Uncategorized The future of Whois access is on the table today – Domain Name Wire
Domain Name Wire | Domain Name News
Domain Name Industry News
by — Policy & Law
ICANN and GNSO Council will meet to discuss the future of SSAD.Today, the ICANN board and the Generic Names Supporting Organization (GNSO) Council will meet to discuss ICANN’s first-ever Operational Design Assessment for the proposed System of Standardized Access/Disclosure (SSAD). The SSAD could end up being the post-GDPR successor to Whois access. The meeting is scheduled for 21:00 UTC, and people can register to attend on Zoom.
As anyone who has checked a Whois record lately knows, GDPR has substantially limited the availability of domain registration data. While GDPR protects citizens within the EU, its reach is effectively global, with most registrars now blocking personal information in Whois.
In response to GDPR, ICANN issued a Temporary Specification in 2018 for registrars so they could continue to collect Whois info but also be compliant under the new privacy regulation by blocking access to it.
Most registrars have used proxy and privacy services to shield registration data. Some registrars simply block the data and note that it’s blocked because of GDPR. A 2021 study (pdf) by Interisle, sponsored by Microsoft, Facebook, and consumer protection organizations like the Anti-Phishing Working Group, noted that:
At present, only 13.5% of domains have an actual registrant identified in WHOIS. Registrars and registry operators have used ICANN’s post-GDPR policy to redact contact data from 57.3% of all domains. Adding proxy-protected domains, this means that 86.5% of registrants cannot be identified via WHOIS.
For domain buyers, this means difficulty undertaking due diligence. For domain journalists, it means difficulty doing research.
When ICANN adopted the Temporary Specification in 2018, it asked the GNSO to launch an expedited policy development process to come up with a system for registration data access. (While it undertook its work, some registrars created their own system.) The result was a series of recommendations for creating SSAD, a centralized clearinghouse for data requests that refers them to registrars for resolution. The process creates an audit trail that, in theory, would allow ICANN’s Contractual Compliance department to review and respond to complaints concerning non-responsive registrars.
However, as ICANN board chair Maarten Botterman noted in a letter (pdf) to GNSO leadership this week, “There is no guarantee that SSAD users would receive the registration data they request via this system.” That’s because the SSAD, as proposed, does not compel registrars to provide anything more than proxy data or extremely limited information if the registrant is using a privacy service.
Oh, and the new system comes with a hefty price tag. ICANN estimates it would cost $20-$27 million to build and anywhere from $14-$106 million a year to run, depending on usage levels. Clearly, there’s little agreement about how many requests the system would receive. It reminds me of the Trademark Clearinghouse for new top level domains. Actual usage was far below what was anticipated.
So today’s meeting between the board and the GNSO Council will be an important moment for the future of Whois data access. If SSAD moves to the next phase, don’t get too excited. ICANN estimates it will take 5-6 years to build and implement it.
Before the GDPR redaction of registrant info, I used to get flooded with robo-calls and robo-emails.
This nuisance has seized.
A motivated seller will have a lander or public listing of some sort.
GoDaddy and Network solutions offer a very motivated buyer, at a fee, the option to reach out to the registrant.
I’m perfectly fine with the GDPR, but for those who want registrant information publicized; an opt out option should be made available to them.
Some argue that the SSAD is one of the stages of grieving (bargaining?) the loss of free-flowing whois data being available.
One of the most notable comments made was an observation by the board that the SSAD in no way would somehow route around the laws like GDPR and their effect on RDAP (the artist formerly known as whois) registant data redaction.
“I’m perfectly fine with the GDPR, but for those who want registrant information publicized; an opt out option should be made available to them.”
I will opt out in a second…
Registrars are supposed to give you a way to opt in, and many do already.
This site uses Akismet to reduce spam. Learn how your comment data is processed.