Home / Blogs

ICANN IPC & BC to Host Cross-Community Call on Accreditation/Access Model for Non-Public WHOIS Data

Brian Winterfeldt

The ICANN Intellectual Property Constituency (IPC) and Business Constituency (BC) will be hosting a community-wide discussion regarding the proposed accreditation and access model for non-public WHOIS data, which was first circulated to the community during ICANN 61. The discussion will take place via ICANN-supported remote participation and/or audio bridge this Friday, April 6, 2018, from 1400-1600 UTC. Please find the formal invitation regarding this event below with the pertinent participation details.

In addition to this initial community-wide discussion, stakeholders can provide written comments on the accreditation model proposal to 3amcomments@gmail.com, with a copy to internet@winterfeldt.law.

INVITATION: DISCUSS THE ACCREDITATION AND ACCESS MODEL FOR NON-PUBLIC WHOIS DATA
Friday 6 April, 1400 – 1600 UTC

On Friday 6 April at 1400 UTC, the Business and Intellectual Property Constituencies are hosting a two-hour call to seek further input on the Accreditation and Access Model for Non-Public WHOIS Data. The goal of the call is to seek additional comment and stakeholder participation in evolving the model for accreditation and access to non-public WHOIS data, which is to be implemented in parallel with the Proposed Interim Model for GDPR Compliance and other efforts to comply with the General Data Protection Regulation (GDPR). To join this call, please send an email to admin-accred-model@icann.org.

Community participation is key, so feel free to distribute this invitation. Please come prepared to discuss the Accreditation and Access Model and comments, and help the community meet the above-stated goal. Also, please note that the call will be recorded, transcribed, and publicly posted and archived.

The discussion of a potential accreditation model began during ICANN 61 in San Juan and will surely continue after this week, so there will be ongoing opportunities to provide feedback regarding the accreditation model.

This effort is not a GNSO-chartered policy project and is separate from the work of the GNSO's Policy Development Process Working Group on a Next-Generation Registration Directory Service to Replace WHOIS.

By Brian Winterfeldt, Founder and Principal at Winterfeldt IP Group
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Too early Volker Greimann  –  Apr 03, 2018 7:14 AM PDT

While I understand that you have a vested interest in starting this important work as soon as possible, this is an in-opportune time to do so. While IPC and BC policy people may have significant free cycles available to explore such models, contracted parties are still in the tick of working on their implementations, contracts and other reviews that will likely take up until May 25 and even beyond to complete.

Our first priority has to be compliance with applicable laws without breaking existing processes, or finding working alternatives. As each party is initially on their own due to the delays in the ICANN model, there will be a multitude of models on the marketplace and interoperability will suffer initially until everyone coalesces on a common model and ICANN receives meaninful input from the DPAs allowing us to move forward. Even with the common ICANN model agreed by all, implementing it will take time.

Figuring out how to build a general access model can only be undertaken once the dust settles and we see what the new landscape actually looks like. Ojnly then will we know what is possible, what isn't and all parties would equally be able to contribute with meaningful input.

Starting this now will just mean the exclusion of contracted parties at the important, all-defining first stages of this work.

Let's all take a small step back and wait a little while so this work can start with the input of all parties. The world will not end in the meantime, since everyone who has a legal right to access this data will in some form or shape still be able to do so.

I am always suspicious when someone acknowledges Charles Christopher  –  Apr 03, 2018 9:36 AM PDT

I am always suspicious when someone acknowledges the actions of someone else is right, very reasonable for their position, is beneficial, has the resources, and yet encourages them to stop doing it.

Everything only gets harder to change once GDPR is in place. But I am sure you knew that. Now is the ideal time to act.

The convenience of ICANN, registrars and registries is NOT the concern here, the convenience of registrants in the concern.

Back to the never ending lack of concern for registrants .... The "stakeholder" who actually is responsible for the success of the internet, but never seems to have a seat provided at the "round table". Why is that?

Concern for registrants Volker Greimann  –  Apr 03, 2018 9:44 AM PDT

Concern for registrants and the safety of their private information is paramount. In fact, our registrants will always know what data would have been put in the whois, even if it is no longer public. I also consider the ability to opt in to publication as one of the first things that will have to be implemented, however there are certain liability concerns that will have to be addressed first.

This is about the development of a system for third parties (not the registrants) to access this data however and should therefore be well thought out with input from all sides of the community, registrants and outsiders as well. Doing this when we do not even know the exact landscape and at a time when parts of the community lacks resources to contribute is problematic.

Ultimately we need to answer these questions together:
1) Who is entitled to access to what data elements under which circumstances?
2) How do we prevent illegitimate access or abuse of access levels?
3) How would a system to ensure the above have to look like.

Let us work on that together.

>This is about the development of a Charles Christopher  –  Apr 03, 2018 9:49 AM PDT

>This is about the development of a system for third parties (not the
>registrants) to access this data however and should therefore be well
>thought out with input from all sides of the community, registrants and
>outsiders as well.

We have that now. The purpose for reinventing the wheel is?

>I also consider the ability to opt in to publication

We have that now through proxy whois (opt out). The purpose for reinventing the wheel is?

We don't have that now. Volker Greimann  –  Apr 03, 2018 10:04 AM PDT

Whois is not what I am describing as it is public. The system I describe would only permit access to those with legitimate interests that significantly outweigh the data subjects rights or those with legal rights to access this data.

Registrants could also be part of this group, proper safeguards assumed.

And offering an opt-out solution is not a valid implementation to the GDPR. The data subject must agree to the publication, freely and without precondition (or one of the other justifications under the GDPR have to apply).

>The system I describe would only permit Charles Christopher  –  Apr 03, 2018 12:48 PM PDT

>The system I describe would only permit
>access to those with legitimate interests

An individual whose domain is stolen has legitimate interest in the data, yet great difficulty proving their legitimate interest. Thus their rights in fact are not being preserved.

Right now they must prove NOTHING. Just enter a domain name into Google and its scraping of various whois services presents whois and a "whowas" audit trail they need to prove their previous domain ownership. Assuming they chose not to use Proxy Whois. If they use Proxy whois, that is their choice, they have the right not to use whois as a tool of ownership. Now they will have no choice to publicly display
ownership. In effect the law is unintentionally (I believe) removing that right.

Its the current societal illusion that we must trade off security and privacy. That is a false choice. I can have my privacy by using proxy whois should I choose, or I may maximize my domain security by not using proxy whois. As an intermediary I can use a lawyer to register my domain and have my privacy and my domain security, yes at an additional cost. We are now being denied choice, someone else thinks they need to make my choices for me.

>Ultimately we need to answer these questions Charles Christopher  –  Apr 03, 2018 10:26 AM PDT

>Ultimately we need to answer these questions together:

False choice.

Some ignorant bureaucrats make a mistake and we are expected to just roll over and accept it and not represent the interest of those being harmed?

As to the issue of industry inaction in "solving this problem", I find that disingenuous:

http://www.washingtonpost.com/wp-dyn/articles/A7251-2005Mar4.html

"Center for Democracy and Technology, a Washington-based advocacy group. "Proxy registrations have been viewed as a sensible market-based solution to allow people to keep their privacy, but still gives law enforcement what they need."

https://discussion.dreamhost.com/t/how-do-i-make-whois-data-private/28188/5
https://www.aussiecom.com.au/small-business-solutions/domain-privacy.html
https://www.theregister.co.uk/2002/09/17/go_daddy_offers_anonymous_domain/

"The idea is to offer people who wish to publish anonymously online a means to do so without having their home address, email address and telephone number available publicly. The service would be useful equally to people concerned about spam as those that have personal reasons for not connecting their real life with their web site."

There is 16 years of the industry coming together to address registrant desire for privacy. During that time I have heard many complaints of it working too well as domain thieves used it to hide their deeds. I have NEVER heard of it being ineffective for the purposes it was intended, which is precisely what GDPR seeks.

Why must all that work be tossed out and redone? Why must I agree to toss that system out the window? Why must we reinvent the wheel? Because some ignorant bureaucrat's pretty piece of paper with pretty writing on it says so? Or something THINKS that is what is says .... Sorry, not a compelling argument.

To sharpen my last point:I am unconcerned Charles Christopher  –  Apr 03, 2018 9:45 AM PDT

To sharpen my last point:

I am unconcerned with brand/IP holders who obviously have the resources to fight their cases. Brand/IP holders represent a very tiny percentage of domain registrations. In fact GDPR is specifically stated to be for individuals not corporations. That said I am concerned anytime anybody's costs are needlessly increased, including Brand/IP holders.

I am specifically speaking to the 99.999% of other registrants as not have a seat at the round table. Damage their relationship with domain names and the internet will also be damaged as their participation declines. We need them, and their relationships, more than they need us.

No seat? Volker Greimann  –  Apr 03, 2018 10:00 AM PDT

I think you need to get more engaged with all the people at ICANN claiming to represent you, the domain name registrants. ALAC, NCSC and the others.

And if you are willing to invest the time, you can also get involved in policy making on an individual capacity. The doors at ICANN are open to those willing to invest their time.

The siren call of bureaucracy. When you Charles Christopher  –  Apr 03, 2018 10:57 AM PDT

The siren call of bureaucracy.

When you participate in such organizations you are required to adhere to their terms, freedom is not part of the relationship. This is why I no longer participate in bureaucracies. It's that "box" that is the problem. I have seen it destroy the passions of many brilliant people, and there was a huge loss in every case.

More vocal people need to be outside the box to tap the shoulder of those in the box when necessary. Every pearl started with irritation ... Microsoft, and others, are well known for walking away from bureaucracies, and their "standards", to move industries forward.

This most powerful word:

No

Domain theft is going to get worse. I have my own registrar containing my domains, none of this even applies to me as I long ago saw where this was going.

http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/#12122

I am not trying to protect myself, I am protected. I'm trying to help others that I know will be negatively affected. After 20 years of watching domain theft occur, and helping others recover domains.

The industry has addressed the issue of registrant privacy for the past 16 years. Facebook, an entirely different service with builtin conflicts of interest, did not address these issues. Now the bad apple is being allowed to ruin the good apples. The domain industry has not ignored this issue for the past 16 years: Privacy Whois.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

DNS Security

Sponsored byAfilias

New TLDs

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign