The Internet Corporation for Assigned Names and Numbers organization (ICANN org) today published the design paper for the WHOIS Disclosure System, a proposed system for providing access to nonpublic registration data related to generic top-level domains (gTLDs).
The paper outlines the design of a system that would simplify the process for submitting and receiving requests for nonpublic gTLD registration data for both requestors and ICANN-accredited registrars. The paper includes assumptions and risks, system mockups, an estimated timeline for implementation and associated costs. It is intended to inform discussions between the ICANN board and the Generic Names Supporting Organization (GNSO) Council regarding the System for Standardized Access/Disclosure to Nonpublic Generic Top-Level Domain Registration Data (SSAD) outlined in the Final Report of the GNSO Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data Phase 2 (EPDP Phase 2) and produced by the EPDP Phase 2 team.
In developing this paper, ICANN org considered the 18 SSAD-related recommendations, as well as current and future consensus policy requirements concerning gTLD registration data access. The design does not address all of the Council-approved recommendations for an SSAD; instead, it proposes a simpler, more cost-effective disclosure system. For example, the WHOIS Disclosure System would omit an accreditation authority, an abuse investigator, an obligation for automated processing of certain requests by contracted parties and any costs to requestors.
ICANN org estimates the development and launch of the WHOIS Disclosure System would take approximately nine months; development and two-year maintenance would be approximately $100,000 in external, non-staff costs. The system would be developed by ICANN org and not involve external vendors.
If implemented, this simplified system would gather data concerning the use of a system that streamlines access to nonpublic registration data. This data would inform the ICANN board's consideration of the SSAD recommendations, as it continues to consult with the GNSO Council. Additionally, the WHOIS Disclosure System could be built and implemented more quickly than the recommended SSAD, because it only includes a subset of the functionalities recommended in the SSAD.
The legal environment in which a WHOIS Disclosure System and its users – requestors and registrars – would operate is fluid. Currently applicable laws and regulations, as well as those implemented in the future, would impact the system's usage. Restrictions on the processing of personal data, including cross-border transfers of data, under the European Union's (EU) General Data Protection Regulation (GDPR) and other laws will make operation of such a system, in compliance with applicable laws on a global scale, a complex exercise.
If directed by the ICANN board to implement the WHOIS Disclosure System, ICANN org would do so based on an informed understanding of the requirements of the GDPR and other applicable laws.
I encourage you to review the paper and look forward to discussing this design further during ICANN75.
Because of the resource investment that would be required to implement the 18 recommendations in the Final Report of the GNSO Expedited Policy Development Process on the Temporary Specification for gTLD Registration Data Phase 2 (EPDP Phase 2) team, ICANN org prepared an Operational Design Assessment (ODA) to aid the ICANN board in its consideration. The ODA is the final outcome of an Operational Design Phase, which estimates the resource requirements, timelines, dependencies, and risks associated with the consensus policy recommendations.
A GNSO Council EPDP Phase 2 small team found that the ODA did not provide enough information to confidently determine the costs and benefits of the SSAD recommendations. This was because of an inability to predict costs based on unknowable usage volumes, which resulted in a range of possible costs, and lack of information on the specific costs of different components of the system. These concerns led the small team to recommend that consideration of the SSAD recommendations be paused while a "proof of concept" is explored. Based on the Council's request, the board directed the org to draft this design paper for a system that would be simple and cost effective.