Data privacy complications halt WHOIS migration
Data privacy challenges stemming from a WHOIS database migration, new EU GDPR-related protocols, and pressure from law enforcement agencies took centre stage at ICANN 60. Here’s our resident legal expert, Luc, with more domain industry news from Abu Dhabi.
Verisign won’t be thick soon
There are two types of WHOIS databases:
- The “thick” type based on a centralised model where a registry holds complete records for every domain name registered in its zone.
- The “thin” type based on a decentralised version where a registry maintains a minimal set of data; each registrar manages the WHOIS database for the domain names registered with them.
As of now, out of 1000+ domain extensions, only .COM, .NET, .NAME, and .JOBS use the latter type. But these, of course, represent the majority of registered domains.
As one can easily fathom, a decentralised model, made up of hundreds of registrars who use their own technical platforms, is prone to inconsistencies, leading to numerous problems like - for example - preventing registrar transfers.
For this reason, a complete migration to the centralised model was scheduled to take place in May 2018. Now it appears this won’t happen due to unforeseen complications.
The registries for the four extensions above have provided the necessary technical facilities for this migration to happen. But they have, regrettably, overlooked the data privacy implications when devising the legal framework for this migration.
Consequently, both the registry and registrars requested that this migration’s implementation date be postponed until November 2018.
At a dedicated session, the .COM registry explained that it was waiting for ICANN to propose new language for this agreement.
Privacy/Proxy accreditation challenges
As we reported last year, ICANN formed a working group tasked with creating a Privacy and Proxy Accreditation Programme. This group finalised its report and a new group was formed, tasked with determining an implementation plan.
At ICANN 60, they met with members of the Public Safety Working Group (i.e. governmental and law enforcement agency representatives) in order to discuss issues regarding the process for disclosing registrants' details in abuse cases.
On the one hand, vocal proponents of data privacy are pushing for a strict implementation route where domain privacy service providers (like EuroDNS) will almost never disclose the details of their customers.
And, on the other hand, law enforcement agencies are requesting swift disclosure - without much regard for jurisdiction or due process – for a more expedient response to cybercrime.
The future of new domain extensions
But privacy-related problems aren't the only challenge the domain industry is attempting to tackle right now.
Several sessions were held by the New gTLD Subsequent Procedures Working Group to detail its progress on reviewing every aspect of the delegation of new extensions.
The goal here is too learn from the previous round of new extensions in order to improve on every possible aspect. And while this initiative is estimable, it delays by years the next round of extensions and, thus, prevent brands and entrepreneurs from gaining access to their own extensions.
As we reported earlier this year, the Subsequent Procedures group is always looking for members of the industry to get involved which could help expedite the process of launching the next round of TLD applications.
And, if nothing else, you can provide ICANN with feedback on the working group's report. Emails can be sent to GlobalSupport@icann.org with “New gTLD Program Reviews” in the subject line.
Internet governance: immoral vs illegal content
Finally, an insightful paper was presented at the Internet Users stakeholder session which demonstrated that two-thirds of registrars include a morality clause in their terms and conditions which allows them to suspend services on extralegal grounds.
Earlier this year, we addressed the question of whether or not domain registrars have the right to determine what content Internet users have access to. Published in response to the suspension of domain name services used by a so-called white supremacist group, we explained why we consider ourselves to be purely a technical intermediary and, as such, strongly espouse the rule of law.
More recently, we once again demonstrated our stance in a recent case concerning the Catalan independence referendum where, in absence of the provision of a Luxembourgish court order, EuroDNS did not suspend services.
For more on this latest case, see this report.