ICANN Resolutions » Consideration of GNSO Policy Recommendations concerning the Accreditation of Privacy and Proxy Services
Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.
Board acknowldges receipt of the PDP Final Report and GNSO Council's Receommendations Report concerning the final PDP submitted by GNSO
Whereas, on 31 October 2013, the GNSO Council approved the charter for a Working Group to conduct a Policy Development Process that had been requested by the ICANN Board concerning the accreditation by ICANN of privacy and proxy domain name registration service providers, as further described at http://gnso.icann.org/en/drafts/raa-pp-charter-22oct13-en.pdf [PDF, 463 KB].
Whereas, the PDP followed the prescribed PDP steps as stated in the ICANN Bylaws, resulting in a Final Report being delivered to the GNSO Council on 8 December 2015.
Whereas, the Privacy & Proxy Services Accreditation Issues PDP Working Group (WG) reached Full Consensus on all its final recommendations (see http://gnso.icann.org/en/issues/raa/ppsai-final-07dec15-en.pdf) [PDF, 1.2 MB].
Whereas, the GNSO Council reviewed and discussed the final recommendations of the Privacy & Proxy Services Accreditation Issues PDP WG, and adopted the recommendations on 21 January 2016 by a unanimous vote (see: http://gnso.icann.org/en/council/resolutions#201601).
Whereas, the GNSO Council vote met and exceeded the required voting threshold (i.e. supermajority) to impose new obligations on ICANN contracted parties.
Whereas, in accordance with the ICANN Bylaws, a public comment period was opened on the approved recommendations to provide the community with a reasonable opportunity to comment on their adoption prior to action by the ICANN Board, and the comments received have been summarized and reported (see https://www.icann.org/en/system/files/files/report-comments-ppsai-recomm...) [PDF, 299 KB].
Whereas, the ICANN Bylaws provide that the Board is to request the GAC's opinion regarding "any policies that are being considered by the Board for adoption that substantially affect the operation of the Internet or third parties, including the imposition of any fees or charges" and "take duly into account any advice timely presented" as a result.
Whereas, the Board notified the GAC of the publication of the GNSO's final recommendations for public comment on 19 February 2016 (see https://gacweb.icann.org/download/attachments/27492514/2016-02-19-Steve-...) [PDF, 819 KB].
Whereas, in its Marrakech Communique issued on 9 March 2016 the GAC advised the ICANN Board that it needed more time to consider potential public policy concerns relating to the adoption of the final PDP recommendations, and identifying that the June 2016 ICANN56 meeting would be an appropriate opportunity to further consider these items (see https://gacweb.icann.org/download/attachments/28278854/GAC%20Morocco%205...) [PDF, 567 KB].
Resolved (2016.05.15.07), the Board thanks the GNSO for completing the Board-requested Policy Development Process (PDP) and acknowledges receipt of the PDP Final Report and the GNSO Council's Recommendations Report concerning the final PDP recommendations.
Resolved (2016.05.15.08), the Board identifies that more time is required to consider the final PDP recommendations, including time for the provision and consideration of GAC advice, if any will be provided. The Board anticipates taking further action on the recommendations at the first Board meeting following the ICANN56 Public Meeting in Helsinki, Finland.
Why is the Board addressing the issue now?
In its October 2011 initiation of negotiations with the Registrar Stakeholder Group for a new form of Registrar Accreditation Agreement (RAA), the ICANN Board also requested an Issue Report from the GNSO to start a GNSO PDP addressing remaining issues not dealt with in the RAA. In June 2013, the ICANN Board approved a new 2013 RAA, and the topic of accrediting privacy and proxy services was identified as the sole issue to be resolved through a GNSO PDP. This topic had also been noted by the Whois Review Team in its Final Report, published in May 2012, in which the Review Team had highlighted the current lack of clear and consistent rules regarding these services, resulting in unpredictable outcomes for stakeholders. The Review Team thought that appropriate oversight over such services would address stakeholder needs and concerns, and recommended that ICANN consider an accreditation system. Until the development of an accreditation program, only certain aspects of such services are covered by an interim specification to the 2013 RAA, which is due to expire on 1 January 2017 or the implementation by ICANN of an accreditation program, whichever first occurs.
The GNSO Council approved all the final recommendations from the PDP Working Group's Final Report dated 8 December 2015 at its meeting on 21 January 2016, and a Recommendations Report from the Council to the Board on the topic in February 2016. In accordance with the ICANN Bylaws, a public comment period was opened to facilitate public input on the adoption of the recommendations. The public comment period closed on 16 March 2016. As outlined in Annex A of the ICANN Bylaws, the PDP recommendations are now being forwarded to the Board for its review and action.
What is the proposal being considered?
The GNSO's policy recommendations include minimum mandatory requirements for the operation of privacy and proxy services; the maintenance of designated contact points for abuse reporting and the publication of a list of accredited providers; requirements related to the handling of requests for disclosure and/or publication of a customer's contact details by certain third party requesters; conditions regarding the disclosure and publication of such details as well as the refusal to disclose or publish; and principles governing the de-accreditation of service providers. The full list and scope of the final recommendations can be found in Annex A of the GNSO Council's Recommendations Report to the Board (see http://gnso.icann.org/en/drafts/council-board-ppsai-recommendations-09fe...) [PDF, 491 KB].
Which stakeholders or others were consulted?
As required by the GNSO's PDP Manual, the Working Group reached out to all GNSO Stakeholder Groups and Constituencies as well as other ICANN Supporting Organizations and Advisory Committees for input during the early phase of the PDP. The Working Group also held open community sessions at all the ICANN Public Meetings that occurred during the lifetime of this PDP. It also sought input on potential implementation issues from ICANN's Registrar Services and Compliance teams. Public comment periods were opened for the Preliminary Issue Report that preceded the PDP, the Working Group's Initial Report, and the GNSO Council's adoption of the Working Group's Final Report. The final recommendations as detailed in the Final Report were completed based on the Working Group's review and analysis of all the public comments and input received in response to its Initial Report.
What concerns or issues were raised by the community?
A significant number of public comments were received by the Working Group concerning the possibility that a distinction might be made between domain name registrants with domains serving non-commercial purposes and registrants who conduct online financial transactions. This had been an open question in the Working Group's Initial Report, as at the time a number of Working Group members had supported that distinction. As a result of further Working Group deliberations following review of the public comments received, the Working Group reached consensus on a recommendation that no such distinction be made for purposes of accrediting services.
Concerns had also been expressed over the need to ensure that there are adequate safeguards in place for maintaining the privacy of customer data, and that a reasonable balance is struck as between a legitimate need for access to information (e.g. by law enforcement and intellectual property rights-holders) and that of protecting privacy. Many public comments received in response to the Working Group's Initial Report also highlighted the potential dangers of disclosing private information without cause, including the threat to the physical safety of certain groups of domain name registrants and privacy/proxy customers. The Working Group's final recommendations include a number of suggested principles and policies that aim to provide more concrete guidance than exists at present for privacy and proxy services, third party requesters of customer information, and domain name registrants in relation to topics such as the handling of customer notifications, information requests and domain name transfers.
The Working Group also received several comments concerning the lack of a detailed framework for the submission and confidential handling of disclosure requests from law enforcement authorities, including from the GAC's Public Safety Working Group. In its Initial Report, the Working Group sought community input on the question as to whether and how such a framework might be developed as well as on more specific questions such as whether it should be mandatory for accredited providers to comply with express requests from law enforcement authorities in the provider's jurisdiction not to notify a customer. Based on input received, the Working Group agreed that accredited privacy and proxy service providers should comply with express law enforcement requests not to notify a customer where this is required by applicable law. Providers would be free to voluntarily adopt more stringent standards or otherwise cooperate with law enforcement authorities. As the Working Group did not receive concrete proposals on how a specific framework applicable to law enforcement requests could be developed, its Final Report contains a suggestion for certain minimum requirements that could be included if such a framework is developed in the future.
What significant materials did the Board review?
The Board reviewed the PDP Working Group's Final Report, the GNSO Council's Recommendations Report on the topic to the Board, the summary of public comments received in response to the public comment period that was opened following the GNSO Council's adoption of the recommendations contained in the Final Report, and GAC advice received on the topic.
What factors did the Board find to be significant?
The recommendations were developed following the GNSO Policy Development Process as set out in Annex A of the ICANN Bylaws and have received the unanimous support of the GNSO Council. As outlined in the ICANN Bylaws, the Council's supermajority support obligates the Board to adopt the recommendations unless, by a vote of more than two-thirds, the Board determines that the recommended policy is not in the best interests of the ICANN community or ICANN.
The Bylaws also allow for input from the GAC in relation to public policy concerns that might be raised if a proposed policy is adopted by the Board. The GAC has noted that public policy concerns might be raised in the adoption of these policy recommendations, and as such the Board is obliged to take into account any advice that the GAC may provide in a timely manner on the topic. Therefore, it is prudent for the Board to allow time for the GAC to provide that advice as indicated in its March 2016 Communiqué.
Are there positive or negative community impacts?
Developing a full accreditation program for privacy and proxy service providers will require significant resources and take a substantial period of time. Deferring adoption of the PDP recommendations will also mean that the need to extend the interim specification in the 2013 RAA beyond its current expiration date will become more urgent.
At present, there is no accreditation scheme in place for privacy and proxy services and no agreed community-developed set of best practices for the provision of such services. This PDP represents an attempt to develop a sound basis for the development and implementation of a proxy/privacy accreditation framework by ICANN. This is part of ICANN's ongoing efforts to improve the Whois system, including implementing recommendations made previously by the Whois Review Team. Implementing many of the GNSO recommendations would create a more uniform set of standards for many aspects of privacy and proxy services, including more consistent procedures for the handling, processing and determination of third party requests by accredited providers, into which reasonable safeguards to protect consumer privacy can be incorporated.
Nevertheless, as highlighted above, the implementation of all the recommendations from the PDP will be time- and resource-intensive due to the scale of the project and the fact that this will be the first time ICANN has implemented such a program for this industry sector. While the RAA may serve as a useful reference point for this program, the Working Group's Final Report acknowledged that this may not be the most appropriate model for a number of reasons.
The Working Group's Final Report also notes a few areas where additional work may be required, which could increase the community's workload in the near term. For example, the issue of privacy and proxy services in the context of domain name transfers will need to be addressed in the next review of the Inter-Registrar Transfer Policy. To the extent that the GAC provides the Board with timely advice of relevant public policy concerns and the Board accepts such advice, the development of a disclosure framework for law enforcement authorities and other third parties may also need to be considered, possibly in parallel with implementation of the overall accreditation program.
Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?
There may be fiscal impacts on ICANN associated with the creation of a new accreditation program specifically covering providers of privacy and proxy services if the PDP recommendations are adopted, regardless of whether this occurs immediately or in the future. However, as the current interim specification in the RAA applicable to such services is due to expire on 1 January 2017, consideration will need to be given to either extending its duration (e.g. to allow for implementation should the PDP recommendations be adopted) or amending and updating it in the event that the PDP recommendations are not adopted.
Are there any security, stability or resiliency issues relating to the DNS?
There are no security, stability or resiliency issues relating to the DNS that can be directly attributable to the implementation of the PDP recommendations. While the accreditation of privacy and proxy service providers is part of the overall effort at ICANN to improve the Whois system, it does not affect or change either the Whois protocol (including the rollout of the new RDAP, or Registration Data Access Protocol) or the current features of the Whois system. The Working Group made its final recommendations with the understanding that implementation of its recommendations would be done in the context of any other policy or technical changes to the Whois system, which are outside the scope of this PDP.
Is this either a defined policy process within ICANN's Supporting Organizations or ICANN's Organizational Administrative Function decision requiring public comment or not requiring public comment?
The recommendations at issue are a result of the defined GNSO Policy Development Process. No public comment is required for this deferral action.