Latest news of the domain name industry

Recent Posts

Chehade kicks off massive Whois review

Kevin Murphy, December 14, 2012, Domain Policy

ICANN has started the ball rolling on its potentially radical rethink of how Whois works with formation of a new “Expert Working Group” tasked with examining the issue.

As ICANN chair Steve Crocker told DI last month, this is the first stage of a root-and-branch reexamination of Whois databases, what they’re for, and how they’re accessed.

According to ICANN, which is referring to Whois as “gTLD registration data” presumably to avoid confusion with the Whois technical standard, the group will:

1) define the purpose of collecting and maintaining gTLD registration data, and consider how to safeguard the data, and

2) provide a proposed model for managing gTLD directory services that addresses related data accuracy and access issues, while taking into account safeguards for protecting data.

Whatever the new Expert Working Group on gTLD Directory Services comes up with between January and April next year will be punted to the Generic Names Supporting Organization for an ICANN board-mandated Policy Development Process.

The PDP could create policies binding on gTLD registries and registrars.

Jean-Francois Baril has been hand-picked to chair the group. He has no connection to the domain name industry but appears to have worked with ICANN CEO Fadi Chehade on the RosettaNet standards-setting project.

Crocker and fellow ICANN director Chris Disspain will also join the group.

ICANN wants volunteers to fill the other positions and it seems to be eager to find outsiders who do not already represent entrenched ICANN constituency positions, saying:

Volunteer working group members should: have significant operational knowledge and experience with WHOIS, registrant data, or directory services; be open to new ideas and willing to forge consensus; be able to think strategically and navigate conflicting views; have a record of fostering improvements and delivering results; have a desire to create a new model for gTLD directory services; and be able to volunteer approximately 12-20 hours a month during January – April 2013 to the working group.

Individuals who have worked extensively in the areas of registration data collection, access, accuracy, use, privacy, security, law enforcement, and standards and protocols are also encouraged to consider working group membership. As the working group will be a collection of experts, it is not expected to be comprised solely of representatives of current ICANN community interests. Although members may not come directly from ICANN structures, the working group will have a deep understanding of, and concern for, the ICANN communities’ interests.

Obviously law enforcement and intellectual property interests will be keen to make sure they’re amply represented in the group, as will registries/registrars and privacy advocates.

ICANN asks: just what the hell is Whois for anyway?

Kevin Murphy, November 19, 2012, Domain Policy

It’s back to basics time at ICANN, with the launch today of a massive effort to take a fresh look at Whois.

This could be a biggie.

“We’re going to go back to the fundamentals and ask: what problems are being addressed by Whois, who’s using it and what are they using it for?” ICANN chair Steve Crocker told DI.

The ICANN board of directors earlier this month passed a resolution, published today, that calls for:

a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations

This is bare-bones, fundamental stuff, likely to encompass pretty much every controversial issue to hit Whois over the years.

Crocker noted that the use of Whois, originally designed to help people locate the operators of large multi-user computing services, has changed over the years.

Is Whois now there to help law enforcement track down crooks? Is it there to help intellectual property owners enforce their rights? Should it help domainers verify who they’re transacting with?

Should published Whois records always be complete and accurate? Is there a right to privacy in Whois?

These are the some of the big questions that ICANN has tried and failed to grapple with over the last decade, and Crocker said that now is the time to answer them.

“My own feeling is that this must not suffer from the endless delays it has in the past, but at the same time it’s essential that we get it right rather than get it done quickly,” he said.

The new board resolution didn’t appear of thin air, however.

It’s a response to the recommendations of the Whois Policy Review Team, which earlier this year called for ICANN to make a Whois a strategic priority.

The review team itself was set up to comply with ICANN’s Affirmation of Commitments with the US Department of Commerce, one of ICANN’s core documents and part of the basis of its legitimacy.

But the AoC may presuppose certain outcomes of any root-and-branch Whois reform, calling as it does for a Whois policy that “meets the legitimate needs of law enforcement and promotes consumer trust”.

Crocker said that doesn’t necessarily rule out a big rethink about the way Whois data is accessed.

“Today, all of the information in Whois is published for the public,” he said. “Anyone can get at it, it doesn’t matter if you’re competitor or friend or law enforcement, you can get access.”

“A point of discussion could be: would it make sense to make different levels of access to information available to different people?” he added.

As an analogy, he pointed to car license plates. If you’re a cop and you see a suspicious vehicle you can trace the owner, but if you’ve just taken a fancy to the driver it’s harder to get their number.

Crocker noted that he’s not presupposing any outcomes of the review.

As well as calling for the review, the board’s latest resolution also calls for existing Whois rules, such as they are, to continue to be strictly adhered to. The resolution:

directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data

This second prong of the approach is no doubt designed in part to remind contracted parties that just because Whois is open for review it doesn’t mean they can start ignoring compliance notices.

However, it’s going to be interesting to see how Whois reform plays into open discussions such as the renegotiation of the Registrar Accreditation Agreement.

The big stumbling blocks in the RAA talks right now relate directly to Whois verification, so registrars might be able to start arguing that agreeing to ICANN’s demands might preempt the review.

But Crocker doesn’t think that should happen.

“An examination of the fundamentals of Whois should not serve as as way of stalling or pulling back on the current system,” he said.

It’s not entirely clear what the next steps are for the Whois review.

There will be a board-mandated GNSO Policy Development Process somewhere down the line, but not until CEO Fadi Chehade has conducted some kind of outreach and information-gathering, it seems.

How long this will take is not known, but I get the impression the board wants to move relatively quickly. The PDP, I would guess, will take a couple of years at least.

Chehade said in his opening address during the Toronto meeting last month that long-standing disagreements over the purpose of Whois should be relatively “easy” to resolve.

Let’s see if he’s correct. I wouldn’t put money on it.

Chehade sets out 12-point plan for next six months

Kevin Murphy, November 5, 2012, Domain Policy

ICANN CEO Fadi Chehade has set out his goals for ICANN over the next six months in an open letter to the community.

The ambitious 12-point to-do list includes finishing off the next Registrar Accreditation Agreement, finalizing the Trademark Clearinghouse, and launching “a community effort” to address the Whois debate.

The document was described by Chehade at the close of the Toronto meeting last month as his “scorecard” for “what I plan to prioritize and do between now and Beijing”.

The next big ICANN meeting is in Beijing next April.

The letter states that “operational excellence”, something the organization was frequently criticized for its lack of under its previous leadership, is ICANN’s “highest priority”.

The new gTLD program is naturally a big part of that. Chehade said that ICANN plans to:

Deliver on every aspect of the new gTLD program launch next year, meeting obligations and securing the necessary resources and personnel to lead the transition from what has been a policy-driven effort to implementation of a responsive and reliable operation. As a first step, we are working to advance the dialogue on implementation of the Trademark Clearing House. We must also execute the prioritization draw, evaluations, and pre-delegation tests flawlessly.

As part of that effort, a new gTLD services department will be created. Part of its task will be to monitor policy work to make sure the policies being created are “implementable”.

Chehade said that the divisive Whois issue, which he controversially referred to as an “easy” problem to solve during remarks in Toronto, will be subject to a new review:

To strengthen our commitment to the public interest, we will launch a community effort addressing the WHOIS debate in a strategic way, to resolve the longstanding open items in this area.

On the RAA, Chehade said that ICANN “will plan to reach consensus on a solid and enforceable Registrar Accreditation Agreement that is fair and balanced.”

The full letter, which also sets out goals for internationalization and the evolution of the multi-stakeholder model, can be downloaded here.

EU plays down “unlawful” Whois data worries

Kevin Murphy, October 17, 2012, Domain Policy

The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.

A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.

The concerns were later echoed by the Council of Europe.

But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.

That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.

Asked about the letter, the EC’s GAC representative said:

Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.

They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.

The session then quickly moved on to other matters, dismaying privacy advocates in the room.

Milton Mueller of the Internet Governance Project tweeted:

By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws

Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.

ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.

It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.

But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.

With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.

Council of Europe has Whois privacy concerns too

Kevin Murphy, October 11, 2012, Domain Policy

The Council of Europe has expressed concern about the privacy ramifications of ICANN’s proposed changes to Whois requirements in the Registrar Accreditation Agreement.

In a letter this week (pdf), the Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to Personal Data (T-PD) said:

The Bureau of the T-PD took note of the position of the Article 29 Data Protection Working Parking in its comments of 26 September 2012 on the data protection impact of the revision of these arrangements concerning accuracy and data retention of the WHOIS data and fully shares the concern raised.

The Bureau of the T-PD is convinced of the importance of ensuring that appropriate consideration be given in the ICANN context to the relevant European and international privacy standards

The letter was sent in response to outreach from ICANN’s Non-Commercial Users Constituency.

The Article 29 letter referenced said that EU registrars risked breaking the law if they implemented ICANN’s proposed data retention requirements.

Earlier today, we reported on ICANN’s response, which proposes an opt-out for registrars based in the EU, but we noted that registrars elsewhere are unlikely to dig a two-tier RAA.