a.m. Ottawa time
Directors attending: Paul Andersen, Richard Anderson, Annette Cyr, John Demco (ex-officio and Secretary), Heather Dryden (ex-officio), Robert Ford, Christopher Goodfellow, Byron Holland (ex-officio), Ron Kawchuk, Lynne Mackan-Roy (Vice-Chair), Ross Rader, Bill Reid, Debi Rosati (Chair), Jeff Rybak, Rick Sutcliffe
Guests: Albert Chang (CIRA), Michael Stewart (CIRA), Len St-Aubin (Industry Canada)
Recording Secretary: Lynn Gravel (CIRA)
1. WHOIS Status and Issue Update
D. Rosati thanked the Board of Directors for their time and discussion regarding this matter since the last meeting and anticipated that a decision would be made at the conclusion of the meeting. D. Rosati introduced Len St-Aubin, Director General, Telecommunications Policy at Industry Canada. L. St-Aubin was asked to join the call to articulate Industry Canada’s position on the WHOIS Policy.
Industry Canada highlighted the importance of taking into account CIRA’s established policy and process when implementing the WHOIS policy. Given the various interests of stakeholders with regard to WHOIS implementation, and the fact that CIRA operates a public resource, CIRA needs to be attentive to a wider range of interests and impacts than a private company needs to be.
The Department further recognised the challenge now facing CIRA as it works to execute the policy in a practical or workable manner. CIRA needs a defensible rationale for implementation measures to be taken, as well as a strategy for notifying the public and the various stakeholder groups involved or affected by the implementation of the WHOIS policy. Industry Canada explained that from the Department’s point of view, such care and consideration is necessary in order to preserve the credibility of the organisation.
Industry Canada strongly urged CIRA to focus simultaneously on the various legitimate uses of the WHOIS, to contend with issues such as, trademark infringement, situations where an individual’s personal name has been used to misrepresent, child exploitation, attacks on the network, and national security (narrowly defined) when considering what circumstances could necessitate provision of the non-published WHOIS name and address of an individual to a third party, without presentation of a court order. Industry Canada also emphasised that the concerns of law enforcement should not be considered secondary to the legitimate interests of other stakeholders.
Industry Canada indicated that it remains ready to work with and assist CIRA and the Board in the successful implementation of CIRA’s WHOIS policy.
R. Anderson joined the meeting.
L. St-Aubin withdrew from the meeting.
As a preliminary matter, D. Rosati reminded the Board of Directors of the Directors’ Code of Conduct, specifically, their fiduciary duty to maintain confidentiality as well as to disclose Conflicts of Interest. It appears that there had been some discussions outside the Board and there were concerns that a Board member may have discussed the WHOIS Policy outside the Board. At the request of D. Rosati, M. Stewart summarized the Policy as a general reminder, and referred the Board of Directors to Section 3: Conflict of Interest and Section 4: Confidentiality. An objection was raised to this interpretation of the Policy on the basis that it was important that Board members be allowed to consult with outside people regarding decisions of the Board. M. Stewart articulated that he was simply reading the Policy as is, with no interpretation, and other Board members commented that a Board member should not be discussing Board matters with outsiders without the express consent of the Board. R. Ford asked that any director who may have spoken to or discussed WHOIS policy outside the Board to indicate so, and no such discussions were indicated. D. Rosati asked that each Director declare any conflicts, and no conflicts of interest were declared.
D. Rosati put a suggestion of how to move the meeting forward. Since L. St-Aubin presented Industry Canada’s view, B. Holland would then provide a discussion of the four possible scenarios identified by Staff. A motion would then be put forward for a vote.
A request was made that Directors have an opportunity to present submissions after the vote explaining why they voted the way they did.
B. Holland presented the following four implementation scenarios to the Board of Directors:
1) Implement WHOIS with specified process for Section 6(b)
Under this scenario, CIRA would implement WHOIS on June 10, 2008 with a stringent process outside of Court Orders to allow those with a legitimate reason access to certain Registrant information. This would be limited to (1) law enforcement in the areas of child exploitation, national security, and attacks on the network, (2) intellectual property rights (e.g. trademarks), and (3) personal claims (e.g. identity theft). Parties would be required to show that they had a legitimate reason for the Registrant information, backed by supporting documentation. Non-Law Enforcement parties would also be required to first use the Interested Party Contact Procedure. B. Holland also indicated that there would be a guaranteed consultation process within the first 12 months of the WHOIS launch.
2) Implement WHOIS but with an immediate consultation
Under this scenario, Staff would implement WHOIS and would only disclose Registrant information pursuant to a Court Order. There would be an immediate consultation process throughout the summer on the issue of disclosure, with the Board making a decision around Labour Day. It was noted that Staff would require specific direction from the Board regarding critical requests for Registrant information which could arise before the Board made its decision.
3) Stop implementation of WHOIS, with consultation
Under this scenario, Staff would stop the implementation of WHOIS, and would initiate public consultations. B. Holland noted that this would allow Staff to look at the issues with the benefit of the years of history. However, this scenario would also have certain negative consequences, such as Individual Registrants would be delayed in obtaining privacy protection.
4) Implement WHOIS with no changes or consultations
Under this scenario, Staff would implement WHOIS as is with no changes or consultations. Registrant information would only be disclosed pursuant to a Court Order.
Staff’s recommendation was to proceed with the first scenario. Staff strongly believed that this first option struck the most reasonable balance between the various affected stakeholders and as a result presented the smallest legal and operational risk. B. Holland noted that this scenario was consistent with the principles articulated in Michael Binder’s letter to CIRA of September 15, 2006 in which he recognized “the importance of considering the issues raised by stakeholders about trademark infringement and spamming” and that “it will be important as the new policy is implemented to strike a balance, to the extent possible, between the governing principle of privacy protection and facilitating access, as permitted by the new policy”.
According to Staff, Scenarios two and three offered other avenues for implementation that incurred respectively higher risk and liability profiles, operational overhead, and costs. Staff was of the view that Scenario four presented a significant and unacceptable level of risk to the organization and felt that it was not in the best interests of CIRA or its stakeholders, and strongly recommended that this approach not be considered.
Staff put forward a resolution to the Board of Directors:
Such circumstances are: Intellectual Property claims (e.g. trademark, copyright), personal claims (e.g. identity theft) and law enforcement matters (i.e. child exploitation, national security (narrowly defined) and attacks on the Internet). Staff will determine the best means, process and documentation to implement such process and circumstances, as well as the necessary communications strategy;
Staff will announce and implement this process by June 10, 2008 (the date the new WHOIS policy is being implemented);
CIRA will hold a public consultation regarding this disclosure process within 12 months of its implementation; and
Staff will update the Board on the implementation of this disclosure process, at the Board of Directors’ meeting on June 3, 2008.
(Moved: L. Mackan-Roy, seconded: A. Cyr, in favour: A. Cyr, R. Ford, C. Goodfellow, R. Kawchuk, L. Mackan-Roy, B. Reid, D. Rosati, R. Sutcliffe; opposed: P. Andersen, R. Anderson, R. Rader and J. Rybak, motion carried).
It was directed that Staff produce an implementation package and communications strategy at the June 3, 2008 meeting.
Directors were advised that they would be given the opportunity to put forward their comments on why they voted the way they had if they wished to do so.
There being no further business, on motion by A. Cyr and seconded by R. Sutcliffe, the meeting was adjourned at 9:45 a.m.