Comment Close
Date
Statement
Name 

Status

Assignee(s) and
RALO(s)

Call for
Comments
Call for
Comments
Close 
Vote
Announcement 
Vote OpenVote
Reminder
Vote CloseDate of SubmissionStaff Contact and EmailStatement Number
n/aExplore the Draft Next Generation gTLD Directory Services ModelAdopted
9Y, 1N, 0A
Holly Raiche (APRALO)27.08.201330:08.2013
20:00 
30.08.201330.08.201305.09.201306.09.2013
12:00
06.09.2013Alice Jansen
alice.jansen@icann.org
AL-ALAC-ST-0913-02-01-EN

Explore the Draft Next Generation gTLD Directory Services Model

24 June 2013

ICANN has embarked on an effort to reinvent today's WHOIS system. Be part of the solution and join the discussion...online and at ICANN's Durban meeting.

Aggregated RDS Model

In our Initial Report [PDF, 1.7 MB], we identify the design features and principles that we think are essential in this new system, and a proposed Model for the next generation data directory services to replace WHOIS.

Help shape this paradigm shift by sharing your reaction to our recommendations [PDF, 1.7 MB] and answering the questions linked below (click on "Share Your Thoughts"). Did we meet our objective? Do the recommendations address your concerns? How can we make them better?

Share Your Thoughts

There are different ways to share your perspective with us:

  • Provide your input through our online questionaire
  • webinar on Monday, 8 July at 15:00-16:30 UTC: we will walk you through our proposal and invite you to share your views and input.
  • consultation in Durban on Monday, 15 July: we will present the outcome of our work and open the floor for any questions or feedback you may have. A recording of the session will be made available shortly after the meeting;
  • Submit comments by email: input-to-ewg@icann.org

All input received by August 12 will be carefully considered as we finalize our recommendations and bring our work to a conclusion. To help focus your attention, we request your feedback on a set of questions, although you are free to comment on any aspect of the Initial Report.

Sincerely,

Members of the Expert Working Group on gTLD Directory Services (EWG)

More Information

Our work stems from the Board's directive to redefine the purpose and provision of gTLD registration data, while balancing data accuracy and access issues with safeguards for protecting data. We considered the important community work done over the last decade by the GNSO, the SSAC, the WHOIS Review Team, the GAC and others. Our Initial Report [PDF, 1.7 MB] reflects our consensus view of the design principles and features needed for a new system. Our proposed Model highlights how these design principles and features could be fulfilled in the ICANN domain ecosystem.

What's Next?

We will consider your input and present a final report containing our recommended design principles, features, and suggested Model to ICANN's CEO and Board when our work is concluded. This output will feed into a Board-initiated GNSO policy development process to serve as a foundation for the GNSO's creation of new consensus policy, and contractual negotiations, as appropriate.

FINAL VERSION TO BE SUBMITTED IF RATIFIED

Please click here to download a copy of the PDF below.

FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC


The ALAC has previously expressed its concerns with compliance with the RAA, in particular, both the wording of the RAA which made accuracy requirements difficult to enforce and the difficulty with the ICANN Compliance department in acting to ensure such accuracy. These concerns were echoed in the Final Whois Policy Review Team Report, which the ALAC supported.

The ALAC, therefore, supported the important changes to the RAA and related documents as accepted by the Board in June of this year that hold out promise for significant changes including:

  • Stronger obligations on registrars for verification
  • Stronger accuracy requirements
  • Stronger language for enforcement
  • At least a skeleton framework for privacy/proxy services

It is against that background that the ALAC is commenting on the proposals by the Expert Working Group for the Aggregated Registration Data Service (ARDS).

Our first issue is that the significant reforms to Whois data - its access, accuracy and enforcability - have been addressed in reforms to the RAA and related documents. Work on development of the ARDS should not be used as any reason to avoid fully implementing those significant reforms.

That said, the ARDS proposal contains many important changes to the issues surrounding registration data which the ALAC supports.  

Specifically, we strongly support the following elements of the ARDS proposal:

  • The allowance of tiered access to registration data.  The public will still have access to some Whois data, but only those with recognised reasons to access specific data will be able to do so - thus addressing some legitimate privacy concerns with all Whois data being publicly available;
  • The provision of a centralised responsibility for data accuracy.

There are still significant issues that will need to be worked through, such as determining who has access to what data, for what reason, and how will the compliance function relating to such service be enforced.

In addition to the above, although this proposal is not intended to look at implementation details, the model must be designed with implementation in mind, including ensuring privacy, reliability, resiliency and addressing jurisdictional issues.

We support continuing discussions on the development of the ARDS proposal, and expect to continue to be involved in those discussion.

--- END OF STATEMENT ---

FIRST DRAFT SUBMITTED

ALAC has previously expressed its concerns with compliance with the RAA, in particular, both the wording of the RAA which made accuracy requirements difficult to enforce and the difficulty with the ICANN Compliance in ensuring such accuracy. The concerns were echoed in the Final Whois Policy Review Team Report, which ALAC supported.

ALAC, therefore, supported the important changes to the RAA and related documents as accepted by the Board in June of this year that hold out promise for significant changes including:

  • Stronger obligations on registrars for verification
  • Stronger accuracy requirements
  • Stronger language  for enforcement
  • At least a skeleton framework for privacy/proxy services

It is against that background that ALAC is responding to the proposals by the Expert Working Group for the Aggregated Registration Data Service (ARDS).

Our first issue is that the significant reforms to Whois data - its access, accuracy and enforcability - have been addressed in reforms to the RAA and related documents. Work on development of the ARDS should not be seen as any reason not to fully implement those significant reforms.

That said, there ARDS proposed many important changes to the issues surrounding registration data which ALAC supports.  Specifically, we strongly support the following elements of the ARDS proposal:

  • It will allow tiered access to registration data.  The public will still have access to some Whois data, but only those with recognised reasons to access specific data will be able to do so - thus addressing some legitimate privacy concerns with all Whois data being publicly available
  • it will provide a centralized responsibility for data accuracy

There are still significant issues that will need to be worked through, such as determining who has access to what data, for what reason, and how will compliance be enforced.  However, we support continuing discussions on the develpoment of the ARDS proposal, and expect to continue to be involved in those discussion.

  • No labels

5 Comments

  1. Anonymous

    ALAC has previously expressed its concerns with compliance with the RAA, in particular, both the wording of the RAA which made accuracy requirements difficult to enforce and the difficulty with the ICANN Compliance in ensuring such accuracy. The concerns were echoed in the Final Whois Policy Review Team Report, which ALAC supported.

    ALAC, therefore, supported the important changes to the RAA and related documents as accepted by the Board in June of this year that hold out promise for significant changes including:

    • Stronger obligations on registrars for verification
    • Stronger accuracy requirements
    • Stronger language  for enforcement
    • At least a skeleton framework for privacy/proxy services

    It is against that background that ALAC is responding to the proposals by the Expert Working Group for the Aggregated Registration Data Service (ARDS).

    Our first issue is that the significant reforms to Whois data - its access, accuracy and enforcability - have been addressed in reforms to the RAA and related documents. Work on development of the ARDS should not be seen as any reason not to fully implement those significant reforms.

    That said, there ARDS proposed many important changes to the issues surrounding registration data which ALAC supports.  Specifically, we strongly support the following elements of the ARDS proposal:

    • It will allow tiered access to registration data.  The public will still have access to some Whois data, but only those with recognised reasons to access specific data will be able to do so - thus addressing some legitimate privacy concerns with all Whois data being publicly available
    • it will provide a centralised responsibility for data accuracy

    There are still significant issues that will need to be worked through, such as determining who has access to what data, for what reason, and how will compliance be enforced.  However, we support continuing discussions on the develpoment of the ARDS proposal, and expect to continue to be involved in those discussion.

    -Submitted by Holly Raiche

  2. The sentence:

    There are still significant issues that will need to be worked through, such as determining who has access to what data, for what reason, and how will compliance be enforced.

    needs further elaboration. Although this proposal is not intended to look at implementation details, the model must be designed with implementation in mind, including ensuring privacy,reliability and resiliency and addressing jurisdictional issues.

  3. Apologies if I use terms a little stronger than my colleagues.

    The ARDS model is seriously problematic, most notably because it 1) has the potential to violate RFC 3912 which states : “WHOIS-based services should only be used for information which is non-sensitive and intended to be accessible to everyone.”; 2) has the potential to violate the Affirmation of Commitments which states: “existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information”; 3) does not truly address the recommendations and findings of the WHOIS Policy Review Team; 4) Does not truly address the concerns or needs expressed by the community; AND 5) The concerns which have made so controversial can be addressed without deploying such a system. The ARDS model is not applicable, inconsistent, and unnecessary. The call to action by the WIRT was to “repair” WHOIS, but here the EWG is attempting to “replace” WHOIS which is completely outside the mission scope.

    ICANN’s real WHOIS problem is not the existing policy, it is that the existing policy has never been given a chance to work. WHOIS compliance in all of its contexts has not been implemented or executed properly. Time and time again ICANN has been presented with data (internal, external, and expert) which show poor implementation of the existing policy or failure of process.

    The very premise of ARDS is also flawed. The offering of tiered access with higher access for law enforcement and security operations should not be seen as some kind of positive development, it is actually a red herring. Law enforcement already has superior access to registrant data, they always did. WHOIS is about ordinary Internet users being able to find out who owns a domain name. The consumer is ultimately being frozen out, now having to go to the Police or some for-pay security service to get information about a domain name. The idea that an abusive domain owner has to have public data can be a deterrent, but once behind the ARDS wall they know that consumer complainants will have to go through additional bureaucratic hoops to get the data. Under ARDS all consumer complaints no matter how mundane will have to go to the security community and police for handling?  

    Not only is this a logical failure, it is also a policy failure. ARDS is attempting to address an issue for which there is no authority; it is imposing restrictions on Internet users who “might” abuse WHOIS in the hypothetical. Whereas, ICANN has ample evidence of abuses occurring at parties under agreement (registrars and registrants) yet has done nearly nothing. So, here ICANN is trying to create restrictions for non-contracted users without addressing the violations of contracted ones. For whatever reason the policy over the industry has failed and now the solution is to make an arbitrary policy over everyone else. As a scalability failure ARDS plans to manage the accounts and access for hundreds of thousands of law enforcement and security professionals as well as the millions of Internet users who will legitimately request the data? If the WHOIS records for the smaller population set of domain registrants is too difficult to manage, managing the millions who will access the WHOIS records will be an impossible task for ICANN.

    What are the major concerns with WHOIS? And how can they be addressed without ARDS?

    1. Registrars have inconsistent WHOIS formats, access, policy, accuracy, etc.

    Most of this can be addressed by moving .COM and .NET to a Thick service. Moving to a thick WHOIS would remove the formatting and access problems. By having to comply with the Registry data standards some accuracy issues would also be mitigated. This would also alleviate registrar issues with abuse of their WHOIS servers and the need for Port 43 at every registrar with different service levels. Registrar-specific concerns about WHOIS requirements include denial of service attacks against their WHOIS servers, domain transfer failures, and problems meeting the Port 43 requirement of the RAA. These issues would be mitigated by using Thick WHOIS.

    2. Spammers and various online predators abuse WHOIS data.

    A very serious issue, but also one which has had a solution never implemented by ICANN. Abusing WHOIS data for marketing or “non-lawful” purposes is already a violation of the existing RAA under 3.3.5. ICANN has received numerous complaints about these abuses over the years which are largely ignored. ICANN should focus resources on tackling the issue and building a process which handles WHOIS data abuse on behalf of registrants and registrars rather than putting all the data behind a wall. The issue can also be addressed by enhancing and clarifying Privacy/Proxy policy and conducing outreach to registrants to make the services more accessible.

    3. WHOIS blatantly falsified

    This is in fat the first and most critical issue in the WIRT which is largely given a back seat by ARDS. ICANN is supposed to fix the accuracy issue FIRST. While ARDS claims the data would be validated, we will have to take their word for it because it will be behind the permissions wall so the proof of accuracy is hidden. While some registrants may falsify WHOIS to avoid abuse and spam, this is not a proper solution to the problem, firstly it legitimizes violations of the registrant agreement and secondly it can be remedied by the proper execution of WHOIS abuse enforcement and use of proxy services as discussed above. The specific cases of WHOIS fraud perpetrated by criminals and spammers in their illicit use of domain names do not deserve the special protections offered by ARDS. Furthermore, ICANN Compliance has failed in its enforcement of WHOIS inaccuracies. WHOIS remains largely false because there are no disincentives for doing so, no repercussions for the registrar who allows it. There has not been a true transparent and accountable review of the way Compliance handles these complaints. Even the WIRT authors state Compliance has not been forthright with their evaluation. So, if ICANN Compliance has not done an effective job of dealing with this issue, should we expect a third-party vendor outside of ICANN to somehow be more accountable? The real answer is fixing ICANN Compliance and actually making it accountable to the user community through audit and review. In terms of verifying the data on submission, ICANN should issue an RFP for developers to create a verification system which registrars can use rather than one they have to manage.

    4. Clarify Privacy and Proxy Standards

    This is already ongoing work. By having a clear standard of use and certification of providers, WHOIS proxy services can provide a true benefit. As mater of course, they have not been used effectively by average registrants and have been heavily abused by illicit domainers.

    So, in closing: Switch to Thick for .COM and .NET; make Compliance actually work; Institute better proxy standards. If those fail to address the issue, then reconsider ARDS.

    1. Thanks for these comments, Garth.

      Unfortunately they came after the end of the At-Large comment period and therefore after finalisation of the text, so there was no possibility of making amendments. And we could delay the filing of the Statement since we have already long passed the deadline period. However, your comment does remain archived here - a space to which the Statement points to, and I hope that Board members and Staff who are interested in the subject will be taking your points into account too. That said, you might also need to submit your comments directly to the EWG for it to be taken into account.

      Thanks,

      Olivier