Request for Adequate Assurances Relating to WHOIS and GDPR

Download the PDF

Mr. Göran Marby
ICANN President and CEO

Mr. Cherine Chalaby
Chair
ICANN Board

March 28, 2018

Request for Adequate Assurances Relating to WHOIS and GDPR

Dear Messrs. Marby and Chalaby:

We and other digital threat management professionals, such as the security and anti-abuse community, intellectual property professionals and their respective rights’ holders, including our customers (“we” or “us”), rely on WHOIS data as an essential element in discovering, identifying, tracking, and mitigating threats online.

With less than sixty days left, having a draft document reflecting “over-compliance” with GDPR is an egregious violation of ICANN consensus policies. This unmistakenly undermines the stability and security operations of the Internet’s unique identifier systems. ICANN is damaging the openness, interoperability, resilience, security, and stability of the DNS, which is not required by law.

ICANN is accountable to the Internet community for operating in accordance with its Articles of Incorporation and the Bylaws, including its Mission. We draw your attention to the March 15, 2018, GAC CommuniquéSan Juan, Puerto Rico, particularly GAC Consensus Advice to the Board with respect to WHOIS and the GDPR, including the rationale for the Consensus Advice on pages 9-10 therein. If ICANN were to adopt the “Calzone” model or a substantially similar iteration that suffers from the same flaws, ICANN would be taking “an action that is not consistent with”1 (i.e., rejecting) GAC Advice. Under the ICANN Bylaws, GAC Consensus Advice may only be rejected by a vote of no less than 60% of the Board,2 and the GAC and the Board are required to “then try in good faith, and in a timely and efficient manner, to find a mutually acceptable solution.”3

ICANN must have a means to compel the registrars and registry operators to provide access to WHOIS data to the extent allowed by applicable law, and to participate in the tiered access model. We fear registrars are going to mask their data come May. We must know that ICANN will be in a position to enforce its agreements with the Registries and Registrars consistent with applicable law.

We respectfully request that the interim model be revised so that it is not “over-compliant” with GDPR and protects data in accordance with applicable law, including an appropriate method of tiered access that will allow us to maintain the “stability and security” of the Internet.

Thank you.

Very truly yours,

Trouble viewing the survey? Click Here

————–
1 ICANN Bylaws, as amended, § 12.2(a)(x).
2 Id.
3 Id.