Whois? More like WHOWAS: Domain database on verge of collapse over EU privacy

Governments refuse to get sucked into policy shambles, kibosh DNS GDPR plans

65 Reg comments Got Tips?

Nope and nope

But they also rejected several main components of ICANN's proposal, including the idea that the GAC would devise an accreditation system. The Noncommercial Stakeholders Group (NCSG) called [PDF] the entire proposal "fundamentally flawed."

Meanwhile, the more pragmatic arms of the ICANN – the business and intellectual property constituencies – announced that they were working hard and fast on an accreditation model that they would then put to the broader internet community to review.

However even the most optimistic of ICANN attendees predict that such a system is unlikely to be approved before the end of the year, creating a minimum eight-month gap in Whois availability.

As such it is now inevitable that registries and registrars will develop their own solutions to comply with GDPR before the end of May.

The same day it became clear ICANN was not going to reach agreement, the company that runs Austria's top-level domain .at, NIC.at, announced it was making its own changes.

"Under the EU General Data Protection Regulation (GDPR), nic.at will only publish legal persons' data from mid-May 2018. Natural persons can still have their data published if they wish," the outfit stated.

"In future the data shown for domains owned by natural persons will only include the domain name, the registrar responsible and necessary technical information. If a company or organization owns the domain, the holder’s name and address will still be published, although contact data like e-mail address, telephone and fax number can be hidden upon request," it summarized.


In short, the effort to make Whois compatible with GDPR has been a public policy shambles for which ICANN should shoulder the bulk of the blame. A more effective organization would have foreseen the inevitable conflicts and carefully managed them ahead of time.

As it was, the organization's staff ignored the problem until it became impossible to do so any longer, and then published its proposal when people were boarding planes to fly to its meeting this week in Puerto Rico. It should have come as no surprise that little was achieved.

Cartoon man with panicked expression

As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains


And just to add to the sense that ICANN couldn't punch its way out of a paper bag, the organization was forced to suspend its remote participation system – cutting off anyone trying to follow and interact with discussions that wasn't physically at the meeting – due to an unspecified "security issue… that could possibly lead to the disclosure of the information."

It was not a good showing for an organization that was only recently granted autonomy by the US government.

The other main topic of discussion at the meeting was money and how ICANN was spending it. Having massively overestimated the amount of dosh it would make from auctioning off new top-level domains, and then spent millions of dollars it didn't have, the organization proposed using auction funds that it had always promised would be put to other uses to effectively fund that overspend.

And it suggested big cuts in community programs – such as covering the cost for representatives to attend its meetings – while resisting calls to explain why the organization has continued to expand its staff and give them inflation-busting pay rises year-after-year. ®


Biting the hand that feeds IT © 1998–2020