Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN Prepared by Greg Aaron Interisle Consulting Group, LLC 31 March 2020 © 2020 Interisle Consulting Group 2 Table of Contents Executive Summary ....................................................................................................................................... 4 Introduction .................................................................................................................................................. 5 Domain Registration Services: Vital Data at the Core of ICANN’s Mission ............................................... 6 Study Questions and Methodology .............................................................................................................. 9 Table 1: Registrar Scoring ........................................................................................................................... 11 Findings ....................................................................................................................................................... 12 Recommendations ...................................................................................................................................... 14 The Real-Life Impact of WHOIS During the COVID-19 Pandemic ............................................................... 18 STUDY QUESTION: WHOIS Functionality and Compliance Status .............................................................. 20 Registrar-Provided Data: More Important Than Ever ................................................................................. 22 Hiding Contactability Data: The Left Hand and the Right Hand.............................................................. 24 It’s Not What You Ask, It’s How .............................................................................................................. 28 SLA Confusion ......................................................................................................................................... 30 RDDS Terms of Service ................................................................................................................................ 31 The Rate-Limiting Problem ......................................................................................................................... 33 Rate-Limiting at Tucows: A Case Study ................................................................................................... 33 Rate-Limiting in the RDAP Era ................................................................................................................. 35 The Long Road to RDAP .............................................................................................................................. 37 What is the Plan for Moving to RDAP? ................................................................................................... 39 WHOIS is Dead; Long Live…? ................................................................................................................... 40 STUDY QUESTION: RDAP Functionality and Compliance Status ................................................................. 41 Web-Based RDAP Interfaces Are Important ........................................................................................... 41 Missing RDAP Query and SLA Reporting Requirements ......................................................................... 44 Problems with ICANN’s RDAP Bootstrap Registries .................................................................................... 47 STUDY QUESTION: Temporary Specification Compliance .......................................................................... 52 STUDY QUESTION: Availability of Contactability Information .................................................................... 53 Registrars Make Contactability Information Hard to Find ...................................................................... 54 STUDY QUESTION: Failure of Temporary Specification Contactability Mechanisms ................................. 55 Email Delivery Problems ......................................................................................................................... 55 Contract Confusion: Contactability Info Not Present in RDAP Output ................................................... 56 Registrars Make Contactability Mechanisms Hard to Use ...................................................................... 57 Domain Name Registration Data at the Crossroads 31 March 2020 3 Registries and Registrars Mask Their Own Identities ................................................................................. 60 GDPR Compliance by Registrars .................................................................................................................. 62 Erroneous Publication of Personal Data ................................................................................................. 62 Forcing EU Registrants into Giving Up Their Privacy Rights .................................................................... 62 Selling Unnecessary Privacy Protection .................................................................................................. 64 Misstatements of Laws and ICANN Policy .............................................................................................. 64 Data Retention ........................................................................................................................................ 65 Failures of ICANN Data Accuracy Efforts .................................................................................................... 66 Part II: Registrar Evaluations ....................................................................................................................... 70 GoDaddy ..................................................................................................................................................... 71 Tucows ........................................................................................................................................................ 75 NameCheap ................................................................................................................................................. 88 Network Solutions and Register.com ......................................................................................................... 95 Alibaba Cloud Computing (Beijing) Co., Ltd .............................................................................................. 105 eNom ......................................................................................................................................................... 108 GMO Internet d/b/a Onamae.com ........................................................................................................... 112 Xin Net Technology Corporation ............................................................................................................... 116 1&1 IONOS ................................................................................................................................................ 119 PDR Ltd. ..................................................................................................................................................... 121 Google Domains ........................................................................................................................................ 125 NameSilo ................................................................................................................................................... 127 Wild West .................................................................................................................................................. 131 FastDomain / Bluehost .............................................................................................................................. 132 OVH SAS .................................................................................................................................................... 139 Key-Systems GmbH ................................................................................................................................... 142 Gandi SAS .................................................................................................................................................. 149 123-Reg Limited ........................................................................................................................................ 151 Registrar of Domain Names REG.RU LLC (REG.COM) ............................................................................... 160 OnlineNIC .................................................................................................................................................. 164 West263 International Limited ................................................................................................................. 168 NetEarth .................................................................................................................................................... 172 About Interisle Consulting Group ............................................................................................................. 175 Domain Name Registration Data at the Crossroads 31 March 2020 4 Executive Summary The Internet depends on the Domain Name System