When I attended my first ICANN meeting back in 2007 things were very different to now. The meetings were a lot smaller and ICANN itself was a much lower profile organisation overall.
However one topic was on the agenda then and it’s still on the agenda now.
Whois.
No matter how hard you try that topic will just keep rearing its ugly head and with good reason.
For the better part of 20 years ICANN has barely paid lip service to the genuine concerns with respect to privacy and registrant rights that are presented with the current whois model for gTLD domain names.
What am I talking about?
Domain registration data. When you register a domain name we, as a registrar, have to collect information about you (the registrant) in order to pass it to the registry that maintains the database. (There are a couple of exceptions to this rule, but the contractual obligation to collect is still there)
Collecting information about who is buying a product or a service isn’t a strange concept. In fact it’s quite common.
What is different, however, is how the information you give the registrar (Blacknight) and the registry (IEDR for .ie, Nominet for co.uk, Neustar for .biz) handles that information. In the case of ccTLDs (such as co.uk or .ie) the amount of data that is published and shared with the world is significantly less than with gTLDs.
But let’s take a short walk down memory lane for both the sake of nostalgia and to provide background on how we ended up here.
When the internet was in its infancy and before there was a “web” it was, like now, a network of networks. The key difference being that it was a LOT smaller. Various academic institutions co-ordinated to create connections between their respective networks and over time those connections grew and grew to form a precursor of today’s internet.
But what happened when things went wrong?
The original operators relied on a database to see who was running which segment of the network, so that they could contact their counterpart when there was an issue that needed to be resolved. And thus Whois was born.
It wasn’t designed or planned meticulously. It was created to solve a simple problem. Unfortunately like many things involving technology the old adage of “if it ain’t broke, don’t fix it” applies. While whois may have evolved over time to become much more widely used than its original intent, it’s been nigh on impossible to break the status quo at a global level. Realistically that “global” level isn’t truly global at all. It’s a space that’s dominated by the voices of large US based corporates, brands, content creators (think big TV, film and music studios not starving painters!)
Over the past 20 years whois has morphed from being a way for the geeks to contact each other into a very strange beast indeed.
While registrars and registries might have legitimate legal reasons for wanting to gather information about who they are providing services to, there’s no straightforward way to let 3rd parties access that information while preserving security and the right to privacy.
And so for the past 20 odd years the default for ICANN’s gTLDs (.com / .net / .org/ .ninja and many more) has been for all the registration data to be both collected AND published without any restrictions.
It’s a very different matter when you look at country code domains like .ie, .co.uk or .fr etc.,
Every country and territory that is in the ISO list has their own “country code”. Some registries are big and have millions of names registered, while others are tiny with only a few hundred or couple of thousand names under management.
But ccTLDs are killing it (generally speaking)
They’ve got really strong brand recognition. Just walk down the street in any country in Europe and keep an eye out for domain names on shopfronts, billboards, advertising, newspapers etc., and you’ll see what I mean. Italians know and trust .it, while the Dutch expect companies doing business in Holland to use a .nl.
The “lack” of completely public whois for ccTLDs compared to their gTLD cousins doesn’t impact the operations of the internet or have a tangible impact on “trust” in those namespaces. Law enforcement and consumer protection agencies are able to access data or get the registry operators to take action when it is warranted.
So why are we talking about WHOIS again now?
Four letters.
GDPR.
As I mentioned on a recent podcast, the GDPR and whois are a huge problem and as a company we have to comply with the law even if that means breaching our contractual obligations with ICANN. The alternatives aren’t great.
Unfortunately even with the May 25th deadline looming this won’t be fully resolved by then.
This story is far from over and we’ll be following it as closely as we can.