Whois disclosure system coming this year?
ICANN has approved the creation of a Whois Disclosure System, almost six years after Europe’s GDPR rules tore up the rule book on Whois access.
The system is likely to face a name change before going live, due to the fact that it does not guarantee, nor process, the disclosure of private Whois data.
The board of directors passed a resolution February 27, a month later than expected, “to develop and launch the WHOIS Disclosure System (System) as requested by the GNSO Council within 11 months from the date of this resolution.”
That’s two months longer than earlier anticipated, but we’re still looking potentially at a live system that people can sign up for and use a year from now.
The system is expected to be based on the Centralized Zone Data Service that many of us have been using to request and download gTLD zone files for the last decade. While not perfect, CZDS gets the job done and has improved over the years.
The technology will be adapted to create what essentially amounts to a ticketing system, allowing the likes of IP lawyers to request unredacted Whois records. The requests would then be forwarded to the relevant registrar.
It’s an incredibly trimmed-down version of what Whois users had been asking for. Participation is voluntary on both sides of the transaction, and registrars are under no new obligations to approve requests.
If nobody uses the system, it could be turned off. ICANN Org has only been directed to run it for “for up to two years”. ICANN will collect and publish usage data to figure out whether it’s worth the quite substantial number of hours and dollars that have already gone into its development.
The actual cost of development and operation had been pegged at $3.3 million, but the board’s resolution states that most of the cost will be existing staff and excess costs will come from the Supplemental Fund for Implementation of Community Recommendations (SFICR).
ICANN expects to approve Whois Disclosure System next month
ICANN could be offering a centralized system for requesting private domain registration data as early as a year from now, a mere five and a half years after GDPR ruined the global Whois system for many.
The Org recently alluded to its “board’s anticipated January 2023 vote to move forward in implementing the new system to streamline the intake and routing of requests for access to nonpublic gTLD registration data” in a blog post.
It has previously stated that it will take nine months to develop and roll out the system, along with a three-month “ramp-up period”, but that preparatory work may have already started.
The system will be based on CZDS, the service that currently allows people to request zone file data from registries, and cost $3.3 million to develop and run for its anticipated two-year trial period.
Don’t expect it to be called the Whois Disclosure System though. Community feedback has been pretty clear that “disclosure” is an inappropriate word because the system merely manages requests and does not actually disclose anything.
It’s also going to be voluntary for both requesters and registrars/registries for now.
The system was previously known as SSAD Lite, a cut-down version of the community-recommended System for Standardized Access and Disclosure, which ICANN estimated would have cost infinity dollars and take a century to implement.
Whois Disclosure System to cost up to $3.3 million, run for one year
ICANN has published its game plan for rolling out a Whois Disclosure System ahead of next week’s ICANN 75 public meeting in Kuala Lumpur.
The Org reckons the system will take nine months to build and will cost up to $3.3 million to develop and run for two years, although it might wind up getting shut down after just one year.
The Whois Disclosure System, previously known as SSAD Light, is a mechanism whereby anyone with an ICANN account — probably mainly IP lawyers in practice — can request unredacted private Whois data from registrars.
The system is to be built using retooled software from the current Centralized Zone Data Service, which acts as a hub for researchers who want to request zone files from gTLD registry operators.
ICANN’s design paper (pdf), which contains many mock-ups of the likely user interface, describes the new system like this:
Just as in CZDS, a requestor navigates to the WHOIS Disclosure System web page, logs into their ICANN Account, and is presented with a user experience much like the current CZDS. In this experience, requestors can see pending and past requests as well as metadata (timestamps, status, etc.) associated with those requests. For a requestor’s pending requests, they can see all the information related to that request.
Requests filed with the system will be routed to the relevant registrar via the Naming Services Portal, whereupon the registrar can choose how to deal with it. The system doesn’t change the fact that registrars have this discretion.
But the system will be voluntary for not only the requesters — who can still contact the registrar directly if they wish — but also the registrars. One can imagine smaller and frequently abused registrars won’t want the hassle.
The cost of this system will be $2.7 million in staffing costs, with $90,000 in external licensing costs and another $500,000 in contingency costs. Because ICANN has not budgeted for this, it will come from the Supplemental Fund for Implementation of Community Recommendations, which I believe currently has about $20 million in it.
This is far and away cheaper than the full-fat SSAD originally proposed by the GNSO, which ICANN in January estimated could cost up to $27 million to build over five years.
While cheaper, there are still substantial questions remaining about whether it will be popularly used, and whether it will be useful in getting private Whois data into the hands of the people who say they need it.
ICANN is saying that the Whois Disclosure System will run for one year “at which point the data sets collected will be analyzed and presented for further discussion between the GNSO Council and Board”.
The design paper will be discussed at multiple ICANN 75 sessions, starting this weekend.
Whois Disclosure System likely over a year away
ICANN lifted the curtain a little on its fetal Whois Disclosure System this week, but the news is not good if you’re champing at the bit for a usable system for requesting private Whois data from registrars.
The system, formerly referred to as SSAD Lite, will take “seven to nine months” to develop after ICANN staff gets the green light from its board, staffers told a small GNSO volunteer working group on a Wednesday conference call.
That timetable assumes the staffers working on it are 100% devoted to developing the system, rather than sharing their time between competing projects, they quickly clarified.
This raises the specter of months-long delays to the other big, already-delayed, ICANN work-in-progress — the next new gTLD application round.
The responsible staffers plan to publish a design document for the Whois Disclosure System around ICANN 75 next month, but whether the board will give its immediate approval is not clear.
We’re probably looking at at least a year before there’s a system in place that IP lawyers, security researchers and the like can log into, request data, and be disappointed.
And that’s despite the fact that the system will be built using existing technology — namely the CZDS or Centralized Zone Data Service, which has be in use for many years allowing people to request zone files from gTLD registries.
During this week’s webinar, staffers described how, like CZDS, there will be two user interfaces: one for the data requester, one for the data holder. The system will simply act as an intermediary between the two.
It will use ICANN’s existing accounts system, so there will be no user vetting beyond email address verification. There’ll be no integration with registrars’ existing ticketing systems, and any communications between registrar and requester will have to take place via email.
There’ll also be no billing function, because the system will be free to use by all parties and completely voluntary. While registrars are contractually bound to respond to Whois data requests, there’s no such obligation to use the Whois Disclosure System to do so.
Staffers admitted on the call that they’re a bit stumped about how to encourage registrars to sign up when the system goes live.
New gTLD prep work delayed until December
ICANN has confirmed that the current phase of preparation for the next round of new gTLDs will last six weeks longer than previously expected.
The new deadline for the delivery of the Operational Design Assessment for the project is December 12, almost certainly pushing out board consideration of the document out into 2023.
The extension follows the GNSO’s approval of a new Whois Disclosure System, which will suck Org resources from the new gTLDs ODP as work on both continues in parallel.
ICANN chair Maarten Botterman confirmed the delay yesterday, and the precise length was disclosed by staff in a blog post today. It says in part:
While we’re sharing our best estimate of the impact that the WHOIS Disclosure System design paper work could have on the SubPro ODA in the interest of transparency, rest assured that we are simultaneously moving forward on the ODA and actively seeking ways to streamline and minimize the impact as much as possible.
The updated timetable has been published here.
New gTLDs WILL be delayed by Whois work
The next round of new gTLD applications will be delayed by ICANN’s work on Whois reform, ICANN chair Maarten Botterman confirmed today.
In a letter to his GNSO Council counterpart Philippe Fouquart, Botterman states that the new gTLDs Operational Design Phase, which was due to wrap up in October, will have to proceed with an “extended timeline”.
This is because the GNSO has pushed the concept of a Whois Disclosure System, previously known as SSAD Light and meant to provide the foundations of a system for access private Whois data, and ICANN needs time to design it.
Botterman wrote (pdf):
there is an overlap in org resources with the relevant expertise needed to complete these efforts. As a result, work on the [Whois] design paper will impact existing projects. While SubPro [new gTLDs] ODP work will not stop during this period, we anticipate that an extended timeline will be required to account for the temporary unavailability of resources allocated to the design paper work.
Botterman did not put a length of time to these delays, but previous ICANN estimates have talked about six weeks. GNSO members had worried that this estimate might be a low-ball that could be extended.
ICANN had given the GNSO the option to choose to delay Whois work to complete the SubPro ODP, but it could not come to an agreement on which project was more important, and seemed to resent even being asked.
Community tells ICANN to walk and chew gum at the same time
Whois or new gTLDs? Whois or new gTLDs? Whois or new gTLDs?
It’s the question ICANN has been pestering the community with since early May. ICANN can’t work on developing the proposed Whois Disclosure System (formerly known as SSAD) without delaying work on the next round of new gTLDs, Org said, so the community was given a Sophie’s Choice of which of its babies to sacrifice on the altar of failed resource planning.
And now it has its answer: why the heck can’t you do both, and why the heck are you asking us anyway?
GNSO Council chair Philippe Fouquart has written to Maarten Botterman, his counterpart on the ICANN board of directors, to request that Org figure out how to do both Whois and new gTLDs at the same time, and to existing deadlines:
While Council members might differ on which project should take precedence, there is unanimous agreement that the Subsequent Procedures ODP and SSAD development are among the most important tasks before ICANN. Therefore, we urge that every effort should be undertaken by ICANN Org to complete the work in parallel and to meet currently published milestones.
Fouquart goes on (pdf) to puzzle as to why ICANN decided to “inappropriately include the broad community in the minutiae of ICANN operations planning”.
ICANN had told the GNSO that if it wanted the Whois work to kick off, it would add “at least” six weeks of delay to the new gTLDs Operational Design Phase, which is scheduled to wrap up in October.
Naturally enough, folks such as IP lawyers were very keen that ICANN start to do something — anything — to roll back the damage caused by GDPR, while domain-selling companies are anxious that they get more inventory for their virtual shelves.
The public record has always been a bit sketchy on where the resource bottleneck actually is, in an organization with half a billion bucks in the bank, a $140 million operating budget, and around 400 staff.
Maintaining Whois and the expansion of the root zone are, after all, two of the main things ICANN was founded to do, being unable to do both at once could be seen as embarrassing.
But now it has its answer, as unhelpful as it is.
And it only took two months.
Recent Comments