Thanks for posting this.

I have not been following this.

When I read through the document I noted a gap:

The concept of accuracy ought to be accompanied by the concept of precision.

This is especially true when it comes to information that has an impact on privacy of individuals or businesses.

When we were doing privacy work way back in the 1970s one of the concepts, a concept seemingly absent from the SSAC statement, is that of precision reduction.

For instance, rather than publishing a person's full postal address, one could record (or publish) only the postal code rather than the detailed street address.

The level of precision required of data depends on the use to which it will be put.

(Please note that a database can contain data with greater precision than it chooses to do disclose to a given query, thus a database may contain a full home address but reveal an eroded precision form of that data to those who can't demonstrate a need to know anything of a greater precision.)

Some of our databases way back then simply did not collect data beyond the needed precision.  Others would disclose/publish data and erode the precision if the collecting-user did not have a demonstrated (and guaranteed-constrained) use for greater levels of precision.

We did a lot of work on this kind of thing back in the first half of the 1970s.

One of the most useful work-products from back then was this:

"Records, Computers and the Rights of Citizens: Report of the HEW Advisory Committee on Automated Personal Data Systems"

https://epic.org/documents/hew1973report/

    --karl--

Dear all,

The SSAC appreciates the opportunity to provide input on the GNSO's efforts regarding domain name registration data accuracy. Although our response comes later than intended, we are grateful for your consideration.

Key Points:

Impact of Inaccurate Data:

• Usability: Hinders effective communication and identification.
• Security: Impairs law enforcement, anti-abuse efforts, and timely cybersecurity notifications.
• Operations: Disrupts domain transfers, dispute resolution, and security analysis due to incorrect metadata (e.g., create/update dates, registrar info).
• The SSAC consistently stresses the critical role of accurate data in enabling legitimate communications and mitigating abuse.

What Inaccurate Data Does Not Prevent:

• It does not stop bad actors from continuing abusive domain use.
• Harm prevention is still possible using other tools, but accurate data improves effectiveness.

Vulnerable Stakeholders:

• Law enforcement, cybersecurity firms, reputation service providers, researchers, brand protection teams, and operators of critical infrastructure (OS vendors, CAs, web/email/social platforms).
• These groups rely heavily on registration data for investigations and system protections.

Problem Statement Recommendations:

• Current Challenge: Lack of clear definitions, measurable standards, and inconsistent accuracy.
• Consequences: Weakened DNS security, delayed investigations, and ineffective abuse mitigation.
• Objective: Improve data accuracy to strengthen trust and security.
• Proposal:

• Define “accuracy” clearly.
• Justify accuracy efforts through measurable benefits.
• Address the potential commercial impacts.
• Evaluate the implications of the EU’s NIS2 directive on ICANN policies.

SSAC does not offer a formal problem statement but urges the GNSO to tackle key foundational issues including definitions, compliance mechanisms, and external regulatory impacts.

Administrative Notes:

The document reflects the consensus of the SSAC, with full transparency on contributors, disclosures, and any recusals.

Link: https://itp.cdn.icann.org/en/files/security-and-stability-advisory-committee-ssac-reports/sac-129-07-07-2025-en.pdf

Best,

Matthias

__________________________
Ing. Mag. Matthias M. Hudobnik

FIP, CIPP/E, CIPT, DPO, CIS LA

matthias@hudobnik.at

http://www.hudobnik.at

@mhudobnik

_______________________________________________
At-Large mailing list -- at-large@icann.org
To unsubscribe send an email to at-large-leave@icann.org

At-Large Official Site: http://atlarge.icann.org
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.