ICANN Resolutions » Consideration of SSAC Advisory Regarding Access to Domain Name Registration Data (SAC101)

Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

Consideration of SSAC Advisory Regarding Access to Domain Name Registration Data (SAC101)


Resolution of the ICANN Board
Meeting Date: 
Dim, 23 Juin 2019
Resolution Number: 
2019.06.23.04 – 2019.06.23.06
Resolution Text: 

Whereas, the Security and Stability Advisory Committee (SSAC) published SAC101 on 14 June 2018.

Whereas, the SSAC published SAC101 version 2 on 12 December 2018 to "reflect evolving circumstances related to ICANN's Temporary Specification for gTLD Registration Data, and the ongoing Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data."

Whereas, the Security and Stability Advisory Committee (SSAC) stated in the Preface of SAC101 version 2 that "Version 1 of SAC101 has been retired and version 2 is authoritative."

Whereas, the ICANN org has evaluated the feasibility of the SSAC's advice in SAC101 version 2 and developed implementation recommendations for each advice item.

Whereas, the Board has considered in SAC101 version 2 and the ICANN org's implementation recommendations relating to this advice.

Resolved (2019.06.23.04), the Board accepts advice item one in SAC101 version 2 relating to creation and execution of a plan to accomplish four objectives identified in the advice, and directs the ICANN President and CEO, or his designee(s), to create a plan that reports on ICANN org's and the community's progress toward the four objectives identified in the advice.

Resolved (2019.06.23.05), the Board accepts advice item 2B in SAC101 version 2 relating to clarifying expectations for the use of rate-limiting under existing policy and agreements, and directs the ICANN President and CEO, or his designee(s), to work with the community to clarify existing contractual obligations relating to rate limits.

Resolved (2019.06.23.06), the Board notes advice items 2A and three through seven in SAC101 version 2 and refers them to the GNSO Council for consideration for inclusion in the EPDP Phase 2 work.

Rationale for Resolution: 

The Board is taking this action today as part of its commitment to consider advice arising out of ICANN's advisory committees. Consideration of SAC101 version 2 is appropriate at this time as many of the advice items raised are appropriate for consideration within the GNSO's ongoing EPDP Phase 2.

Some of the specific considerations guiding the Board's decision are described below.

Advice item one suggests that the ICANN Board oversee the creation and execution of a plan that accomplishes four tasks:

Domain registration data policy that includes purposes for the collection and publication of registration data.
Migration from WHOIS to RDAP.
Remaining thin registries to move to thick as per the Thick WHOIS consensus policy.
Creation of an accredited RDDS access program, with ICANN org ensuring the creation, support and oversight of the technical access mechanism.
The advice also suggests that the creation and execution of the plan is a priority for the Board, org, and community.

The Board accepts advice item one on the basis that a plan to track and report on the community's and ICANN org's progress toward the objectives listed in the advice would benefit the work of the community. In accepting advice item one, the Board notes that:

In relation to the Thick Whois policy, on 14 March 2019, the Board passed a resolution to defer contractual compliance enforcement. Due to this action, ICANN Contractual Compliance defers enforcing the following milestones until the dates listed below:
By 30 November 2019: The registry operator must begin accepting Thick Whois data from registrars for existing registrations in .COM, .NET, and .JOBS.
By 31 May 2020: All registrars must send Thick Whois data to the registry operator for all new registrations in .COM, .NET, and .JOBS.
By 30 November 2020: All registrars are required to complete the transition to Thick Whois data for all registrations in .COM, .NET, and .JOBS.
Additionally, in adopting the GNSO Council Policy Recommendations for a new Consensus Policy on gTLD Registration Data on 15 May 2019 (see Resolution 2019.05.15.09) the Board directed ICANN org to work with the Implementation Review Team to examine and transparently report on the extent to which the Recommendations will require modification of existing Consensus Policies. The Board said that, "[w]here modification of existing Consensus Policies is required, we call upon the GNSO Council to promptly initiate a PDP to review and recommend required changes to Consensus Policies."

In accepting advice item one, the Board further notes that the creation of an "accredited RDDS access program," is a topic under discussion in the EPDP Phase 2. The Board cannot dictate outcomes of PDPs. Once the EPDP delivers its final Phase 2 report, the Board will consider the policy recommendations.

Advice item 2B suggests that the Board direct ICANN org to work with the community to "clarify current expectations for the use of rate limiting under existing policy and agreements." In accepting advice item 2B, the Board notes that the community should be involved in the discussion to clarify existing contractual obligations relating to rate limits.

Advice item 2A suggests that the Board direct ICANN org to work with the community to "develop policy with clearly defined uniform purposes for RDDS rate-limiting and corresponding service level agreement requirements." As policy is developed by the community and this topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs. In taking this action, the Board also notes that in the Annex to the Temporary Specification for gTLD Registration Data, the Board asked that the topic of rate limit be discussed and resolved by the community as quickly as possible.

Advice item three suggests that the "Board and EPDP policy-makers should ensure that security practitioners and law enforcement authorities have access to domain name contact data, via RDDS, to the full extent allowed by applicable law." As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs.

Advice item four suggests that "initiation of charges for RDS access, or any significant future changes in fees for RDDS access, must include a formal assessment of user impacts and the security and stability impacts, and be conducted as part of a formal Policy Development Process (PDP)." As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs.

Advice item five reiterates Recommendation 2 from SAC061 and suggests that "The ICANN Board should ensure that a formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process. A separate security risk assessment should also be conducted regarding the implementation of the policy." The advice further suggests that "These assessments should be incorporated in PDP plans at the GNSO." As the advice suggests that the assessments be incorporated into PDP plans and the GNSO is the manager of PDPs, the Board notes and refers this advice to the GNSO Council.

Advice item six suggests that the "ICANN Board should direct the ICANN Organization to work to ensure that all methods of access to RDDS data provide an equivalent response to the same query." As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs.

Advice item seven suggests that the "ICANN Board should direct the ICANN Organization to work to ensure that RDDS access is provided in a measurable and enforceable framework, which can be understood by all parties." As this is a policy matter and the topic is in the work plan for the EPDP Phase 2, the Board notes this advice and refers to the GNSO Council as the manager of PDPs.

In considering these advice items, the Board reviewed the following materials:

SSAC101 version 2 <>
Board Resolution 2019.03.14#1.c <>
The Board's acceptance of these advice items serve the public interest and is in furtherance of ICANN's mission as it improves the security and stability of the DNS. Implementation of these advice items can be accomplished within ICANN org's existing operating plan and budget.

This is an Organizational Administrative Function Action for which no public comment was necessary.