AT-LARGE GATEWAY

At-Large Website

ALAC

RALOs

At-Large Regional Policy Engagement Program (ARPEP)

At-Large Governance

At-Large Reports

Policy Comments & Advice

Working Groups

ICANN Meetings

At-Large Summit (ATLAS III)

At-Large Review Implementation Plan Development

ALAC and RALO Elections, Selections, and Appointments

At-Large Priority Activities - 2021

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open		Call for
Comments
Close 		Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number

18 November 2018

Registration Directory Service (RDS-WHOIS2) Review Team Draft Report of Recommendations

COMMENT

Holly Raiche

Bastiaan Goslings

01 November 2018

09 November 2018

Negar Farzinnia
negar.farzinnia@icann.org

Hide the information below, please click here 

Brief Overview

Purpose:

In its Draft Report [PDF, 2.94 MB], the Registration Directory Service Review Team assesses the extent to which prior Directory Service Review recommendations have been implemented and implementation has resulted in the intended effect. The review team also assesses the effectiveness of the then current gTLD registry directory service and whether its implementation meets the legitimate needs of law enforcement, promotes consumer trust and safeguards registrant data. Informed by ICANN organization briefings and available documentation, the review team has formulated draft recommendations based on a factual analysis.

Current Status:

This public comment proceeding aims at gathering community input on the RDS-WHOIS2 Review Team's proposed draft findings and recommendations.

To provide consistency and to facilitate review team's analysis of comments, ICANN organization invites commenters to use the suggested template [PDF, 380 KB] to submit their public comment.

Next Steps:

Following the review of public comments received on this report, ICANN organization will prepare a public comment summary report. The RDS-WHOIS2-RT will carefully consider comments received to shape its final report and recommendations to the ICANN Board for consideration.

Section I: Description and Explanation

The Registration Directory Service Review is one of the four Specific Reviews anchored in Article 4.6 of the ICANN Bylaws. These specific reviews are conducted by community-led review teams which assess ICANN's performance in reaching its commitments. Reviews are critical to helping ICANN achieve its mission as detailed in Article 1 of the Bylaws.

According to the Bylaws (Section 4.6(e)), ICANN shall use commercially reasonable efforts to enforce its policies relating to registration directory services and shall work with Supporting Organizations and Advisory Committees to explore structural changes to improve accuracy and access to generic top-level domain registration data, as well as consider safeguards for protecting such data.

Convened in June 2017, the RDS-WHOIS2-RT is now seeking input on its Draft Report [PDF, 2.94 MB], which assesses:

  1. the extent to which prior Directory Service Review recommendations have been implemented and the extent to which implementation of such recommendations has resulted in the intended effect.
  2. the effectiveness of the then current gTLD registry directory service and whether its implementation meets the legitimate needs of law enforcement, promotes consumer trust and safeguards registrant data.

Community input is being sought on 23 draft recommendations.

All comments will be reviewed and summarized in the report of public comments, which will be included as a supplement to the Final Report.

To provide consistency and to facilitate the discussion, ICANN organization invites commenters to use the suggested template [PDF, 380 KB] to submit their public comment. Commenters are requested to clearly indicate the relevant sections of the Draft Report, or numbered recommendations, with their comments.

The RDS-WHOIS2 Review Team will host a webinar on 17 September 2017 at 15:00 UTC and 21:00 UTC to present its Draft Report. Participants will have the opportunity to provide feedback and ask questions directly to the Review Team. Please use the following link to join either webinar: https://participate.icann.org/mssi-projects.

Section II: Background

Convened in June 2017, the RDS-WHOIS2 Review is being conducted under the section 4.6 of the ICANN Bylaws. This review effort is anchored in the portfolio of Specific Reviews, which address the following range of topics in addition to Registration Directory Services (RDS): Accountability and Transparency (ATRT), Competition, Consumer Trust and Consumer Choice (CCT), and SecurityStability and Resiliency of the DNS (SSR).

The RDS-WHOIS2 Review began with a call for qualified volunteers to serve on the review team. Choosing from a pool of candidates seeking nominations, ICANN's Supporting Organizationsand Advisory Committees (SO/ACs) nominated a list of candidates to inform SO/AC Chairs' discussions and decision as they assembled composition of the review team. Eleven review team members were appointed to conduct this review, including a Board member who serves on the review team. The Country Code Names Supporting Organization (ccNSO) opted to not participate in the review after consideration of the scope.

Prior to this review, community proposals were made to both limit the scope of this RDS-WHOIS2 Review to the assessment of the first WHOIS1 review team's recommendations, and also to include a range of other issues over and above those mandated in the Bylaws.

Formally, the scope of a Review is the responsibility of the review team. After much discussion the RDS-WHOIS2 Review Team decided that it would review all of the Bylaw mandated areas, except the OECD Guidelines, as they were under consideration by the Next-Generation gTLDRDS PDP and were judged to be less relevant, particularly in relation to the GDPR. In addition, the RDS-WHOIS2 Review Team included in its scope a review of new policy adopted by ICANNsince the WHOIS1 Review Team published its report, and decided to perform a substantive review of Contractual Compliance with the intent of (a) assessing the effectiveness and transparency of ICANN enforcement of existing policy relating to RDS (WHOIS) through ICANNContractual Compliance actions, structure and processes, including consistency of enforcement actions and availability of related data, (b) identifying high-priority procedural or data gaps (if any), and (c) recommending specific measurable steps (if any) the team believes are important to fill gaps.

The RDS-WHOIS2 Review Team explicitly did not focus on ICANN's actions in response to the relatively new European Union GDPR. Those actions are ongoing, and the outcomes are not sufficiently firm as to allow them to be reviewed here. However, the Review Team recognized the GDPR issue is of significant importance and that it would probably impact several policies related to registrant data. To the extent GDPR and its effects on the RDS (WHOIS) could be factored in, the RDS-WHOIS2 Review Team did so.

To conduct this review, subgroups consisting of a rapporteur and 2-4 team members were formed to research facts associated with each objective, summarized below:

  • Objective 1 - WHOIS1 Rec #1: Strategic Priority
  • Objective 1 – WHOIS1 Rec #2: Single WHOIS Policy
  • Objective 1 – WHOIS1 Rec #3: Outreach
  • Objective 1 – WHOIS1 Rec #4: Compliance
  • Objective 1 – WHOIS1 Rec #5-9: Data Accuracy
  • Objective 1 – WHOIS1 Rec #10: Privacy/Proxy Services
  • Objective 1 – WHOIS1 Rec #11: Common Interface
  • Objective 1 – WHOIS1 Rec #12-14: Internationalized Registration Data
  • Objective 1 – WHOIS1 Rec #15-16: Plan & Annual Reports
  • Objective 2 – Anything New
  • Objective 3 - Law Enforcement Needs
  • Objective 4 - Consumer Trust
  • Objective 5 – Safeguarding Registrant Data
  • Objective 6 – Contractual Compliance Actions, Structure, & Processes
  • Objective 7 – ICANN Bylaws

Informed by ICANN organization briefings and available documentation, these subgroups analyzed facts to identify possible issues and then formulated recommendations (if any) to address those issues.

To ensure full transparency, the review team operated in an open fashion where all review team calls and meetings were public, open to observers, with publicly-accessible recordings and transcripts.

Section III: Relevant Resources

Registration Directory Service (RDS-WHOIS2) Review Team Draft Report [PDF, 2.94 MB]

Executive Summary [PDF, 285 KB]

  • AR
  • ES
  • FR
  • RU
  • ZH

Section IV: Additional Information

Registration Directory Service (RDS-WHOIS2) Review Team Wiki Space

Registration Directory Service (RDS) Review Information Page

WHOIS Review Team (WHOIS1) Final Report [PDF, 1.44 MB]

Section V: Reports


FINAL VERSION SUBMITTED (IF RATIFIED)

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.

11 November 2018

Introduction

It has been six years since the original WHOIS Final Report Report Recommendations were made which means that many of them have already been implemented (as acknolwedged by the working group) or overtaken by implemenation of the following (as acknowledged in this Report). 

  • Development and adoption by ICANN of RDAP, replacing the WHOIS protocol
  • Changes to the RAA in 2013, including new requirements on Whois Accuracy
  • Compliance area adoption of enhanced monitoring of accuracy requirements anad tools
  • Most significantly, ICANN's urgent steps through the work of the EPDP and Unified Access Model to address issues on the collection, access and use of personal information by the RAA/Registry agreements as raised by the GDPR.

The recommendation on outreach is also premature until EPDP and Access Model requirements are settled.

Generally, the ALAC should continue to support the need for accuracy of the personal data collected, and that the accuracy of data continue to be a priority of Compliance.

As this Report notes, while ICANN believes all of the 16 recommendations in the WHOIS Final Report have been fully implemented, this working Group finds that only 8 of the Report's recommendations have been fully implemented - as noted below.

The Report sets out the Working Group's Objectives.  Apart from its primary task of review of the recommendations of the 2012 WHOIS Final Report (Objective One) other objective include Anything New (Objective 2), Law Enforcement Needs (Objective 3),  Consumer Trust (Objective 4) Safeguarding Registrant Data (Objective 5), and  ICANN Contractual Compliance Action, Structure and Processes (Objective 6)

Objective One: Suggested Responses to the original recommendations (and whether they have been implemented) are proposed as follows:

  • Strategic Priority (Rec 1) (Partially Implemented)

The Report makes three recommendations for the Board to establish a Board subcommittee and monitor legislative and policy developments on RDS from a legislative and policy perspective

Suggested ALAC Response: Revise and defer the recommendation. The Board is already engaged in the development of new policies to address the GDPR. Once there is established policy on the collection, use and access to personal daa under a revised RAA/Registry agreements, clearly there should be Board oversight of relevant legislative and policy developments that further impact on RDA.

  • Single Whois Policy (Rec 2) (Fully Implemented)

There has been a single portal with links to elements of Whois. The Recommendation is for revision and updating to documentation

Suggested ALAC response: Accept ( only when ICANN policies on registrant data are finalised)

  • Outreach(Rec 3) (Implemented but not to communities outside ICANN)

Recommendation to identify and target groups outside of ICANN for information on RDA

Suggested response: Accept in principle, but only when ICANN policies on registrant data finalised

  • Compliance (Rec 4) (Significant Improvement, partially implemented)

Recommendation for Board to proactively monitor and enforce RDS data accuracy requirements – detailed in recommendations

Suggested ALAC response: Support recommendation

  • Data Accuracy (Rec 5 – 9) (Rec 5 Fully implemented, Recs 6-7 partially implemented, Rec 9 not implemented)

Recommendations for methodology to determine underlying causes and action to be taken to address accuracy

Suggested ALAC response: strongly support recommendations

  • Privacy/Proxy Services (Rec 10) (PDP completed recommendation assessment of effectiveness)

Recommendation for monitoring of effectiveness of the PPSAI

Suggested ALAC response: support recommendation

  • Common Interface (Rec 11) (Fully implemented)

Recommendation for common interface on all publicly available RDS output with suggestions on metrics for tracking and evaluation of effectiveness

Suggested ALAC response: delay implementation until finalisation of EPDP and Unified Access Model

  • Internatonalized Domain Names (Rec 12 – 14) (Fully implemented)

No recommndation - review of effectiveness to be deferred until the program is fully implemented

Suggested ALAC Response: Agree on recommendation to delay

  • Plan and Annual Reports (Rec 15 – 16) (Partially implemented)

Recommendation for regular gathering of data to allow assessment of effectiveness of RDS

Suggested ALAC Response: Accept recommendation

Objecive Two: Anything New

(no new recommendations at this time)

Objective Three: Law Enforcement Needs

Recommendations for regular surveys/studies to assess the effectiveness of RDS policies on meeting the needs of law enforcement agencies and other users working with law enforcement agencies

Ssugggested ALAC Response: Srongly support

Objective Four:  Consumer Trust

no recommendations at this time

Objective Five Safeguarding Registrant Data

Recommendation calling for a review to ensure all ICANN contracts with contracted parties include strong uniform requirements for the protection of registrant data

Suggested ALAC Response: Support recommendation

Objective Six: ICANN Contractual Compliance Action, Structure and Processes

recommendations to address issues of the inaccuracy of data and the use of special tools to detect inaccuracies of data

Suggested ALAC Response:  Support recommendations

ICANN Bylaws

Recommendation to amend  the Bylaw 4(6)(e) on 'safeguarding registrant data' and replace with a more generic requirement for RDS review teams to assess RDS policies and practices

Suggested ALAC Response: Support recommendation


DRAFT SUBMITTED FOR DISCUSSION

The first draft submitted will be placed here before the call for comments begins. The Draft should be preceded by the name of the person submitting the draft and the date/time. If, during the discussion, the draft is revised, the older version(S) should be left in place and the new version along with a header line identifying the drafter and date/time should be placed above the older version(s), separated by a Horizontal Rule (available + Insert More Content control).

Holly Raiche - First Draft for Comment

Notes for Response to WHOIS Review2 Draft Report

(Note: I have still not developed a response to the additional recommendations made by this draft report, although some of them should also be deferred until there is clarity on a new RDS policy on the collection, retention and access of data).

Introduction

It has been six years since the Report and Recommendations were made – thus making the recommendations either no longer necessary or meaning recommendations should be updated, including the following (some of which have been acknowledged in the draft report

  • Development and adoption by ICANN of RDAP, replacing the WHOIS protocol
  • Changes to the RAA in 2013, including new requirements on Whois Accuracy
  • Compliance area adoption of enhanced monitoring of accuracy requirements
  • Most significantly, ICANN push through the EPDP and Unified Access Model to address GDPR

In particular, the urgent focus on the development of revised policies to address compliance impacts on the 2012 recommendations in two specific areas including

  • Focus on the ICANN GNSO and Board on the development of revised policies mean

recommendations for a stronger Board focus on WHOIS policy are inappropriate at this time, given the Board’s new focus on the GDPR and development of new RDS policies

  • Given the uncertainty on what personal data will be collected, retained and access and who will have access on that data in what circumstances, it is premature to strengthen WHOIS requirements on data collection and access before the EPDP and Uniform Access Model are adopted and there is clarity on what data is collected, what data is publicly available and in what circumstances. As well, the recommendation on outreach is also premature until there is finality on the EpDP and Access Model requirements

Nevertheless, the ALAC should continue to support the need for accuracy of the personal data collected, and that the accuracy of data continue to be a priority of Compliance.

Suggested Responses to the 12 Original recommendations(and whether they have been implemented) are proposed as follows:

  • Strategic Priority (Rec 1) Partially Implemented

The Report makes 3 recommendations for the Board to establish a Board subcommittee and monitor legislative and policy developments on RDS from a legislative and policy perspective

Suggested Response: Defer the recommendation (or delete) The Board is already engaged in the development of new policy to address the GDPR

  • Single Whois Policy (Rec 2) (Fully Implemented)

There has been a single portal with links to elements of Whois. The Recommendation is for revision and updating to documentation

Suggested response: Accept in principle, but only when ICANN policies on registrant data is finalised

  • Outreach(Rec 3) (Done but not to communities outside ICANN)

Recommendation to identify and target groups outside of ICANN for information on RDA

Suggested response: Accept in principle, but only when ICANN policies on registrant data finalised

  • Compliance (Rec 4) (Significant Improvement, partially implemented)

Recommendation for Board to proactively monitor and enforce RDS data accuracy requirements – detailed in recommendations

Suggested response: Support recommendation

  • Data Accuracy (Rec 5 – 9) (Partially or fully implemented – but not necessarily clear  of improvement in contactability)

Recommendation for methodology to determine underlying cause and action to be taken

Suggested response: support recommendation

  • Privacy/Proxy Services (Rec 10) (PDP completed recommendation assessment of effectiveness)

Recommendation for monitoring of effectiveness of the PPSAI – which becomes operational on 31Dec 2019

Suggested response: support recommendation

  • Common Interface (Rec 11) (Fully implemented)

Recommendation for common interface on all publicly available RDS output with suggestions on metrics

Suggested response: delay implementation until finalisation of EPDP and Unified Access Model

  • IDNs (Rec 12 – 14) (Fully implemented)
  • Recommendation  - to defer implementation, and review occur after RDAP is implemented

Suggested Response: Agree on recommendation to delay

  • Plan and Annual Reports (Rec 15 – 16) (Partially implemented)
  • Recommendation for regular gathering of data to allow assessment of effectiveness of RDS

Suggested Response: Accept recommendation

  • No labels