Next generation Whois: a mega-directory of domain registrant data

An expert working group convened by the Internet Corporation for Assigned Names and Numbers (ICANN) has presented the concept of a new system of 'registration directory services' (rds). The plan is to store personal information of domain name registrants centrally. The rds shall help to fight crime and improve privacy at the same time, working group members said during the ICANN 50 meeting 22-26 June in London. But privacy advocates, registrars and non-commercial domain name holders are alarmed by the very concept of a mega database of millions of domain name owners. The privacy expert in the expert working group, Stephanie Perrin, former Director of Research and Policy in the Office of the Canadian Privacy Commissioner, filed a dissenting opinion about the report, warning against privacy pitfalls. Perrin called the Whois overhaul a "new instantiation of power”.

How much information of a domain name registrant should be retained and how much of it be published has been fought over for many years. Law enforcement supported by governments, but also intellectual property lawyers and the marketing industry had called for better accuracy in the so called Whois data base. Some registries like the Spanish ccTLD, the .eu-TLD or .de only publish a minimal set of data to protect individuals. In the US privacy proxy services that allow users to hide their personal data are very much in use.

Clean Slate for storing and accessing domain registrants' data

“Too much garbage in the system” had been the major complaint about the current Whois system, said Fabrizio Vayra, Assistant General Counsel at Time Warner when presenting to the expert working group. “So the question was, is there an alternative to today's Whois and our group decided that the answer was a resounding 'yes',” Vayra underlined. The rds is supposed to be an alternative to “anonymous access to what is usually unaccurate data”. The working group had been convened by ICANN's CEO and President Fadi Chehadé in February 2013, a move that resulted in some critic about the top-down decision and selection of the group.

Key ideas in the proposal: validation and gating

Now 15 months later the group made 180 recommendations in a 166-page long report. Validation of the information associated with a domain name registration and the gating of it are two core changes the group is proposing. What is stored behind the gates – the registrant's name, actual addresses, phone numbers of the registrant, technical and administrative contact – this is in most cases the registrar, plus the new abuse and legal contacts, shall only be accessed for “permissible purposes” by requesters specifically accredited for these. Each registrant record would also include his jurisdiction and allow to bind permissible purposes to the relevant national legislation.

The working group members hope that both privacy protections and the gating will be an incentive for domain registrants to put in valid data. Up until now, they are sometimes suspected of putting in “Mickey Mouse” data to avoid to have their personal data in an open database.

The minimum data set to be in the open according to the expert working group’s report are

a. Domain name

b. DNS servers

c. Registrant type

d. Registrant contact ID

e. Registrant email address

f. Tech contact ID

g. Admin contact ID

h. Legal contact ID

i. Abuse contact ID

j. Privacy/Proxy provider contact ID (if used)

k. Business contact ID (only for legal persons)

Much criticism, centralisation being a show-stopper

According to the above the list of publicly available personal data of the rds, it would be shorter than what many registries record today. Still, the new system opens a can of worms, privacy advocates and some registry and registrar lawyers think.

Centralisation of a database certainly was a show-stopper, said Spanish lawyer and .cat representative Amadeu Abril i Abril. Researcher and ICANN Ethos-award winner Avri Doria warned, that unifying data, whether in one place or on a distributed server system was a threat. “It makes for an easy target no matter how hard a shell you build around it,” Doria said.

What is more, the rds system relies on a new class of service providers – the validators who generate and store the necessary IDs for registrants for a fee. The result would be the creation of yet another set of databases. Perrin's concern, she told the Internet Policy Review, was that these validators had to be included in the privacy protection covering the rds ecosystem. Otherwise, she is afraid, the validators could become the “new goldmine”.

Perrin felt obliged to write her much debated dissenting opinion because of what she saw as a highly problematic version of the consent principle. “There is uncertainty as to whether the consent is informed,” she explained to us, “whether it is free or required as a term of service, and whether it must be for all purposes.” Data protection regimes would differ on how the consent was interpreted, and jurisdictions without respective laws would provide no protection for individuals, unless policy would require it, according to her. Broad, blanket consent, Perrin writes in her blog on the issue, “could effectively nullify some of our other protections, and the language we have used does not provide enough guidance to those seeking to implement these recommendations, in my view.”

Significant controversy aroused over the fact that the expert working group had chosen to not publish Perrin’s dissenting opinion alongside the report. It would be published later, the group’s Chair Jean-François Baril, CEO of Connecting Partners, said, arguing the opinion came in two minutes before a deadline the group had agreed upon and, it needed factual corrections. Perrin, who disagrees, instead replied on her blog that from a privacy perspective, there are even more problems with the EWG report.

Policing unwanted access to data

A long list of additional concerns were raised in a series of meetings at the 50th ICANN meeting in London. What would happen, asked a representative of the Canadian ccTLD Cira, in case of a data breach of the rds? Who would take responsibility? The registry that provided the data or the rds provider – whoever that would be?

What about accreditation of parties that would be allowed to fetch data behind the gate – including trade mark lawyers, data mining businesses and law enforcement? How can it be avoided that law enforcement from one country grab data from political dissidents behind the gate of another jurisdiction? Perrin acknowledged that policing the police, as an example, would be very difficult. “If you cannot police, why build an expensive system,” she said. “That is nonsense.”

Next steps

Expert working group members, respectively ICANN Board Chair Steve Crocker and Chief Executive Officer Chehadé, have reiterated that the group’s recommendations while going through the ICANN Board this week, will only serve as a kick-starter for the work on a next generation Whois. “All we made was a set of recommendations, the fight is in the policy development process, group-member Chris Disspain, CEO of Auda, said. The governments that gathered at the ICANN 50 meeting came to the conclusion that it would make sense to put the Whois discussion higher on the agenda of their upcoming meetings.

For ICANN 51 in Los Angeles (12-16 October 2014), special sessions shall be dedicated to the issue, the US GAC representative proposed. Hopefully there will be more data protection officials on the spot than there usually are in these discussions.