- Main Agenda:
Whereas, the WHOIS Policy Review Team Report was submitted to the Board on 11 May 2012 and was the subject of extensive public comment and community discussion;
Whereas, the Review Team's work has encouraged the Board and community to re-examine the fundamental purpose and objectives of collecting, maintaining and providing access to gTLD registration data, has inspired renewed and new efforts to enforce current WHOIS policy and contractual conditions, and has served as a catalyst for launching a new approach to long-standing directory services challenges;
Resolved (2012.11.08.01), the Board directs the CEO to launch a new effort to redefine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, as a foundation for new gTLD policy and contractual negotiations, as appropriate (as detailed in the 1 November 2012 Board paper entitled, "Action Plan to Address WHOIS Policy Review Team Report Recommendations"—ICANN Board Submission Number 2012-11-08-01 [PDF, 266 KB]), and hereby directs preparation of an Issue Report on the purpose of collecting and maintaining gTLD registration data, and on solutions to improve accuracy and access to gTLD registration data, as part of a Board-initiated GNSO policy development process;
Resolved (2012.11.08.02), the Board directs the CEO to continue to fully enforce existing consensus policy and contractual conditions relating to the collection, access and accuracy of gTLD registration data (referred to as gTLD WHOIS data), and increase efforts to communicate, conduct outreach on, and ensure compliance with existing policy and conditions relating to WHOIS (as detailed in the 1 November 2012 Summary of the Board Action entitled, "WHOIS Policy Review Team Report Recommendations").
Resolved (2012.11.08.03), pursuant to Article III, Section 5.4 of the Bylaws, the Board directs that the contents of this resolution and rationale shall not be made publicly available until 19 November 2012.
The Affirmation of Commitments (AoC) between ICANN and the U.S. Department of Commerce commits ICANN to enforcing its existing policy relating to WHOIS (subject to applicable laws), which "requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information." The AoC obligates ICANN to organize no less frequently than every three years a community review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. The AoC further commits ICANN's Board to publish for public comment the report submitted by the Review Team, and to take action on the report within six months of its submission.
The Team's volunteer members were appointed by ICANN's CEO and the GAC Chair, per the AoC requirements, and reflected the broad Internet community's interests in WHOIS policy. For 18 months, the Team conducted fact-finding, including meetings with ICANN's relevant Supporting Organizations and Advisory Committees, members of the broader Internet community, and other interested parties, and issued a draft report for public comment before submitting its Final Report to the Board on 11 May 2012. The Report was posted for two months of public comment and the Board requested input from ICANN's Supporting Organizations and Advisory Committees. Community discussion and input on the Report continued through the ICANN Toronto meeting in October 2012.
The GAC and ALAC endorsed the WHOIS review report, SSAC provided a response in SAC055 (http://www.icann.org/en/groups/ssac/documents/sac-055-en.pdf [PDF, 348 KB]), and the GNSO provided a response by constituency (http://gnso.icann.org/en/correspondence/robinson-to-icann-board-07nov12-en.pdf [PDF, 377 KB]).
There is general agreement on the objective of strengthening the enforcement of existing consensus policies and contracts and the WHOIS Review Team Report provides many relevant recommendations to that effect.
However, both the WHOIS Review Team Report and the SSAC comments highlighted the limits of the current framework for gTLD directory services and the need to move beyond the present contractual provisions. The WHOIS Review Team for instance clearly stated that "the current system is broken and needs to be repaired." Likewise, the SSAC report stated that "the foundational problem facing all 'WHOIS' discussions is understanding the purpose of domain name registration data", that "there is a critical need for a policy defining the purpose of collecting and maintaining registration data" and suggested that "the formation of a properly authorized committee to drive solutions to these questions first, and to then derive a universal policy from the answers, is the appropriate sequence of steps to address the WHOIS Review Team's report ."
Indeed, the WHOIS protocol is over 25 years old (the current version is documented in RFC3912 dated September 2004, and the original version is documented in RFC812 dated March 1982). Furthermore, ICANN's requirements for domain name registration data collection, access and accuracy for gTLD registries and registrars are largely unchanged after more than 12 years of GNSO task forces, working groups, workshops, surveys and studies. Concerns of access, accuracy, privacy, obsolescence of protocols in an evolving name space, and costs to change remain unresolved.
In this context, taking into account these inputs and community concerns, the Board has determined that a broad and responsive action is required and has decided to implement a two-pronged approach. Accordingly, the Board is simultaneously:
- Directing the President and CEO to continue to fully enforce existing consensus policy and contractual conditions as well as to increase efforts to communicate, conduct outreach on, and ensure compliance with such existing policy and conditions.
- Directing the President and CEO to launch a new effort focused on the purpose and provision of gTLD directory services, to serve as the foundation of an upcoming Board-initiated gNSO PDP. The outcomes of this work should act as guidance to the Issue Report that will be presented as part of the GNSO's policy development work; as a result, the Issues Report is not expected to be produced until such time as the President and CEO determines that his work has progressed to a point that it can serve as a basis of work within the PDP.
On both aspects, additional information is contained in the document, "Action Plan to Address WHOIS Policy Review Team Report Recommendations"—ICANN Board Submission Number 2012-11-08-01" (http://www.icann.org/en/groups/board/documents/briefing-materials-1-08nov12-en.pdf [PDF, 266 KB]).
As part of the work of the President and CEO to ensure continued compliance with existing policy and conditions, the President and CEO has moved the Compliance Department to report directly to the President and CEO (http://www.icann.org/en/news/announcements/announcement-14sep12-en.htm), and the Board granted financial authorization to establish a Contractual Compliance Audit Program through an independent Service Provider (http://www.icann.org/en/groups/board/documents/resolutions-03oct12-en.htm#1.d)
Furthermore, appropriate liaison will be established with the ongoing work undertaken in the IETF WG on the Web Extensible Internet Registration Data Service (WEIRDS) Protocol to ensure coherence.
The Board strongly feels that taking this two-pronged approach is essential to fulfill ICANN's responsibility to act in the global public interest.
The initiation of a focused work on Whois is expected to have an impact on financial resources as the research and work progresses. If the resource needs are greater than the amounts currently budgeted to perform work on Whois-related issues, the President and CEO will bring any additional resource needs to the Board Finance Committee for consideration, in line with existing contingency fund request practices.
This action is not expected to have an immediate impact on the security, stability or resiliency of the DNS, though the outcomes of this work may result in positive impacts.
This is an Organizational Administrative Function of the Board for which the Board received public comment, at http://www.icann.org/en/news/public-comment/whois-rt-final-report-11may12-en.htm.
Posted on 19 November 2012