Congress OKs NTIA For Mandating WHOIS Replacement
Omnibus Report Language Signals Mounting Congressional Frustration with ICANN Policy Failures, Obstruction of Law Enforcement Investigations
Recent report language addressing the inability of law enforcement, intellectual property rights owners, and others with legitimate need to access registrant identifier information has passed both chambers of Congress as part of the latest COVID-19 stimulus and omnibus appropriations package. The must-pass legislation and accompanying report language, which provides Congressional direction to Federal departments and agencies on how appropriated funds should be spent, is now slated for President Trump’s signature and which is expected soon.
The relevant language is included in the section dealing with appropriations for the Commerce, Justice, and State Departments and specifically the National Telecommunications and Information Administration (NTIA) and states the following:
“Domain Name Registration. NTIA is directed, through its position within the Governmental Advisory Committee, to work with ICANN to expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes. NTIA is encouraged, as appropriate, to require registrars and registries based in the United States to collect and make public accurate domain name registration information.”
With this report language, Congress is clearly signaling that it is running out of patience with the lack of a mechanism for law enforcement, IP owners and others needing access to registrant identifier information for legitimate purposes such as criminal investigations and protecting rights online. In response to the European Union’s General Data Protection Regulation, ICANN org precipitously upended the prior method for accessing registrant information — the WHOIS database which, by all accounts, was imperfect but worked — and launched a so-called Expedited Policy Development Process, or EPDP, to develop a new mechanism. After more than two years of trying amidst much controversy, the Phase 2 recommendations have recently been put forth for public comment.
However, the numerous minority statements of objection that are included with EPDP’s report suggests that the recommendations enjoy little support from the constituencies and advisory councils that developed them.
This is deeply troubling because legitimacy results from consensus, which may prove impossible here. Given the antagonistic posture of registries and registrars towards WHOIS-related obligations in the past, nobody — least of all ICANN — should be taken by surprise that this process has become mired in controversy with EPDP unable to put forth workable consensus solutions. There is perhaps no clearer example of registry/registrar antagonism towards WHOIS than the .com registry’s endless delays that effectively avoided transitioning to a thick WHOIS database right up until ICANN, acting unilaterally on the thinnest of justifications, terminated WHOIS and, along with it, any need to upgrade the Internet’s largest registry.
NTIA is encouraged, as appropriate, to require registrars and registries based in the United States to collect and make public accurate domain name registration information.
But nobody — again, least of all ICANN — should be blind-sided by Congressional frustration at the lack of a WHOIS replacement either. After all, as early as June 1998, the U.S. Government set forth in the Federal Register the official policy for privatizing the Domain Name System (DNS) along with the expectation that a not-yet-named new corporation would ensure that registrant identification information would be “included in all registry databases and available to anyone with access to the Internet.” This expectation should be hard-coded into ICANN’s organizational DNA and the fact that it’s not suggests a far deeper and more fundamental corruption.
More recently, in an April 2019 letter, NTIA told ICANN to expect U.S. legislation if there wasn’t a solution by the November 2019 ICANN meeting in Montreal. Less than a month later, in a letter dated May 9, 2019, Senator Roger Wicker, chairman of the Senate Commerce Committee, warned ICANN that, “(a)bsent a meaningful resolution to these (WHOIS data) issues, Federal legislation guaranteeing access to WHOIS data may be warranted.”
This episode starkly illustrates the increasingly dangerous and irresponsible conduct of the Internet’s infrastructure monopolies.
In 2020, Federal agencies including the Food and Drug Administration, Federal Trade Commission, and the Departments of Homeland Security and State have been increasingly vocal about the increased threats facing Americans by the lack of a WHOIS replacement — including hindering the ability of consumers to identify bad actors and obstructing law enforcement’s ability to investigate criminal activities, including COVID-19-related scams, illegal opioid sales, and, most egregiously, the online sexual abuse of children.
The termination of WHOIS without a replacement solution is a fundamental breach of the original compact made when the U.S. Government relegated itself along with every other government to an advisory role and established the principle of private sector-led Internet governance. This breach is causing significant harm to persons and property around the world. Much patience and forbearance has been extended in good-faith. The stakeholders that have participated in the EPDP, by and large, are blameless; for they also have acted in good faith. The entirety of blame falls squarely on ICANN and its cadre of contracted parties.
Congress is clearly providing rule-making authority to NTIA with this report language
This episode starkly illustrates the increasingly dangerous and irresponsible conduct of the Internet’s infrastructure monopolies. Callous indifference to the real-world consequences of single-minded profiteering stains these organizations and their employees, shareholders, stakeholders, along with every single red cent of revenue generated from operating public interest infrastructure while access to registrant identifier data is denied to law enforcement and others with legitimate needs.
Congress is clearly providing rule-making authority to NTIA with this report language that awaits the president’s signature. Perhaps NTIA will be poetic and require every registry and registrar doing business with an American citizen to collect, maintain, and make available registrant identifier data and, in so doing, use GDPR’s logic to solve the problem claimed to be caused by GDPR.
If so, you heard it here first.