WHOIS Review - update from Domain Name Commission Ltd Chair

This post is by David Farrar, chairperson of the Board for Domain Name Commission Ltd.

As the third round of consultation on the WHOIS policy has concluded, I thought members and stakeholders would be interested in an update from me as DNCL Chair.  An update from the office has also been published at https://dnc.org.nz/whoisupdate

I’d like to thank the 65 people and organisations who took the time to make a submission on the third consultation paper.

I was pleased with how the first two rounds went, receiving over 50 submissions (previous consultations on WHOIS had less than five submissions). A concerted outreach effort was made with several thousand e-mails and letters to organisations and individuals who might be interested. Also three public meetings and an online meeting were held to allow interested persons to have their say.

The submissions in the second round convinced the Board that the status quo for WHOIS was no longer the best policy, and that individuals who had good reasons for wanting to not have some or all of their contact details published should be able to do so. Hence we proposed a significant change in WHOIS policy to allow a “privacy option” for individuals who are registrants.

Our third consultation paper was designed to get feedback on a possible process for this privacy option. There has been criticism of the paper by various people, and with the benefit of hindsight we recognise that the paper could have been better in a number of ways, including:

  • Explicitly recognising the submissions made, and that we agreed with submitters who wanted to be able to not have their contact details published in the WHOIS due to fears of harassment etc
  • Having a more empathetic tone to the paper, rather than a regulatory tone
  • Talking about “proof” being needed without much detail, causing worry with some people they would need to provide sensitive information and details
  • Not explaining in more detail the harms we believe could be caused by those who might seek to hide their contact details so they can more easily do harm to others

I regret that the paper was not as good as it could have been.

In late June the board considered the 65 submissions on the third consultation period. Grouping them together, there were 10 distinct policy options proposed – ranging from the status quo of all contact data must be published with no exceptions, to the other end of no data on any registrant should be published.

DNCL is keen to continue consultation with the local Internet community on the best policy for .nz which balances up privacy and accountability. The policy challenge is that there are some people who want to “hide” their WHOIS contact details for good reasons (fear of harassment, safety, abuse etc) and there are some who want to “hide” their contact details for bad reasons (phishers, scammers, abusing individuals, doxing people, spammers etc). What we ideally want to achieve is a policy or process that makes it easy for those with good reasons to “withhold” their details but not so easy for those with bad reasons to “hide” their details.

So far the DNCL board has only made three in principle decisions on the .nz WHOIS. They are:

  1. That the status quo of all registrant contact details being published with no exceptions should not continue
  2. That the registry should continue to collect registrant data, with the issue being whether it is published, rather than collected
  3. That we do not envisage a situation where absolutely no Registrant information at all is displayed on a WHOIS record

This leaves a wide latitude of policy options which range from only publishing names and e-mail addresses, to allowing registrants to easily opt out of providing an address.

DNCL is open minded on what policy is best for .nz. We plan to launch a fourth consultation round after our August board meeting where the community will be able to have their say on a wide range of policy options.

David Farrar
DNCL Board