ICANN and the Whois: no more admin-c?

After the internet community had struggled in vain for years to come up with a privacy-friendly Whois policy, ICANN introduced a temporary solution on 25 May 2018 (GDPR D-Day). Under the 'temporary specs' , the number of Whois fields that gTLD registries and registrars are required to show was greatly reduced, pending a permanent agreement. At the same time, an 'expedited policy development process' was launched, which had to yield a definitive solution within a year. It should be stressed that the arrangements described apply only to gTLDs (.com, .hotel, .amsterdam, etc); country-code TLDs such as .nl define their own rules.

A uniform global solution is wanted soon

Given the size of the undertaking, the many competing interests at stake, and the need for a solution to be global and to at least satisfy the GDPR requirements, the prospects for the one-year 'deadline' being met don't look good. And, if the deadline is missed, the old rules will come back into force. That implies everyone being obliged to resume publication of the full range of Whois data. However, full publication would put European registries in breach of the GDPR, and is therefore unenforceable by ICANN. So, if a permanent solution isn't ready on time, the situation is liable to become chaotic.

Working group

The ICANN working group with the unenviable task of tackling this issue recently released its first interim report. The working group is addressing three central questions:

  1. What data should registrars and registries record for each registered domain name?

  2. What data should registrars and registries make public by means of a Whois service?

  3. What data should registrars and registries share with, for example, investigative authorities, internet security agencies and bodies that protect intellectual property rights?

In order to answer those questions, various subordinate and ancillary issues are being considered as well. 

Solution still appears remote

With everyone anxious to avoid disorder, the working group is under a lot of pressure to come up with a solution. Unfortunately, the first interim report does not inspire confidence, since the working group is apparently still wrestling with the first question: what data can/should we record? One of the few points on which there is currently consensus is that the admin-c (administrative contact) should no longer be recorded. It seems that the gTLD world sees that role as redundant.

What about the admin-c in .nl?

Within .nl, the admin-c has historically been viewed rather differently. SIDN regards the admin-c as the person who represents the registrant vis-a-vis SIDN on matters concerning the registration. In practice, the admin-c is by no means always the registrant. So we send all system messages about the domain name -- e.g. confirmations of cancellations and registrant changes -- both to the registrant and to the admin-c's e-mail address. In fact, until the middle of 2010, SIDN didn't even record registrants' e-mail addresses or phone numbers. We didn't need that information, because we communicated with the registrant only through the registrar and the admin-c. 

Someone besides the registrant can act as the contact for a domain name

One of the reasons why the registrant's contact details weren't originally recorded was probably that a registrant is sometimes not a person, but a legal entity. In such cases, it's useful to have details of the person or department who can act as the contact for the domain name. Another possible reason is that not all registrants fully understand how domain name registrations work. The existence of a separate admin-c role enables less expert registrants to nominate someone else to handle administrative matters relating to the registration. In other words, having an admin-c is helpful to registrants. And more knowledgeable registrants can always act as their own admin-cs -- often the most straightforward arrangement. 

No obligation

The point is worth making that the question as to whether a registrar should be required to record admin-c data is no longer a privacy issue. Existence of the admin-c role merely gives the registrant the option of nominating someone else to act as the contact for the domain name. There is no obligation to do so.  

It's important that the registrant can be reached by others

Of course, it is debatable whether any (and, if so, what) admin-c data should be made available in the public Whois. Where .nl is concerned, we publish only the admin-c's e-mail address, which can be something totally anonymous, such as luewiuirfbug@gmail.com or info@domainname.nl. Our only interest is making it possible for others to contact the registrant. We believe that the importance of enabling contact is sufficient to justify the minor privacy implications of publishing the admin-c's e-mail address. 

We'll continue to monitor developments

Various alternative ideas remain on the table. We will therefore continue to monitor Whois-related developments at ICANN and in neighbouring countries. And we will continue to review our policies on the registration and publication of data in light of those developments.

Comments

Maarten-Simon-thumbnail

Maarten Simon

Legal & Policy Advisor

+31 26 352 55 00

maarten.simon@sidn.nl

  • Friday 12 April 2019

    SIDN Labs

    Using machine learning to make the internet more secure

    Thumb-internet-network-background

    4 challenges we'll be tackling in the period ahead

    Read more
  • Tuesday 3 April 2018

    About SIDN

    Whois unavailable on 3 April 05.00 to 08.00

    nl-thumbnail_36

    The Whois is temporarily unavailable while maintenance is carried out.

    Read more
  • Friday 19 April 2019

    SIDN Labs

    SIDN to promote adoption of the DANE internet standard

    Thumb-e-mail

    E-mail security standard added to the Registrar Scorecard

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.