Latest news of the domain name industry

Recent Posts

Whois plan approved, but it may be a waste of money

Kevin Murphy, September 24, 2020, 15:03:14 (UTC), Domain Policy

ICANN’s GNSO Council has approved a plan to overhaul Whois and sent it to the ICANN board for the royal assent, alongside a warning that it may be a huge waste of money.

All seven members of the Contracted Parties House voted in favor of the plan, created by the so-called EPDP working group, which would create a centralized System for Standardized Access/Disclosure for Whois records.

In the Non-Contracted Parties House, only the two members of the Intellectual Property Constituency and the two members of the Business Constituency voted against the headline resolution, with the remaining nine voting in favor.

This was sufficient to count as a supermajority, which was the threshold required.

But the board will be receiving the SSAD recommendations alongside a request for a consultation on “whether a further cost-benefit analysis should be conducted”:

Noting some of the questions surrounding the financial sustainability of SSAD and some of the concerns expressed within the different minority statements, the GNSO Council requests a consultation with the ICANN Board as part of the delivery of the GNSO Council Recommendations Report to the ICANN Board to discuss these issues, including whether a further cost-benefit analysis should be conducted before the ICANN Board considers all SSAD-related recommendations for adoption.

The cost of SSAD is currently estimated by ICANN loosely at $9 million to build and $8.9 million a year to run. Under the approved recommendations, it would be paid for by accreditation fees paid by end-user data requestors.

And the benefits?

Well, to listen to the IPC, BC, governments and security experts — collectively the expected customers of SSAD — the system will be a bit rubbish and maybe not even worth using.

They complain that SSAD still leaves ultimate responsibility for deciding whether to grant access to Whois records to trained humans at individual registries and registrars. They’d prefer a centralized structure, with much more automation, more closely resembling the pre-GDPR universe.

Contracted parties counter that if GDPR is going to hold them legally responsible for disclosures, they can’t risk offloading decision-making to a third party.

But this could prove a deterrent to adoption, and if fewer companies want to use SSAD that could mean less revenue to fund it which in turn could lead to even higher prices or the need for subsidies out of ICANN’s budget.

The IPC called the recommendations “an outcome that will not meet the needs of, and therefore will not be used by, stakeholders”.

It’s a tricky balancing act for ICANN, and it could further extend the runway to implementation.

The most likely first chance the ICANN board will get to vote on the recommendations would be the AGM, October 22, but if the GNSO consultation concludes another cost/benefit analysis is due, that would likely push the vote out into 2021.

There’s the additional wrinkle that three of ICANN’s four advisory committees, including the governments, have expressed their displeasure with the EPDP outcome, which is likely to add complexity and delay to the roadmap.

And the GNSO’s work on Whois is not even over yet.

Also during today’s meeting, the Council started early talks on whether to reopen the EPDP to address the issues of data accuracy, whether registrars should be obliged to distinguish between legal and natural persons, and whether it’s feasible to have a uniform system of anonymized email addresses in Whois records.


If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.

Tagged: , , , , ,

Comments (3)

  1. k.den says:

    Bill it to to the European Union. Whois was fine until GDPR broke it. This is all the result of GDPR. I’m an American system and hate this new whois-less world we live in. What a mess!!

    • Kevin Murphy says:

      To be fair, GDPR is no longer the only privacy legislation impacting this discussion. Some of them are American.

    • Volker Greimann says:

      Whois was never “fine”. It always was a problematic resource, a source of data for spammers, fraudsters and stalkers.
      Ever since the Internet was mainstream Whois was in dire need of overhaul to prevent abuse and to protect the private data of domain name registrants.
      All attempts at change were blocked over the years by the parties with an interest in freely obtaining this data.
      It was only a quation of time for the whole house of cards to come crashing down, and in the end, all it took was a law from the EU.

Add Your Comment