Whenever an individual or organization registers a domain name on Internet (e.g. yahoo.com) via a Domain Name Registrar (e.g. GoDaddy), he/she has to provide certain details like Registrant Name, Contact Details (Postal Address, Email, Phone number) etc. This collection of metadata about a domain name is called “Domain Name Registration Data” or popularly WHOIS. However, in reality WHOIS is an overloaded term interchangeably used for a Protocol, Service and Data, all with the same name. The information in WHOIS database is very important to Law Enforcement Agencies, Intellectual Property Owners, and all Internet Users in general, who use this data to locate/contact domain name owners for various purposes including but not limited to enforcing laws or addressing grievances related to cybercrime and other cases of DNS abuse like Spam, Phishing, Malware etc. However, Privacy and Proxy Services are also available for many Top Level Domain Registries, which enable some domain name Registrants requiring anonymity or privacy to hide their name and/or contact details altogether in the WHOIS database. It is worth mentioning that ICANN is the domain name (and WHOIS) overseer for all generic Top Level Domains (gTLDs) like .com, .net, .pharmacy, .bank etc. ICANN develops and implements policies related to gTLDs and WHOIS, and enforces contractual compliance agreements with contracted parties (gTLD Registries and Registrars).

Similar to Internet DNS, WHOIS is not a single, centrally managed database. Rather, domain name registration data is held in disparate locations and administered by multiple Registries and Registrars. Further, a similar WHOIS service (maintained by Regional and National Internet Registries) exists for Numbering Resources (IPV4/V6 addresses, ASN numbers) on Internet. For the sake of simplicity and clarity, we will only talk about domain name WHOIS in this article.

Thin v/s Thick WHOIS

All gTLD Domain Name Registries satisfy their WHOIS obligations using different delivery services depending upon their contract terms (Registry Agreement) with ICANN. The two common models are often characterized as “thin” and “thick” WHOIS registries.

A thin registry only includes technical data sufficient to identify the sponsoring registrar, status of the registration, and creation and expiration dates for each registration in its WHOIS data store. Rest of WHOIS data lies with the respective Domain Name Registrars. .COM and .NET are examples of legacy thin registries.

Thick registries maintain the registrant’s contact information and designated administrative and technical contact information, in addition to the sponsoring registrar and registration status information supplied by a thin registry. .INFO and .BIZ are examples of legacy thick registries. In addition, all new gTLDs (.bank, .pharmacy etc.) follow a Thick model.

Next Generation gTLD Registration Directory Services (RDS)

WHOIS has been one of ICANN’s long-term strategic priorities right from the start. As per original Affirmation of Commitments (AoC) agreement between ICANN and United States Department of Commerce, ICANN is committed to enforcing its existing policy relating to WHOIS, which requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete (domain name) WHOIS information. In addition, the AoC obligates ICANN to organize every 3 years a community review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and whether its implementation meets the legitimate needs of law enforcement and promotes consumer trust.

WHOIS alone has 14+ parallel tracks currently under various stages of discussions at ICANN e.g. Next Generation gTLDs RDS Policy Development, Privacy/Proxy Services Accreditation Policy Development, Procedure for handling WHOIS conflicts with privacy laws, Thick WHOIS Policy Development, Whois Accuracy Program Specification etc. Both contracted parties (new gTLD Registries and accredited Registrars) have substantial commitments w.r.t. WHOIS in their respective contracts (Registry Agreement and Registrar Accreditation Agreement) with ICANN. Understandably, the proposed WHOIS successor i.e. Next Generation gTLDs RDS is also a subject of great interest and detailed discussions within the ICANN community. There are plethora of issues to be considered for next generation WHOIS like users, purpose, accuracy, privacy, access, anonymity, IPR protection etc.

As per ICANN and Internet community in general, the legacy WHOIS system is broken and needs to be repaired, both from a technology and policy perspective. Hence, there was a need felt for comprehensive ‘Whois’ policy reforms w.r.t. 2 parameters—technology and policy. The technology part of next generation WHOIS has already been completed by IETF WEIRDS Working Group, which produced 6 RFCs (7480-85).

The policy part of next generation WHOIS, known as Next generation gTLD Registration Directory Services (NG RDS) is currently being deliberated under the aegis of ICANN’s Generic Names Supporting Organization (GNSO) as a Policy Development Process (PDP), and will take a few more years to complete. A short timeline for policy aspect of WHOIS/nextgen RDS is mentioned below:

1. May 11th 2012:
“First WHOIS policy review team” (to be convened every 3 years as per AoC) delivered its final report to ICANN board. The report had 16 recommendations. The most basic recommendation for ICANN was to make WHOIS its long-term strategic priority.

2. September 14th 2012:
The ICANN Security and Stability Advisory Committee (SSAC) released SAC 055 paper (WHOIS: Blind Men And An Elephant). This whitepaper was a comment to the ICANN Board concerning the final report of the first WHOIS Policy Review Team.

The SSAC report (SAC 055 paper):

1. Stated that “The foundational problem facing all ‘WHOIS’ discussions is understanding the purpose of domain name registration data”, and that “there is a critical need for a policy defining the purpose of collecting and maintaining registration data”.
2. Suggested “the formation of a “properly authorized committee” to drive solutions to these questions first, and to then derive a universal policy from the answers.

3. November 8th 2012:
A detailed “Action Plan” was prepared and adopted by ICANN board:

1. To implement “first Whois policy review team” recommendations
2. To consider advice and recommendations given by SSAC in SAC 055 paper.
3. To implement some improvements to the current WHOIS system as specified in the “Action Plan”

4. Dec 2012:
Consistent with advice from SAC 055 paper, ICANN board formed an Expert Working Group (EWG) (“properly authorized committee”) whose job was to focus on the purpose and provision of gTLD directory services.

It was envisaged that the EWG final report (recommendations / principles) when produced, would serve as the foundation of an ICANN Board-initiated GNSO policy development process (PDP) on Next generation gTLD Registration Directory Services (NG RDS).

In future, such a gTLD policy once developed and implemented would be contractually binding on ICANN accredited gTLD registrars and gTLD registries.

The EWG final report was also expected to address key questions set forth by the SSAC in SAC 055 paper.

5. June 24th 2013:
EWG prepared its initial report and submitted it to ICANN board.

6. September 9th, 2013
ICANN SSAC commented on EWG initial report in its report SAC061: SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services

7. June 6th 2014:
EWG prepared its final report and submitted it to ICANN board. The final report had 180 recommendations to feed into PDP process.

8. Upon publication of the EWG’s Final Report, a “framework” was proposed by an informal group of GNSO Councillors and ICANN Board members in order to provide guidance to GNSO policy development process (PDP) on Next generation Registration Directory Services (NG RDS) to proceed in a structured manner.

This framework would facilitate a very structured approach for the examination of the proposed model and complex nature of recommendations in EWG final report. The framework was deemed necessary since this PDP is on a very large scale and involves parallel work on a lot of complex and inter-related WHOIS issues having public policy implications like purpose, accuracy, availability, privacy, anonymity, cost, policing, access, intellectual property protection, security etc.

In a nutshell, the proposed framework proposed a process which leads to new gTLD policies defining the purpose of gTLD registration data and improving accuracy, privacy, and access to that data.

The 3 phases proposed in framework to structure the Nextgen RDS PDP for success are:

1. Phase 1: Requirements development/identification phase (this is where we are now as of June 2017. See #16).
   
   Phase 1 seeks to reach a consensus on 2 questions using the EWG final report as a starting point:
   1. What are the fundamental requirements for gTLD registration (WHOIS) data?
   2. Is a new RDS needed to address these requirements?
2. Phase 2: Policy development phase for policy requirements identified in phase 1
3. Phase 3: Implementation and coexistence. This phase will focusing on implementation of the policies developed in phase 2, and will provide guidance during an expected transition period during which the legacy WHOIS system and the next generation registration directory services (RDS) may coexist and both operational at the same time.

It is to be noted that Phases 2 and 3 will depend on the outcome of phase 1.

The ICANN Board believes that following the proposed framework will ensure that the PDP will properly address the many significant issues and interdependencies that require consideration in order to support the creation of the next generation registration directory services (RDS).

9. April 26th, 2015:

1. The proposed “framework” was formally adopted by the ICANN board to structure the PDP.
2. The Board reaffirmed its 2012 request for a Board-initiated GNSO policy development process (PDP) to:
   1. Redefine the purpose of collecting, maintaining and providing access to new gTLD registration data, and
   2. Consider safeguards for protecting data, using the recommendations in the EWG Final Report

This PDP would result in a new gTLD policy for Next generation (new gTLD) Registration Directory Services (NG RDS).

10. July 13th, 2015:
In order to prepare for the PDP, a “Preliminary Issues Report” was published for public comment on 13th July 2015. This report aimed at approved “framework” to be adjusted as appropriate prior to delivery of the “Final Issues Report” to the GNSO.

11. September 10th 2015:
ICANN Governmental Advisory Committee (GAC) submitted its comments to Public Comment Process on the “Preliminary Issues Report” on Next Generation gTLD Registration Directory Services to Replace WHOIS.

12. October 7th, 2015:
“Final issues report” was published after incorporating public comments. The final issues report would pave the way for a GNSO policy development process. The final issues report also proposed a draft Charter for the PDP WG on a Next-Generation gTLD Registration Directory Service (RDS).

13. November 19th 2015:
The GNSO Council approved the Draft Charter proposed in the Final Issues Report, enabling the formation of a GNSO working group of community volunteers to progress this PDP. ICANN board subsequently directed ICANN staff to issue a call for volunteers for the PDP WG.

14. January 4th 2016:
Call for Volunteers was issued by GNSO on ICANN website for a new GNSO Policy Development Process (PDP) Working Group to Establish a Policy Framework for a Next-Generation gTLD Registration Directory Service to Replace WHOIS (Next-Gen RDS). There were 2 options to participate in the PDP Working Group—Individual member or Mailing list observer.

15. January 2016:
The WG on Next generation new gTLD Registration Directory Services (NG RDS) was convened, and started its work and hold weekly teleconferences.

16. June 2017:
As of June 2017, there are 192 working group members and 171 observers.

What is the Next-Generation RDS to replace WHOIS PDP WG currently working on?
The WG on Next generation Registration Directory Services (NG RDS) is currently working on 1st phase (requirements identification phase) of the adopted framework as mentioned in #8a.

During the first phase of its work, the Working Group has been tasked with providing the GNSO Council with recommendations on the following two questions:

1. What are the fundamental requirements for gTLD registration data and
2. Is a new policy framework and next-generation RDS needed to address these requirements?