Comments from the Internet Infrastructure Coalition (i2Coalition) on the Interisle Report “Domain Registration Data at a Crossroads”
The Internet Infrastructure Coalition provides the following comments on the Interisle Consulting Group’s newly released report on ICANN’s data registration policies.
The Internet Infrastructure Coalition (the “i2Coalition”) objects to the flawed conclusions drawn by Interisle’s recently-released report on domain registration data. While Interisle’s 175-page report purports to measure the effectiveness and impact of the data registration policies of the Internet Corporation of Assigned Names and Numbers (ICANN) based on its study of the WHOIS1 policies and actions of certain registries and registrars, the conclusions and recommendations based on those arguments are logically inconsistent and derived from the assumptions of the author, respectively. Consequently, the Interisle report establishes a false framework as the basis from which it assesses registrars. Even more, it uses the current pandemic to leverage false narratives in the pursuit of one-sided changes to an entire ecosystem.
The report fails to deliver on its claims for three main reasons: a) it interprets contractual obligations and then assesses registrars against those interpretations; b) it interprets privacy regulations (GDPR in particular) and then assesses registrars against those interpretations and just as importantly, c) it asserts expectations and then assesses registrars against those expectations.
In terms of contractual obligations, the author misreads and mischaracterizes them to a large extent. While RDAP is certainly the future standard for lawful access to registration data, registrars are not required to have RDAP, at least not in the way that this report assumes. This report also sets normative expectations on rate limiting that are neither documented nor required in any way, yet they seem to become the benchmark for an entire industry.
With regards to privacy, the report does not, in fact, follow the laws it cites. On the contrary, it ascribes its own normative guidelines and creates an assessment on whether those arbitrary choices are being followed. Without actually citing the legal requirements, whether in GDPR or elsewhere, the author creates expectations on who should have access and why.
Overall the whole report decides on arbitrary expectations, that have no basis in laws or contracts, and assesses registrars based on that. For example it creates use cases out of thin air and demands they work, it establishes usability requirements and demands they work, and most disturbingly, it sets RDAP requirements and demands they work.
What this report misses is the extensive relationships that companies in the domain industry have with law enforcement entities, where tiered and gated access to WHOIS data continues to exist along verified channels. The report also does not mention the domain industry’s deep commitment to keeping the Internet safe through ongoing established public/private partnerships, such as those that identify and remove CSAM through close alliance with IWF and NCMEC.
Tying the current pandemic and its response to WHOIS concerns is an opportunistic practice that takes away from the gravity of the COVID-19 situation. It also takes away from the actual concerns of law-enforcement, who are able to work directly with registries and registrars in a force majeure setting. I2Coalition members have pledged to act swiftly in these extraordinary times in order to mitigate abuse and crime. We also continue to work and forge alliances with independent organizations which seek to address anti-abuse online, including LegitScript and the Association of Online Pharmacies.
It is a disappointment that an opportunity for constructive criticism and legitimate improvement across the industry has been hijacked by normative benchmarks parading as legal or contractual requirements. The report reads more like the promotion of specific agendas, including on policy development work in the context of the ICANN EPDP, rather than solutions.
1 For more information on WHOIS, i2Coalition put together a primer on WHOIS history and its present.