Privacy issues with the Expert Working Group on gTLD Directory Services

The EWG report is out… Now the hard work begins!

The Expert Working Group on Directory Services for the gTLD has released its report, 15 long months in the making.  It has been a tremendous amount of work, many compromises have been made, and the consensus report gives great guidance for moving forward in implementing a new replacement for the WHOIS.  With some 180 recommendations, the EWG Report tries to address all facets of the problems that have beset WHOIS…accuracy, reliability, accountability and privacy being four important issues.  I hope this blog can address some of the lively debates we have had, and how we resolved different tensions in our approach to the recommendations and solutions.

Of course, if recalibrating the WHOIS directory were easy, it would have been done years ago.  

Privacy has been a long-standing issue in the WHOIS debates.  This is my area of expertise, since I have served over 30 years in privacy and data protection arenas, in both government and the private sector.  The EWG made a number of recommendations with respect to privacy in the report, notably:

  • The fundamental shift from the wide open WHOIS, to the concept that data requestors would be accredited and accountable for the data they access
  • The recommendation to develop a privacy policy that provides a floor of data protection throughout the RDS ecosystem.
  • The recommendation to develop a system of secure credentials which preserve the anonymity of persons at risk who wish to register a domain name but not be traceable by those seeking to locate and harm them.
  • The proposal for a rules engine, which would automatically apply jurisdiction and relevant data protection rules.

Briefly, the Registration Directory Service (RDS) would operate by centralizing data collected by Registrars and currently made accessible through WHOIS, into an aggregated or synchronized repository – the RDS itself (see notebox on page 110 on the geographically disbursed nature of this repository).

  • Once in the RDS, some data elements would be “ungated” and available to the general public for any purpose, much as is the case with the current WHOIS system (see in particular Figure 6 on p. 61 of the EWG Report).
  • Other data elements would be “gated”, meaning that entities will need to be accredited before these data elements can be accessed (see recommendation 42).
  • Authentication would be purpose-specific, meaning someone accredited for purpose X will only be permitted to access data elements responsive to purpose X (see recommendation 58).

In spite of all these attempts to address the privacy and free expression concerns raised by the current WHOIS model, I felt obligated to release a dissent at the same time as the EWG Report.

The devil lies in the details, and in my view, we need more detail about how the data protection recommendations would actually work.

My comments flag these key issues:

  • A broad principle of consent for access to and use of gated data and ambiguities surrounding its wording and application (recommendation 28);
  • The requirement for every registrant to name a set of “Purpose-Based Contacts”, notably one for legal purposes) (EWG Report p. 52: “Legal Contact ID: Not in RAA”);
  • The ambiguity surrounding the wording on where and how the data required for purpose based contacts, notably that of the legal contact which requires address and phone number, is published (p. 134 and footnote 39).

Numerous people have asked me why I dissented.  

People appear to be scratching their heads over why I have called attention to these issues…what could be wrong with asking for consent?  Data protection folks don’t usually ask such questions, as they are well aware of the problems with “blanket” consents.  Such broad consents could effectively nullify some of our other protections, and the language we have used does not provide enough guidance to those seeking to implement these recommendations, in my view.  There are very few data protection practitioners at ICANN, hence the need to elaborate further.

I have received much valuable feedback from the EWG and others on my original dissent.  I will include some of this feedback in further comments on my own blog, and I appreciate the positive spirit demonstrated as we try to move forward and make sure our intentions are well understood.  In the meantime, this brief description sets out the areas where I am concerned that our many privacy mitigations have been overly counterbalanced by these specifications concerning purpose-based contacts.  I remain convinced that it is important to point out the parts of our report where the language is at best confusing.

We can explain further what the intent of the EWG was in frequently asked questions and in slide decks.  But in my experience, it is always the text of the report that is authoritative.  It needs to say exactly what we meant it to say.

If I had sufficient faith that additions and clarifications on such issues could easily be added in the working group processes that will flow from the report, I would not raise these issues.  Sadly, my current analysis of ICANN’s respect for privacy protection, throughout the ecosystem, does not give me such confidence, nor does the robust nature of discussion in working groups.  I remain committed to helping draft better language, and working on restoring the balance in this very important piece of work.

I really appreciate this opportunity to discuss my dissenting comments.  I invite anyone to respond and show me where I am wrong in my interpretation, if this is indeed the case, or help me in formulating proposals to resolve these concerns, and address them in clear language.