The Future of Whois Access is on the Table Today – Domain Name Wire
ICANN and the GNSO Council will meet to discuss the future of SSAD.
Today, the ICANN Board and the Generic Names Supporting Organization (GNSO) Council will meet to discuss ICANN’s first-ever operational design review for the proposed system. standard access/disclosure (SSAD). SSAD could become the post-GDPR successor to Whois access. The meeting is scheduled for 9:00 p.m. UTC, and people can register to attend on Zoom.
As anyone who has checked a Whois record recently knows, the GDPR has significantly limited the availability of domain registration data. While the GDPR protects citizens within the EU, its reach is effectively global, with most registrars now blocking personal information in Whois.
In response to the GDPR, ICANN published a temporary specification in 2018 for registrars so that they can continue to collect Whois information but also comply with new privacy regulations by blocking access to Whois information. -this.
Most registrars have used proxy and privacy services to protect registration data. Some registrars simply block the data and note that it is blocked due to GDPR. A 2021 study (pdf) from Interisle, sponsored by Microsoft, Facebook and consumer protection organizations like the Anti-Phishing Working Group, noted that:
Currently, only 13.5% of domains have a real owner identified in WHOIS. Registrars and registry operators used ICANN’s post-GDPR policy to redact contact data from 57.3% of all domains. Adding proxy-protected domains means that 86.5% of registrants cannot be identified via WHOIS.
For domain buyers, this means difficulties in undertaking due diligence. For journalists in the field, this means difficulties in doing research.
When ICANN adopted the Temporary Specification in 2018, it asked the GNSO to initiate an expedited policy development process to propose a registration data access system. (While he undertook his work, some registrars created their own system.) The result was a series of recommendations for the creation of SSAD, a centralized clearinghouse for data requests that directs them to registrars for resolution. The process creates an audit trail that, in theory, would allow ICANN’s Contractual Compliance Department to investigate and respond to complaints about unresponsive registrars.
However, as ICANN Board Chair Maarten Botterman noted in a letter (pdf) to GNSO leadership this week, “there is no guarantee that users of the SSAD will receive the registration data they request through this system”. Indeed, the SSAD, as proposed, does not require registrars to provide anything other than proxy data or extremely limited information if the registrant uses a privacy service.
Oh, and the new system comes at a steep price. ICANN estimates that it would cost between $20 million and $27 million to build and between $14 million and $106 million per year to operate, depending on usage levels. Obviously, there is little agreement on how many requests the system would receive. It reminds me of the Trademark Clearinghouse for new top-level domains. Actual usage was much lower than expected.
So today’s meeting between the GNSO Board and Council will be an important moment for the future of Whois data access. If SSAD goes to the next phase, don’t get too excited. ICANN estimates that it will take 5-6 years to build and implement.