Presentation is loading. Please wait.

Presentation is loading. Please wait.

8th Capacity Building Webinar

Published byAmbrose Sherman Modified over 6 years ago

Similar presentations

Presentation on theme: "8th Capacity Building Webinar"— Presentation transcript:

1 8th Capacity Building Webinar - 2017
Update on WHOIS-related Initiatives : Next Generation Registration Services and its impact on end –users Holly Raiche | 04 October 2017 | 21:00 UTC

2 WHAT IS WHOIS WHOIS Protocol developed in 1982 for ARPANET users (geeks) to ‘look up’ other users (geeks) With the growth of the Internet, WHOIS users included others: law enforcement agencies, Intellectual Property and trademark owners, businesses, consumers, etc Protocol adopted by ICANN with its formation in 1998

3 WHAT IS WHOIS ‘WHOIS’ is really three things:
Domain Name Registration Data (DNRD) – the data registrants provide when registering a domain name Domain Name Registration Data Access Protocol (DNRD-AP) – elements of a communications exchange to provide public access to the DNRD – e.g., the WHOIS protocol (RFC 3912) Domain Name Registration Data Directory Service (DNRD – DS) - the service offered by registrars/registries to access DNRD

4 WHAT IS WHOIS What are the WHOIS (DNRD) Requirements?
For registrars providing one or more gTLD Provide inter-active webpage and port 43 service providing free public query based access to up to date data concerning all active Registered Names sponsored by the Registrar For Registries (base agreement) Provide public access to registration data - As above

5 WHAT IS WHOIS What Information Are We Talking About: Clause 3.3 RAA (2013) (similar in the Registry base agreement) The name of the Registered Name; The names of the primary nameserver and secondary nameserver(s) for the Registered Name; The identity of Registrar (which may be provided through Registrar's website); The original creation date of the registration; The expiration date of the registration; The name and postal address of the Registered Name Holder; The name, postal address, e‐mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and The name, postal address, e‐mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name.

6 WHAT IS WHOIS Affirmation of Commitments (2009) committed ICANN to:
Enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information (and regular reviews).

7 WHAT IS WHOIS So what is the Problem? (WHOIS Final Report 2014)
Issues in the WHOIS debate are varied. Any discussion of WHOIS will likely contain all of the words accuracy, privacy, anonymity, cost, policing and SPAM. Each of the issues is important…. A gross understatement is that tensions exist between the various ICANN constituencies regarding WHOIS. Issues abound including the right to privacy, anonymity, intellectual property protection, security and abuse, among others. Each is important. None more so than the other.

8 WHAT IS WHOIS OECD Privacy Principles 1980
Collection Limitation Principle There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject. Data Quality Principle Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date. Purpose Specification Principle The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

9 WHAT IS WHOIS OECD Privacy Principles 1980 (cont’d)
Use Limitation Principle Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 (purpose) except: with the consent of the data subject; or by the authority of law. Security Safeguards Principle Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

10 WHAT IS WHOIS OECD Privacy Principles 1980- updated in 2013
New Threats: …the abundance and persistence of personal data have elevated the risks to individuals’ privacy. Personal data is increasingly used in ways not anticipated at the time of collection. Almost every human activity leaves behind some form of digital data trail, rendering it increasingly easy to monitor individuals’ behaviour. Personal data security breaches are common. These increased risks signal the need for more effective safeguards in order to protect privacy.

11 WHAT IS WHOIS The Expert Working Group (EWG): So What’s The Problem?
A growing expectation of privacy for personal information as countries implement laws to protect the collection and publication of personal information and even where there is no law, there are legitimate reasons for individuals to seek heightened protections of their personal information. In addition, some businesses and organizations may seek protection of their information for legitimate purposes, such as when they are preparing to launch a new product line, or, in the case of small business, where contact information discloses personal data.

12 WHAT IS WHOIS Who Uses the Registration Data (from EWG)

13 WHAT IS WHOIS EWG: Is there an alternative to today’s WHOIS to better serve the global Internet community? Yes, there is. The EWG unanimously recommends abandoning today’s WHOIS model of giving every user the same entirely anonymous public access to (often inaccurate) gTLD registration data. Instead, the EWG recommends a paradigm shift to a next-generation RDS that collects, validates and discloses gTLD registration data for permissible purposes only. While basic data would remain publicly available, the rest would be accessible only to accredited requestors who identify themselves, state their purpose, and agree to be held accountable for appropriate use.

14 WHAT IS WHOIS The EWG PROPOSAL

15 WHAT IS WHOIS Next Generation new gTLD Registration Directory Services WG: Charter …the PDP WG is tasked with analyzing the purpose of collecting, maintaining and providing access to gTLD registration data and considering safeguards for protecting that data, determining if and why a next-generation Registration Directory Service (RDS) is needed to replace WHOIS, and creating policies and coexistence and implementation guidance to meet those needs.

16 WHAT IS WHOIS RDS WG CHARTER QUESTIONS
What are the fundamental requirements for gTLD registration data? When addressing this question, the PDP WG should consider, at a minimum, users and purposes and associated access, accuracy, data element, and privacy requirements. Is a new policy framework and next-generation RDS needed to address these requirements? If yes, what cross-cutting requirements must a next-generation RDS address, including coexistence, compliance, system model, and cost, benefit, and risk analysis requirements? If no, does the current WHOIS policy framework sufficiently address these requirements? If not, what revisions are recommended to the current WHOIS policy framework to do so?

17 https://gnso.icann.org/en/group-activities/active/rds
WHAT IS WHOIS The RDS WG: Progress to Date WG Established January 2015 Approximately 140 members Meets weekly for 90 Minute meetings In between, are brief surveys to understand membership views on specific issues Focus on the first question – what is the purpose(s) for the collection of what RDS data?

18 WHAT IS WHOIS Users/purposes Gated Access Data Accuracy Data Elements
The RDS WG: Progress to Date: Issues for Phase One Users/purposes Gated Access Data Accuracy Data Elements Privacy Coexistence Compliance System model Costs/Benefits/Risks

19 WHAT IS WHOIS The Urgency: General Data Protection Regulation (GDPR)
Adopted 27 April 2016, Applies 25 May 2018 (directly binding and applicable without national legislation) Strengthens the EU Directive on Data Protection Consent, transparency, accountability, data protection by design and default Application: if you operate in, sell into the EU countries – including if control or process data on EU data subjects Sanctions: warning, audits, fines – up to 4% annual worldwide turnover NB: 2013 RAA Clause 3.7.2: Registrar shall abide by applicable laws and governmental regulations.

20 WHAT IS WHOIS The Urgency: GDPR (Art 4.1) "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

21 WHAT IS WHOIS . RDS WG – Legal Opinion (some extracts)
Purpose: would relate to the actual registration of domains and the functioning of the domain name system. Purposes that go beyond this (e.g., collecting data to combat IP violations) would be considered to be secondary purposes Data Elements: the key factor is not just whether the name of the registrant is that of a natural or legal person, but how the different data fields, when taken together, relate to an individual. for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” falls outside the scope of the GDPR – including any other body or entity entrusted by Member State law to exercise public authority and public powers for the purposes of this Directive … However, the fact that anonymous public access to registration data may have some potential beneficial use with regard to consumer protection cannot by itself override the fundamental right to data protection. .

22 WHAT IS WHOIS ICANN Response:
Establishment of a ‘small group of contracted parties (and others) to review the collection of data, as required by ICANN Meeting in Brussels

23 WHAT IS WHOIS Working Group/Teams on WHOIS Issue over the Years:
Whois Survey Requirements Privacy Proxy Accreditation RAA – Including P/P issues WHOIS Review Team Thick WHOIS Privacy Proxy Services - waiver RDAP Expert Working Group (EWG)

24 QUESTIONS? Breakup your presentation, divide it into sections. This is especially useful if most of your presentation is text.

Download ppt "8th Capacity Building Webinar"

Similar presentations

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Text #ICANN51. Text #ICANN51 15 October 2014 At-large policy round table Holly Raiche Panel 1: Privacy and Proxy 1000 – 1045 Hrs.

Text #ICANN51. Text #ICANN51 15 October 2014 At-large policy round table Holly Raiche Panel 1: Privacy and Proxy 1000 – 1045 Hrs.
1 Updated as of 1 July 2014 Issues of the day at ICANN WHOIS KISA-ICANN Language Localisation Project Module 2.3.

1 Updated as of 1 July 2014 Issues of the day at ICANN WHOIS KISA-ICANN Language Localisation Project Module 2.3.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Text #ICANN51 15 October 2014 4:30 - 5:30 pm Board/GNSO Collaboration Group to suggest next steps on EWG Report/registration data services PDP.

Text #ICANN51 15 October :30 - 5:30 pm Board/GNSO Collaboration Group to suggest next steps on EWG Report/registration data services PDP.
What is WHOIS?. 2  Internet Protocol you can use to search registry and registrar databases and discover who registered a domain name or IP address 

What is WHOIS?. 2  Internet Protocol you can use to search registry and registrar databases and discover who registered a domain name or IP address 
Global Name Registry Proposal to Modify Appendix O: WHOIS Data Access.

Global Name Registry Proposal to Modify Appendix O: WHOIS Data Access.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
What is WHOIS?. 2  Internet Protocol you can use to search registry and registrar databases and discover who registered a domain name or IP address 

What is WHOIS?. 2  Internet Protocol you can use to search registry and registrar databases and discover who registered a domain name or IP address 
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Governmental Advisory Committee Public Safety Working Group 1.

Governmental Advisory Committee Public Safety Working Group 1.
WHOIS Public safety and data protection requirements.

WHOIS Public safety and data protection requirements.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
GAC SESSION 7: PSWG Update. PUBLIC SAFETY WORKING GROUP (PSWG) – UPDATE TO THE GAC Agenda Item 7 | ICANN 56 | 28 June 2016.

GAC SESSION 7: PSWG Update. PUBLIC SAFETY WORKING GROUP (PSWG) – UPDATE TO THE GAC Agenda Item 7 | ICANN 56 | 28 June 2016.
Concerns of Noncommercial Users Constituency Privacy Conference November 29, 2005 Kathryn A. Kleiman, Esq. Internet Law and Policy Specialist, McLeod,

Concerns of Noncommercial Users Constituency Privacy Conference November 29, 2005 Kathryn A. Kleiman, Esq. Internet Law and Policy Specialist, McLeod,

Similar presentations

Ads by Google