Whois’ days are numbered.
An “Expert Working Group” assembled by ICANN CEO Fadi Chehade has proposed that the old Whois service we all love to hate be scrapped entirely and replaced with something (possibly) better.
After several months of deliberations the EWG today issued an audacious set of preliminary recommendations that would completely overhaul the current system.
Registrants’ privacy might be better protected under the new model, and parties accessing Whois data would for the first time have obligations to use it responsibly.
There’d also be a greater degree of data validation than we have with today’s Whois, which may appease law enforcement and intellectual property interests.
The new concept may also reduce costs for registries and registrars by eliminating existing Whois service obligations.
The EWG said in its report:
After working through a broad array of use cases, and the myriad of issues they raised, the EWG concluded that today’s WHOIS model—giving every user the same anonymous public access to (too often inaccurate) gTLD registration data—should be abandoned.
Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use.
The acronym being proposed is ARDS, for Aggregated Registration Data Services.
For the first time, gTLD registrant data would be centralized and maintained by a single authority — likely a company contracted by ICANN — instead of today’s mish-mash of registries and registrars.
The ARDS provider would store frequently cached copies of Whois records provided by registries and registrars, and would be responsible for validating it and handling accuracy complaints.
To do a Whois look-up, you’d need access credentials for the ARDS database. It seems likely that different levels of access would be available depending on the user’s role.
Law enforcement could get no-holds-barred access, for example, while regular internet users might not be able to see home addresses (my example, not the EWG’s).
Credentialing users may go some way to preventing Whois-related spam.
A centralized service would also provide users with a single, more reliable and uniform, source of registrant data.
Registrars and registries would no longer have to provide Whois over port 43 or the web, potentially realizing cost savings as a result, the EWG said.
For those concerned about privacy, the EWG proposes two levels of protection:
- An Enhanced Protected Registration Service for general personal data privacy needs; and
- A Maximum Protected Registration Service that offers Secured Protected Credentials Service for At-Risk, Free-Speech uses.
If I understand the latter category correctly, the level privacy protection could even trump requests for registrant data from law enforcement. This could be critical in cases of, for example, anti-governmental speech in repressive regimes.
The proposed model would not necessarily kill off existing privacy/proxy services, but such services would come under a greater degree of ICANN regulation than they are today.
It appears that there’s a lot to like about the EWG’s concepts, regardless of your role.
It is very complex, however. The devil, as always, will be in the details. ARDS is going to need a lot of careful consideration to get right.
But it’s a thought-provoking breakthrough in the age-old Whois debate, all the more remarkable for being thrown together, apparently through a consensus of group members, in such a short space of time.
The EWG’s very existence is somewhat controversial; some say it’s an example of Chehade trying to circumvent standard procedures. But it so far carries no official weight in the ICANN policy-making process.
Its initial report is currently open for public comment either via email direct to the group or planned webinars. After it is finalized it will be submitted to the ICANN board of directors.
The board would then thrown the recommendations at the Generic Names Supporting Organization for a formal Policy Development Process, which would create a consensus policy applicable to all registries and registrars.
With all that in mind, it’s likely to be a few years before (and if) the new model becomes a reality.