Whois headed for the scrap heap in “paradigm shift”
Whois’ days are numbered.
An “Expert Working Group” assembled by ICANN CEO Fadi Chehade has proposed that the old Whois service we all love to hate be scrapped entirely and replaced with something (possibly) better.
After several months of deliberations the EWG today issued an audacious set of preliminary recommendations that would completely overhaul the current system.
Registrants’ privacy might be better protected under the new model, and parties accessing Whois data would for the first time have obligations to use it responsibly.
There’d also be a greater degree of data validation than we have with today’s Whois, which may appease law enforcement and intellectual property interests.
The new concept may also reduce costs for registries and registrars by eliminating existing Whois service obligations.
The EWG said in its report:
After working through a broad array of use cases, and the myriad of issues they raised, the EWG concluded that today’s WHOIS model—giving every user the same anonymous public access to (too often inaccurate) gTLD registration data—should be abandoned.
Instead, the EWG recommends a paradigm shift whereby gTLD registration data is collected, validated and disclosed for permissible purposes only, with some data elements being accessible only to authenticated requestors that are then held accountable for appropriate use.
The acronym being proposed is ARDS, for Aggregated Registration Data Services.
For the first time, gTLD registrant data would be centralized and maintained by a single authority — likely a company contracted by ICANN — instead of today’s mish-mash of registries and registrars.
The ARDS provider would store frequently cached copies of Whois records provided by registries and registrars, and would be responsible for validating it and handling accuracy complaints.
To do a Whois look-up, you’d need access credentials for the ARDS database. It seems likely that different levels of access would be available depending on the user’s role.
Law enforcement could get no-holds-barred access, for example, while regular internet users might not be able to see home addresses (my example, not the EWG’s).
Credentialing users may go some way to preventing Whois-related spam.
A centralized service would also provide users with a single, more reliable and uniform, source of registrant data.
Registrars and registries would no longer have to provide Whois over port 43 or the web, potentially realizing cost savings as a result, the EWG said.
For those concerned about privacy, the EWG proposes two levels of protection:
- An Enhanced Protected Registration Service for general personal data privacy needs; and
- A Maximum Protected Registration Service that offers Secured Protected Credentials Service for At-Risk, Free-Speech uses.
If I understand the latter category correctly, the level privacy protection could even trump requests for registrant data from law enforcement. This could be critical in cases of, for example, anti-governmental speech in repressive regimes.
The proposed model would not necessarily kill off existing privacy/proxy services, but such services would come under a greater degree of ICANN regulation than they are today.
It appears that there’s a lot to like about the EWG’s concepts, regardless of your role.
It is very complex, however. The devil, as always, will be in the details. ARDS is going to need a lot of careful consideration to get right.
But it’s a thought-provoking breakthrough in the age-old Whois debate, all the more remarkable for being thrown together, apparently through a consensus of group members, in such a short space of time.
The EWG’s very existence is somewhat controversial; some say it’s an example of Chehade trying to circumvent standard procedures. But it so far carries no official weight in the ICANN policy-making process.
Its initial report is currently open for public comment either via email direct to the group or planned webinars. After it is finalized it will be submitted to the ICANN board of directors.
The board would then thrown the recommendations at the Generic Names Supporting Organization for a formal Policy Development Process, which would create a consensus policy applicable to all registries and registrars.
With all that in mind, it’s likely to be a few years before (and if) the new model becomes a reality.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
Expect the registries to kick and scream. Every domain and every registrant in every tld stored in one single central database. What could possibly go wrong?
Spec 4 of the new base gTLD agreement already specifies the format of whois data in nauseating detail which has to be coded for to pass PDT. It requires pretty much every bit of information the registry would possible have already so ARDS is NOT going to provide anything extra.
I fail to see how having all data for every domain on the new gtld in one database somehow protects the privacy of registrants. It just adds another point for privacy leaks to occur. In a post PRISM world does anyone really expect a low level ICANN staffer to risk jail to protect the privacy of a registrant? If the registrars are already uploading less than accurate data why would this system suddenly make them change?
I do see immense political power for whoever gets to run ARDS though.
I propose that we call it The Aggregated Registration Data Implementation Service, so we can get a cooler acronym out of it: TARDIS.
+1
Please tell me how this makes domain owner data more public. It sounds like a play to ensure more secrecty over domain ownership data, giving the insider players: Verisign, Godaddy, enom, enormous ability to abuse their powers unseen and out of the public eye.
I prefer my whosis data public. What points did you read that would ensure my data stays public?
🙂 nice, so in few years we will have an ICANN whistleblower.
Funny how US mentality still believes that the world will allow them to collect all data! Those times are over!!
Will whois privacy still be available?
@Scott Pinzon “TARDIS” LMAO I guess that would be the who for “whois” right? 😉
I was thinking more on the lines of Ed’s statement about “a post PRISM world” in light of the recent whistleblowing events, maybe;
Darpa’s Ethernet Access To Hierarchical Strategic Topological Aggregation Research
or “DEATH STAR” for short! :)~
How about ‘SHARD?’ Shared Hierarchical Aggregated Registration Data Services.
I asked the “how much” question for ards.com and I received the “50,000 USD” answer.
For many men, women who talk a lot are a deterrent. She is as
dedicated to human rights as she is to her work, sharing her experiences as
well as those she comes in contact with. It was the color that suits for any
terms of events.
This information is worth everyone’s attention.
Where can I find out more?