LISTSERV - NCSG-DISCUSS Archives

Hello NCSG and NCUC members. 

 

Thanks to everyone who was able to attend this week's briefing on ICANN's
Remote Data Request System (RDRS). 

 

After an introduction by Wisdom, Kathy provided background and was followed
by a presentation by Ms. Diana Middleton of ICANN. The session then invited
Ms. Sarah Wyld and Ms. Reg Levy, both from the registrar Tucows, to offer
their perspective. 

 

The purpose of the session was to gather facts and provide an opportunity
for members of the non-commercial community to learn about the RDRS, both
from the perspective of ICANN and the point of view of a registrar.

 

The presenters shared a lot of information about the RDRS and the processes.
I attached the slides from the ICANN presentation as well as the latest
ICANN RDRS statistics report.

 

I have put here some (not all!) of the points presented, and I encourage
anyone who attended (or reviewed the transcript) to add anything important
that would be useful to share.

*	Registration data, knowing who owns what domain name and how that
owner can be contacted, is a central component of the Internet.
*	Prior to 2018, ownership data was easily available and public. After
the EU GDPR in 2018, Ownership data became redacted. 
*	As privacy laws like the GDPR began to restrict access to the
information about owners and operators of domain names, new systems, like
the RDRS, were developed to manage the process of revealing private
information to those with a need to know it.
*	RDRS is a pilot, intended to run for 2 years so the board can gather
statistics and experience before making any further decisions about its
future.
*	The RDRS was developed to simplify the process used by interested
parties to request redacted data.
*	Demand for the system is unknown; that is the reason for the pilot.
*	Originally, a System for Standardized Access and Disclosure (SSAD)
was proposed, which included many features, but deemed too complex so the
RDRS was created instead.
*	Parties interested in redacted data must register on the system and
identify their role (law enforcement, government agencies, intellectual
property professionals, cybersecurity researchers, et al.) 
*	The system presents these registered parties with a form to describe
their interest in a specific domain name.
*	Registrars, which are the custodians of personal data) are invited
by ICANN to participate, but not all do. Participating registrars also have
access to the system and can view and are obliged to act upon requests.
*	Participating registrars review the requests and decide what to do
with them, to either comply, reject or ignore. For requests that would go to
non-participating registrars, requestors have the option of printing a pdf
of the request to send to the appropriate registrar.
*	Some registrars, like Tucows, already had a system to respond to
requests for redacted data. 
*	Each participating registrar decides how to handle requests. This
includes validating the requestor's credentials and determining whether or
not to comply with the request, taking into account their understanding of
the request and compliance with local laws. 
*	Each registrar has its own process for validating requestors, with
no input or guidance from ICANN.
*	ICANN's role is to accept the requests and tabulate the responses by
registrars.
*	ICANN knows the details the requestor placed on the form.

 

ICANN publishes a monthly report with RDRS statistics. The second report
covers from the period from inception to January 31, and is attached, but it
can also be found at:
https://www.icann.org/en/system/files/files/rdrs-usage-metrics-16feb24-en.pd
f.

 

Some interesting statistics:

*	510 requests submitted to participating registrars.
*	274 requests submitted (estimated) to non-participating registrars.
*	35.5% of requests received from requestors self-identified as IP
holders.
*	11% of requests received from requestors self-identified as law
enforcement.
*	72% of requests received were denied.
*	29% of denied requests were denied due to "Contracted party cannot
disclose the data due to applicable law" (the most of all reasons).

 

All members are invited to join a follow-up session scheduled for Monday,
February 26 at 15:00 UTC. This is intended to be an informal opportunity for
community members to discuss the information provided and to identify any
further questions to follow-up with ICANN for information that might be
useful.

 

Thanks again to all who participated with special thanks to our speakers,
Diana Middleton from ICANN and Sarah Wyld and Reg Levy from Tucows, as well
as our own Kathy Kleiman, who provided the necessary background and Wisdom
who ably acted as Master of Ceremony for the event. Also, we are grateful to
Andrea or arranging the Zoom link and keeping track of questions in the
chat. She posted the link to the recording for those interested but could
not attend.

 

Ken