In the digital age, personal data protection has become paramount, with regulations like the General Data Protection Regulation (GDPR) shaping global practices. One area significantly affected is the public availability of WHOIS data, a critical resource in the domain name system. WHOIS traditionally provided detailed contact information for domain registrants, but privacy measures have redacted much of this data in recent years.
Elizabeth "Jake" Feinler, known as the "Mother of Whois," transformed internet infrastructure as the ARPANET Network Information Center's lead. Her work in organizing data and pioneering Whois set the foundation for modern internet protocols. A trailblazer in technology, she championed inclusivity, mentoring women and minorities, while her legacy endures as a cornerstone of the digital age.
Nearly 90% of the internet's generic top-level (gTLD) domain names do not have identifying contact information in the Registration Data Directory Services (RDDS) system, according to a report by Interisle Consulting Group. A key finding of the report is the rapid growth of registrar-provided proxy service offerings and the inclusion of these services for both new and existing registrations.
The European Union (EU) has set a high bar by tackling domain name system (DNS) abuse head on via government regulation and seems to have successfully resisted attempts to water down DNS stewardship obligations. Recent guidance from a key European Commission cooperation group (the NIS Cooperation Group) handling sections of the Network and Information Security Directive (NIS2) intends for a robust implementation of Article 28, which will go a long way toward helping to mitigate some of the longstanding problems that persist in the DNS.
Over the past twenty years of my engagement in the ICANN multistakeholder process, one topic that has always been near and dear to me has been improving the accuracy and access to domain name registration data in a way that respects the legal rights of both registrants and requestors of registration data. Sadly, the glacial pace at which ICANN develops and implements policy has prevented a holistic solution to the problem.
ICANN must act now to harmonize its domain name registration data (commonly known as WHOIS) policies with Article 28 of the European Union's Network and Information Security (NIS2) directive, first to adhere to applicable laws as it fulfills its oversight responsibilities and, second, to keep its word to the community to preserve WHOIS to the fullest extent possible under law.
On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.
Now just more than a quarter of the way into the pilot program, ICANN's Registration Data Request Service (RDRS) again will be the subject of intensive discussions during the ICANN80 meeting in Kigali in early June. This includes further consultations hosted by the Commercial Stakeholder Group (CSG) and including registrars, data requestors and ICANN Org.
I recently appeared on the 419 Consulting podcast to discuss the European Union's NIS 2.0 Directive and its impact on the domain name ecosystem. I encourage all TLD registries, domain name registration service providers, and DNS operators to listen to the recording of that session which Andrew Campling has made available.
As a member of the ROW Planning Committee, I am writing this post on behalf of the Committee and welcome all community members to join us on June 4th. We are celebrating ROW's 10th anniversary! A decade of collaboration and inspiration! Thank you to the incredible community that has fueled this journey!