.US Town Hall and the Secure WHOIS Gateway Proposal

The .US ccTLD extension had its live town hall forum with the .US Stakeholder Council.

The Town Hall had a rundown of the current state of the domain industry and .US specifically plus policy considerations for domain growth and community outreach to establish top civic priorities for future direction.

The town hall presented some interested stats on the .US extension but also a Secure WHOIS Gateway Proposal for .us domain names.

Featured speakers were:

• Dustin Loup (Host, Chair .US Stakeholder Council)
• Crystal Peterson (Director, Registry Services)
• Kristin Johnson (Council Secretariat, Registry Services Global Marketing and Brand)

Accountable WHOIS in the usTLD Namespace (usTLD Secure WHOIS Gateway Proposal)

Accountable Access to Registration Data.

Registry Services, LLC (“Registry Services”) has developed a proposal to provide accountable access to WHOIS data in a manner that is fully compliant with the current requirements of the contract between Registry Services and the US Department of Commerce (“usTLDContract”):
“Publicly Accessible, Accurate, and Up-to-Date WHOIS Database. The Contractor shall implement a policy that addresses continued public access to accurate WHOIS information, including a prohibition of proxy and anonymous services offered by registrars, registrar affiliates and partners, and delegated managers. The Contractor shall regularly monitor the current practices of registrars and delegated managers to ensure compliance with this requirement; “ (usTLDContract, Section C.5.1, (vi), (b))
The proposal further serves Congressional direction to the DoC, through the National Telecommunications and Information Administration (“NTIA”) to:
1.
“…work withICANNto expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes.”
2.
work with US-based registries and registrars to enhance public access to such data. (Joint Explanatory Statement (“JES”), Consolidated Appropriations Act of 2021).

What is Accountable WHOIS?

“Public” and “published” ≠ “anonymous” or “unaccountable”

• Unredacted WHOIS data served via email in response to a usTLD WHOIS query
  • Query submitted for legitimate purposes to be provided promptly.Purposes include intellectual property rights, security research, law enforcement inquiry, among others
  • Response within 1-2 business days for all other legitimate, non-abusive purposes
  • Authenticated RDAP access available to law enforcement to protect confidentiality of investigations

 

• Accountable WHOIS is not a privacy or proxy service:
  • While privacy services and proxy services do not operate identically, both allow domain name users (who may be either registrants or licensees) the ability to prevent anonymous access to their private contact information.
  • These services promote privacy and accountability, but come at a cost to the comprehensive, authoritative nature of both Registrar and Registry databases.

Why Accountable WHOIS?
1. Ensure timely access to registrant data while reducing risk of registrant harm
2. Preserve the authoritative usTLDregistrant database
3. Encourage growth of the usTLDnamespace
– Documented risks of identity theft, spamming, spoofing, and, more recently, swatting, and doxing associated with anonymous access discourages .US registrations and creates a negative experience for usTLDregistrants

Secure WHOIS Gateway Proposal

• Registry Services’ Secure WHOIS proposal is not a privacy or proxy service.
• usTLDWHOIS data will continue to be made available to legitimate requests under this proposal, hence, staying within the requirement of “publicly accessible” WHOIS without the use of proxy or privacy services of Registrars, affiliates and partners.
• The use of email to respond to WHOIS queries creates accountability for users within the structure and mandate of the current usTLDContract Scope of Work.
  – A review of the average RDDS requests for a globally available ccTLD shows requests for WHOIS data with legitimate reasons is less than 0.5% per month of total WHOIS queries

Secure WHOIS Gateway Technical Highlights

Registrants are given the opportunity to elect, through their sponsoring registrar or reseller,to protect personal data elements from anonymous query and non-personal data would be available to all queries.

• Registry Services shall implement RDAP with developments for the usTLDnamespace.
  – The implementation of RDAP is considered in Volume I, Technical, (usTLDResponse incorporated as part of the usTLDContract); Section 4.3.11 ‘Registration Data Access Protocol (RDAP)’, section 8.1 ‘Functional Enhancements’, section 8.3.3 Registration Data Access Protocol (RDAP) and section 17.1 ‘Investment in the usTLDRegistry and DNS Services’
• With RDAP implemented, Registry Services will provide an easy-to-use online mechanism (RDDS Requests) through which those with legitimate, non-abusive interests to access the data can submit data access requests and promptly receive individual results.
  – Unredacted, full registration records would be returned via email to any inquirer who provided a working email address, selected a legitimate, non-abusive use from a drop-down list, and accepted the usTLD’sWHOIS Terms of Service (WHOIS TOS).