The Registration Data Request Service (RDRS), launched by the Internet Corporation for Assigned Names and Numbers (ICANN) in November 2023, aims to simplify requests for nonpublic registration data related to generic top-level domains (gTLDs) in response to the Whois system essentially going dark in 2018 in response to the official launch of the European Union’s General Data Protection Regulation (GDPR).
The RDRS was developed within the ICANN community as a compromise and proof-of-concept test to inform policy decisions related to whether or not to move forward with the community recommended System for Standardized Access/Disclosure (SSAD). As a proof-of-concept initiative, the RDRS has exhibited both successes and challenges for those seeking access to domain registrant data.
Successes:
- Standardization and Consistency:
After the implementation of GDPR and before the launch of RDRS, the process for submitting requests for access to non-public registrant data to domain name registrars was ad hoc and was at the full discretion of the domain registrar, creating an environment of inconsistencies. The RDRS is intended to provide a more consistent and standardized format for handling requests to access nonpublic registration data. The hope is that RDRS creates a streamlined process that ensures uniformity for requestors as well as for participating registrars. By centralizing requests through a single platform, the RDRS eliminates the aforementioned ad hoc approach and simplifies interactions between requestors and ICANN-accredited registrars.
- Monthly Usage Metrics Reports:
As a proof-of-concept initiative, it is important to track usage metrics and ICANN is doing so and is publishing monthly usage metric reports, providing system usage and demand data as requested by the Generic Names Supporting Organization (GNSO) Council. The purpose of these reports is to ultimately inform the ICANN community with respect to policy decisions related to the future of the community’s initially recommended SSAD system.
Challenges:
- Lack of Registrar Participation:
One of the biggest challenges or shortcomings of the RDRS system is that registrar participation is voluntary. With over 2,400 ICANN accredited registrars worldwide, only 86 registrars are participating in the RDRS system. Collectively, the participating registrars manage 57% of the total number of domain name names under management for generic top-level domains. Relatedly, the RDRS does not presently include ccTLDs (country-code top-level domains)
- Lack of Good Faith Participation:
While acknowledging the liability issues at stake for domain name registrars under GDRP for violations of the regulation, GDRP is not a global regulation and thus it does not justify blanket application of a blackout of domain registrant data. Because registrars have almost universally applied privacy settings across all of the domain name registrations under their management, regardless of the geographic location of the registrant or the registrar, it is virtually impossible for requestors to put forth complete cogent arguments to allow the receiving registrar to conduct a good faith balancing test analysis because requestors cannot identify a city/state/country, where a registrant is located, which, this information by itself is hardly even worthy of being considered privacy violation because this information alone makes it impossible to identify the underlying registrant; but it would give requestors insight into which legal standards potentially apply and would allow requestors to make the correct arguments when submitting requests. Under the current system and limitations, it feels like requestors are being asked to submit requests blindfolded and with one arm tied behind their backs after being spun around three times.
- Data Disclosure:
While the RDRS streamlines the request process, it does not guarantee access to registration data. While there may be legitimate reasons for denying a request, as discussed above, requestors are being put at a disadvantage with respect to being able to submit cogent requests for consideration and thus when faced with seemingly canned auto-rejection responses, it would appear to requestors that certain participating registrars are intentionally trying to undermine faith in the system so as to ultimately kill future work towards implementing the community recommended SSAD system by killing requestors’ appetites for participating in the RDRS test pilot program and because RDRS is intended as a proof-of-concept initiative, participation is of critical importance.
- Varied Response Rates:
Registrars’ response rates to RDRS requests have been inconsistent. Ensuring timely and uniform responses from registrars is essential for meeting user expectations.
Enhancements/Resolutions:
Improving the Registration Data Request Service (RDRS) is essential for its long-term effectiveness. Here are some recommendations for ICANN to enhance the system:
- Registrar Disclosure Guidelines
One of the single most important enhancement to the RDRS system would be registrars providing a published list of their request review guidelines. Doing so would help educate the requestors and improve the quality of the submitted requests, which will in turn benefit the registrars by streamlining their review times.
- Greater Registrar Participation
Relatedly, as a proof-of-concept initiative for providing a viable data request system moving forward, the system only benefits from greater registrar participation. Without greater registrar participation the proof-of-concept process is missing out on valuable additional input from those registrars on how best to operate the system.
- Standardized Response Times:
ICANN should establish guidelines for registrars regarding response times to RDRS requests. Ensuring timely and consistent responses will enhance user satisfaction. Consider implementing automated notifications or reminders to registrars to prompt timely action. Furthermore, if registrars provide the public with information regarding the registrar’s review process and guidelines, the requestors can prepare better requests which would assist registrars with respect to adhering to a standardized response timeline.
- Enhanced Usability:
ICANN should invest in improving the user experience within the RDRS platform. Simplifying navigation, providing clear instructions, and ensuring an intuitive interface will encourage more users to utilize the service effectively.
- Education and Awareness:
Conduct regular awareness campaigns to educate registrars, requestors, and the broader community about the RDRS. Many users may not be aware of its existence or how it works.
Highlight the benefits of using the RDRS and emphasize its role in balancing privacy protection with legitimate access to registration data.
- Transparency and Accountability:
Publish aggregated data on response rates, successful requests, and any challenges faced by requestors. Transparency will foster trust in the system.
Regularly review and assess the RDRS’s performance, seeking input from stakeholders, and making necessary adjustments.
- Feedback Mechanism:
Create a feedback loop where users can provide input on their experiences with the RDRS. This will help identify pain points and areas for improvement.
Actively incorporate user feedback into system enhancements.
Remember that the RDRS is a dynamic system, and continuous evaluation and adaptation are crucial for its success. By addressing these aspects, ICANN can enhance the RDRS’s effectiveness and contribute to a more transparent and secure domain registration ecosystem.
Conclusion:
While this is in no means a comprehensive list of the success and difficulties users of the RDRS system are currently experiencing, it sheds light on the current situation and the challenges faced with making progress towards a standardized access to nonpublic gTLD registration data. As ICANN continues to refine the system, I would encourage any and all parties who have legitimate purposes for needing access to the non-public registrant data, for example, law enforcement agencies, intellectual property attorneys, brand owners, consumer protection groups, to continue to utilize the system if you are currently doing so and, if not, to begin participating so that the dark days of a complete lack of access to non-public registrant data begin to abate and the clouds dissipate and some ray of light is shed on the matter.