Whois Disclosure System likely over a year away
ICANN lifted the curtain a little on its fetal Whois Disclosure System this week, but the news is not good if you’re champing at the bit for a usable system for requesting private Whois data from registrars.
The system, formerly referred to as SSAD Lite, will take “seven to nine months” to develop after ICANN staff gets the green light from its board, staffers told a small GNSO volunteer working group on a Wednesday conference call.
That timetable assumes the staffers working on it are 100% devoted to developing the system, rather than sharing their time between competing projects, they quickly clarified.
This raises the specter of months-long delays to the other big, already-delayed, ICANN work-in-progress — the next new gTLD application round.
The responsible staffers plan to publish a design document for the Whois Disclosure System around ICANN 75 next month, but whether the board will give its immediate approval is not clear.
We’re probably looking at at least a year before there’s a system in place that IP lawyers, security researchers and the like can log into, request data, and be disappointed.
And that’s despite the fact that the system will be built using existing technology — namely the CZDS or Centralized Zone Data Service, which has be in use for many years allowing people to request zone files from gTLD registries.
During this week’s webinar, staffers described how, like CZDS, there will be two user interfaces: one for the data requester, one for the data holder. The system will simply act as an intermediary between the two.
It will use ICANN’s existing accounts system, so there will be no user vetting beyond email address verification. There’ll be no integration with registrars’ existing ticketing systems, and any communications between registrar and requester will have to take place via email.
There’ll also be no billing function, because the system will be free to use by all parties and completely voluntary. While registrars are contractually bound to respond to Whois data requests, there’s no such obligation to use the Whois Disclosure System to do so.
Staffers admitted on the call that they’re a bit stumped about how to encourage registrars to sign up when the system goes live.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
They might as well just create an email list with abuse email adresses of registrars at this point. And post them on the website.
They kinda already do… The WHOIS has fields for this.
“Registrar Abuse Contact Email: abuse@xxxx
Registrar Abuse Contact Phone: +44.xxxx”
If all it’s doing is emailing, then it’s pointless – I could create a tool in a couple of hours which just sends an email to the abuse contact from WHOIS… Sigh.
What I believe people want from an ICANN-operated ticketing system is non-repudiation. I understand where this is coming from, even though it will likely doesn’t move the abuse needle a 1/1000th of an inch.
The problem is, I don’t see how they’ll get that with any of the proposals I’ve seen so far?
All of them it comes down to the registrar at the end of the day, and there isn’t even a requirement that all reports must go through the system.
Just seems to be causing more of a headache and likely eating up millions in registrant and registrar ICANN fees to create a useless system.