Comment Close
Date
Statement
Name 

Status

Assignee(s)

Call for
Comments Open
Call for
Comments
Close 
Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number
 

Planned Implementation of the New Registration Data Access Protocol (RDAP)

ADOPTED 10Y, 0N, 0A

Main penholders:

Holly Raiche

Carlton Samuels

     

n/a

AL-ALAC-ST-1115-01-00-EN

For reference materials that provide background to this Statement, please click here 

 

FINAL VERSION TO BE SUBMITTED IF RATIFIED

Click here to download the PDF document below.

 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The ALAC is very concerned that the planned implementation of the new Registration Data Access Protocol (RDAP) may not support enhanced privacy protections proposed by the Expert Working Group on gTLD Directory Services (EWG).

At a session in ICANN 54 on the implementation of the RDAP (https://meetings.icann.org/en/dublin54/schedule/wed-rdap-implementation), Francisco Arias, Director of ICANN Technical Services, suggested that when implementing the new RDAP, it would be “voluntary” for contracted parties to include additional features in the protocol that would allow differentiated access to registration data. 

The existing Whois protocol allows every user the same anonymous public access to gTLD registration data – access that is no longer in line with increasingly accepted privacy protection law. The EWG recommendations provide a better balance between the privacy rights of registrants and the legitimate needs to access that information in the way that registration data is collected, stored and accessed. 

Following on from the EWG recommendations, the Internet Engineering Task Force (IETF) developed the RDAP which has features that allow for differentiated access to registration data, depending on the authentication and accreditation of requestors.

The basic features of the RDAP comply with existing Whois policy requirements. However, unless the additional RDAP features that allow differentiated access to registration are adopted as a mandatory part of the RDAP, the protocol would not allow differentiated access to registration data.

While the final Issues Report on next-generation gTLD registration directory services (RDS) to replace WHOIS was approved only in October 2015 and its Policy Development Process is yet to start, this policy work will proceed on the foundation of the EWG recommendations and part of this work concerns with how data should be collected, stored, and disclosed and how these data elements are mapped to RDAP.  

The ALAC is strongly arguing against “voluntary” adoption of the RDAP features that allow differentiated access to registration data. While those features are not now required under existing WHOIS policies, they will most likely be required under new RDS consensus policies as recommended by the EWG.

On these facts, the ALAC strongly argues that the RDAP implementation profile must include the feature set that will support differentiated access. This will ensure that when the future policies, which follow the EWG recommendations, on differentiated access to data are finalized, the protocols will be in place to ensure that these may be readily switched on and implemented.

 


FIRST DRAFT SUBMITTED

The ALAC is concerned that the planned implementation of the new Registration Data Access Protocol (RDAP) may not support enhanced privacy protections proposed by the Expert Working Group (EWG).

At a session in ICANN 54 on the implementation of the RDAP (by Technical services, on 21 October from 12.30-13.45 IST), Director, Technical Services Francisco Arias suggested that, when implementing the new RDAP, it would be ‘voluntary’ for contracted parties to include additional features in the protocol that would allow differentiated access to registration data. 

The existing Whois protocol allows every user the same anonymous public access to gTLD registration data – access that is no longer in line with increasingly accepted global data protection law.  As part of the implementation of EWG recommendations, the IETF developed the RDAP which has features that will allow differentiated access to registration data, depending on the authentication and accreditation of requestors.

While the basic features of RDAP allow compliance with existing Whois policy requirements, unless the additional features are adopted as part of the RDAP protocol, the protocol would not allow differentiated access to registration data, as recommended by the EWG.

Considerable policy work needs to be done to replace the existing WHOIS policy with a new policy for registration directory services (RDA).  Indeed, the final Issues Report on next generation RDS to replace WHOIS was approved only in October 2015. However, the policy directions of the EWG are clear: access to registrant information must provide a better balance between the privacy rights of registrants and the legitimate needs to access that information.

The ALAC is concerned that adoption of the RDAP features that allow differentiated access to registration data will only be ‘voluntary’.  While those features are not now required under existing WHOIS policies, they will be required under new EWG policies.  We therefore insist that the RDAP implementation profile must include differentiated access . This will ensure that when the EWC policies on differentiated access to data are finalized, the protocols will be in place to ensure that the they can be implemented.

 

  • No labels

4 Comments

  1. Just a comments two of which are typographical in nature.....

    "The existing Whois protocol allows every user the same anonymous public access to gTLD registration data – access that is no longer in line with increasingly accepted global data protection laws".


    "This will ensure that when the EWG policies on differentiated access to data are finalized, the protocols will be in place to ensure that the they can be implemented".

     

    I just want clarification based on statement. Does this mean when the RDAP is adopted, all features will not necessarily be implemented and thus the need for ALAC to release this statement? My assumption is if RDAP is adopted, all features that come with it must be implemented. Am I wrong in thinking so?

     

     


  2. The reference to "EWG policies" is also incorrect; it should be "EWG recommendations".  The EWG was never a policy-making entity.

     

    Carlton

    1. Thanks Carlton for that clarification. and on my question on RDAP?

    2. Thank you Carlton I was quick to reply. I have read the second draft and it is much clearer. Thanks