Should YOU have to pay when lawyers access your private Whois info?
The question of who should shoulder the costs of ICANN’s proposed Whois overhaul is being raised, with governments and others suggesting that the burden should fall on registrants themselves.
In separate statements to ICANN recently, the Governmental Advisory Committee and Security and Stability Advisory Committee both put forward the view that registrants, rather than the trademark lawyers behind most requests for private Whois data, should fund the system.
ICANN currently expects the so-called System for Standardized Access/Disclosure (SSAD), proposed after two years of talks in an ICANN community working group, to cost $9 million to build and another $9 million a year to operate.
The working group, known as the EPDP, has recommended in its final report that registrants “MUST NOT bear the costs for having data disclosed to third parties”.
Instead, it recommended that requestors themselves should pay for the system, probably via an annual accreditation fee.
But now the GAC and SSAC have issued minority statements calling that conclusion into question.
The GAC told ICANN (pdf):
While the GAC recognizes the appeal of not charging registrants when others wish to access their data, the GAC also notes that registrants assume the costs of domain registration services as a whole when they register a domain name.
While the SSAC said (pdf):
Data requestors should not primarily bear the costs of maintaining the system. Requestors should certainly pay the cost of getting accredited and maintaining their access to the system. But the current language of [EPDP Recommendation] 14.2 makes victims and defenders cover the costs of the system’s operation, which is unfair and is potentially dangerous for Internet security…
No previous PDP has protected registrants from having the costs associated with “core” registration services or the implementation of consensus policies being passed on to them. No previous PDP has tried to manipulate the functioning of market forces as is proposed in Recommendation 14.
SSAC suggested instead that registrars should be allowed to pass on the costs of SSAD to their customers, and/or that ICANN should subsidize the system.
Over 210 million gTLD domain names, $9 million a year would work out to less than five cents per domain, but one could argue there’s a principle at stake here.
Should registrants have to pay for the likes of Facebook (probably the biggest requestor of private Whois data) to access their private contact information?
The current proposed system would see the estimated $9 million spread out over a far smaller number of requestors, making the fee something like $450 per year.
EPDP member Milton Mueller did the math and concluded that any company willing to pay its lawyers hundreds of thousands of dollars to fight for greater Whois access in ICANN could certainly swallow a measly few hundred bucks a year.
But the minority objections from the GAC, SSAC and Intellectual Property Constituency do not focus wholly on the costs. They’re also bothered that SSAD doesn’t go nearly far enough to actually provide access to Whois data.
Under the current, temporary, post-GDPR system, registries and registrars basically use their own employees’ discretion when deciding whether to approve a Whois data request.
That wouldn’t change significantly under SSAD, but there would be a huge, multi-tiered system of accreditation and request-forwarding that’s been described as “glorified, overly complex and very expensive ticketing system”.
The GAC wants something much more automated, or for the policy to naturally allow increased automation over time. It also wants increased centralization, taking away much of the human decision-making at registrars out of the equation.
The response from the industry has basically been that if GDPR makes them legally liable for their customers’ data, then it’s the registries and registrars that should make the disclosure decisions.
The GAC has a great deal of power over ICANN, so there’s likely to be a bit of a fight about the EPDP’s outcomes and the future of SSAD.
The recommendations are due to be voted on by the GNSO Council at its meeting tomorrow, and as I’ve noted before, it could be tight.
Council chair Keith Drazek seems to be anticipating some lively debate, and he’s already warned fellow members that’s he’s not minded to approve any request for a delay on the vote, noting that the final report has been available for review for several weeks.
By convention, the Council will defer a vote on the request of any of its constituency groups, but this is sometimes exploited.
Should the Council approve the resolution approving the final report — which contains a request for further financial review of SSAD — then it will be forwarded to the ICANN board of directors for final discussion and approval.
But with the GAC on its case, with its special advisory powers, getting SSAD past the board could prove tricky.
If GAC, SSAC, IPC and BC prefer not having SSAD, I don’t think anybody will oppose.
But making registrants subsidise IP owners is putting everyone’s money on the pockets of big companies shareholders.