The SSAC appreciates the opportunity to provide input on the GNSO's efforts regarding domain name registration data accuracy. Although our response comes later than intended, we are grateful for your consideration.
Key Points:
Impact of Inaccurate Data:
- Usability: Hinders effective communication and identification.
- Security: Impairs law enforcement, anti-abuse efforts, and timely cybersecurity notifications.
- Operations: Disrupts domain transfers, dispute resolution, and security analysis due to incorrect metadata (e.g., create/update dates, registrar info).
- The SSAC consistently stresses the critical role of accurate data in enabling legitimate communications and mitigating abuse.
What Inaccurate Data Does Not Prevent:
- It does not stop bad actors from continuing abusive domain use.
- Harm prevention is still possible using other tools, but accurate data improves effectiveness.
Vulnerable Stakeholders:
- Law enforcement, cybersecurity firms, reputation service providers, researchers, brand protection teams, and operators of critical infrastructure (OS vendors, CAs, web/email/social platforms).
- These groups rely heavily on registration data for investigations and system protections.
Problem Statement Recommendations:
- Current Challenge: Lack of clear definitions, measurable standards, and inconsistent accuracy.
- Consequences: Weakened DNS security, delayed investigations, and ineffective abuse mitigation.
- Objective: Improve data accuracy to strengthen trust and security.
- Proposal:
- Define “accuracy” clearly.
- Justify accuracy efforts through measurable benefits.
- Address the potential commercial impacts.
- Evaluate the implications of the EU’s NIS2 directive on ICANN policies.
SSAC does not offer a formal problem statement but urges the GNSO to tackle key foundational issues including definitions, compliance mechanisms, and external regulatory impacts.
Administrative Notes:
The document reflects the consensus of the SSAC, with full transparency on contributors, disclosures, and any recusals.