Here in the United States, we recently celebrated Thanksgiving and with that, we now enter the last weeks of 2018. I’ve spent much of this past year involved in ICANN’s Expedited Policy Development Process (EPDP) for gTLD Registration Data and I’m happy to say our group has reached a historic milestone.
Just last week, the group published its initial report for public comment. I’d be remiss if I didn’t take this opportunity to thank the entire group for their good faith efforts in issuing this initial report. A huge shout-out also goes to the ICANN staff and support teams who have been instrumental in our efforts. Having completed the initial report has allowed everyone a brief chance to exhale after months of intense work which included numerous conference calls, vigorous discussions on the mailing lists, and the creation of various drafts.
So now that the report is out for public comment, I thought it might be helpful to highlight a few of the “hot-button” topics that the EPDP group has been addressing. It’s important to note that while we have published the initial report, no consensus has been reached on any of the recommendations, and we still have plenty of work ahead of us. The report is over 100 pages in length and contains 22 preliminary recommendations, so addressing all of them in this post clearly isn’t possible – but I’ll attempt to highlight the more contentious and critical ones.
With that being said, here are some important points to consider in relation to the initial report:
— The public comment period is actually rather brief, and the comment period closes December 21, 2018. This EPDP group is the first of its kind so the timelines are very compressed. We are tackling issues which have been debated within the ICANN community since its existence and doing so using the first ever EPDP. For anyone who has a viewpoint on these topics, it’s important to provide your feedback within the timeframe allotted. The members of the EPDP team are eager to get this important community feedback. It is needed so that we can carry on with our work and issue a final report ahead of the expiration of the Temporary Specification for gTLD Registration Data which expires in May of next year.
— One of the recommendations addresses the actual data elements to be collected and displayed as part of the registration process for gTLD domain names. We are all used to having registrant, administrative, technical and (in some cases) billing contacts associated with domains, but the recommendations in the report reduce the existence of those contacts. The administrative and billing contacts would go away altogether. The technical contact would be reduced down to a name, e-mail and phone number and be optional to collect and not displayed in the public WHOIS. The registrant information would continue to be collected as it is today with the public fields (available in the WHOIS output) being organization (potentially), state/province, country and an anonymized e-mail address. The organization field is problematic as it potentially could contain personally identifiable information and not simply an organization name – this needs to be discussed further taking into account public comments received.
— An area of significant discussion and divergent opinions relates to whether or not registrants should be obligated to declare themselves as natural or legal persons as part of the domain name registration process. A natural person is considered an individual while a legal person could be a business, non-profit or governmental type of organization. The EPDP team spent considerable time discussing this topic with strong views on both sides of the issue. The issue is certainly complicated when you look at how this could be implemented on currently registered domains, how registrants would even navigate this, and if it is even feasible to make this distinction on a global scale. Anyone involved in the domain name space should take pause at introducing new requirements that could create barriers for the registration of domain names.
— The issue of “reasonable access” to non-public data in the Temporary Specification is one which has caused great unease in the community as it lacks any specificity or details. The initial report does state this level of access should remain in place (until a formal system for standardized access has been created) but it recommends creating more specific language around timelines, requirements for requests, and communication and logging of requests made for access to this data. Hopefully providing more specifics around this notion of “reasonable access” will be a step in the right direction as there certainly are legitimate reasons third-parties need non-public WHOIS data.
— While no system for standardized access to non-public WHOIS data was proposed in this initial report, there was a commitment to consider such a system as part of the continuing work of the EPDP team. That work will consider things such as what are the legitimate purposes for third-parties to access the data, what are the eligibility criteria to access the data, and what specific data those third-parties would be able to access as part of such a system. Clearly, this is an important topic for the group to consider (and for the community in general), but it really has to be done once the so-called “gating questions” (or essentially all of the other work) are resolved and agreed upon.
— Another issue raised in the report is how to handle disclosure requests for non-public WHOIS data for the purposes of UDRP filings. While filing a UDRP without underlying registrant information is certainly possible and happens in cases where a privacy or proxy service is being used on the infringing domain name, being able to review that information prior to filing a UDRP would be beneficial for a brand holder. This will require further discussion as it creates the potential for abuse and it isn’t entirely clear how that type of disclosure (and the appropriate safeguards needed) would be operationalized.
The report allows for comments or specific questions to be answered in over 300 places so there is no shortage of opportunity to provide feedback. The timeframe for submitting public comments is condensed, but it’s critical that it is received and analyzed so that the group can move forward with deliberations and create a final report in the first few months of 2019. If you have specific questions about any of the information in the report, I’d be happy to provide guidance wherever I can.
Written by Matt Serlin, SVP, Client Services and Operations at Brandsight