The Challenge

There is broad agreement in the internet governance debate that the protection of privacy as well as the security and stability of cyberspace are both essential parts of any global, future-proof internet governance regime. As stewards responsible for the security and stability of over 200 gTLDs, we observe that these recognized objectives of privacy as well as security and stability may not always go hand in hand.

The WHOIS^[1] protocol is the most widely known and deployed Registration Data Directory Service (RDDS). It is being replaced by the Registration Data Access Protocol (RDAP)^[2]. In both cases, the simplest operation is the presentation of a domain name to the appropriate server, which will respond with all the contact information associated with the domain name. This contact information would typically include the name, postal address, email address, and telephone number of the owner of the domain name (the registrant) and, if present, similar details for administrative and technical contacts for the domain name.

Domain ownership information has been used by security practitioners and by law enforcement as part of a larger set of information sources to investigate alleged or actual malfeasance that involve domain names, e.g., malware, phishing, pharming, and botnets.

Major developments in data privacy and data protection regulations have contributed to a new reality as far as registration data display and storage is concerned. Perhaps the most significant change was the global adoption of the General Data Protection Regulation (GDPR) in 2018. The application of GDPR and other privacy policies has meant that previously available contact information is now PII, and as a result may no longer be made available to the public. Registries and registrars who hold this information in registration data have dramatically curtailed the information displayed publicly, often dropping an iron curtain over all registration data.

To address the requirements of GDPR with respect to gTLD practices, the ICANN Board of Directors adopted by resolution the Temporary Specification for gTLD Registration Data^[3] in May 2018. The Temporary Specification provided a single, unified interim model to ensure a common framework for gTLD operators to handle registration data, including RDDS. The Temporary Specification also directed the creation of a gTLD RDAP profile as a prerequisite to launching the RDAP service across the gTLD space. To move beyond the interim solution, a Draft Framework for a Possible Unified Access Model^[4] was created. This could serve as a possible starting point for conversations with European data protection authorities, including the European Data Protection Board.

The availability of contact information has often been important for the investigation of abusive activities. In addition to the basic task of identifying the owner of a specific domain name, it has been routinely used to identify portfolios of domain names belonging to alleged and known malefactors. With this information, when a single domain name was found to be abusive, additional potentially abusive domain names could be quickly identified and mitigation applied immediately, sometimes before the additional domains could be deployed in an abusive way. The loss of ready access to registration data may have a negative effect on the ability to detect and fight cybercrime.

The Technical Study Group on Access to Non-Public Registration Data^[5](TSG) has proposed a credential management infrastructure that allows authenticated requests for contact information. TSG01, Technical Model for Access to Non-Public Registration Data^[6], provides the technical underpinnings on how to lift the curtain on providing third parties with a legitimate purpose with access to non-public registration data. The implementation of such a model might be a step in the right direction in balancing the competing and legitimate interests of privacy and security.

Additional steps being taken by the technical community may improve both privacy and security. Several recent protocols focus on increasing the privacy of Internet users by minimizing or encrypting DNS queries and responses. For example, QNAME Minimization^[7] aims to increase the privacy of users by minimizing DNS queries to only contain the information needed to answer the immediate next question. In addition, DNS-over-TLS^[8] (DoT) and DNS-over-HTTPS^[9] (DoH) encrypt DNS queries and responses on the wire.

Balancing Privacy with Security and Stability

The DNS and the Internet depend upon a “shared faith” model. In this model, each of the parts of the Internet have an unwritten agreement to conform to open standards and interoperability in return for accessibility and reach. The discussion about the governance of the Internet and the creation of norms needs to balance the demands of privacy and human rights with the practical realities of security and stability. The usability and trustworthiness of the DNS depends upon a sustained shared faith system; if the trustworthiness declines as a result of an impaired ability to counter cybercrime or to resolve names predictably, the long-term viability of the Internet comes into question.

We believe that the IGF Berlin 2019 can provide an effective forum to deliberate over the apparently competing interests of privacy and security and stability. Both components form critical pillars in the ongoing debate over effective internet governance. The future of a trustworthy and interoperable Internet requires the reconciliation of the recognized right for the protection of user privacy with the legitimate needs of authenticated requestors of registration data to mitigate cybercrime.

^[1] Daigle, L.:WHOIS Protocol Specification. RFC 3912, DOI 10.17487/RFC3912, September 2004, https://www.rfc-editor.org/info/rfc3912

^[2] Newton, A., Ellacott, B., and N. Kong:HTTP Usage in the Registration Data Access Protocol (RDAP). RFC 7480, DOI 10.17487/RFC7480, March 2015 https://www.rfc-editor.org/info/rfc7480

^[3] https://www.icann.org/resources/pages/gtld-registration-data-specs-en

^[4] https://www.icann.org/en/system/files/files/framework-elements-unified-access-model-for-discussion-18jun18-en.pdf

^[5] Marby, G.: Technical Study Group: November 2018 https://www.icann.org/tsg

^[6] Mohan, R., et al.. TSG01: Technical Model for Access to Non-Public Registration Data: TSG01, April 2019, https://www.icann.org/en/system/files/files/technical-model-access-non-public-registration-data-30apr19-en.pdf

^[7] Bortzmeyer, S.. DNS Query Name Minimisation to Improve Privacy. RFC 7816, March 2016, https://tools.ietf.org/html/rfc7816

^[8] Hu, Z., et al.. Specification for DNS over Transport Layer Security (TLS). RFC 7858, May 2016, https://tools.ietf.org/html/rfc7858

^[9] Hoffman, P., et al.. DNS Queries over HTTPS (DoH). RFC 8484, October 2018, https://tools.ietf.org/html/rfc8484