Dear Team,
We received on Monday a clarifying question from our Registrar colleagues, asking for a confirmation that the new design offering to forward entire requests via encrypted emails
to willing Registrars, would not imply unacceptably demanding T&C.
As this involved ICANN Legal and fearing it might take time to answer, I requested for the question to be forwarded immediately.
Please find below, ICANN org’s answer. I hope our Registrar colleagues will find this answer satisfactory.
Please remember to send any further clarifying no later than tomorrow Wednesday 2 November COB.
Kindly,
Sebastien Ducos
GoDaddy Registry | Senior Client Services Manager
![]()
+33612284445
France & Australia
From:
Yuko Yokoyama <yuko.yokoyama@icann.org>
Date: Tuesday, 1 November 2022 at 8:48 pm
To: Sebastien Ducos <Sebastien@registry.godaddy>
Cc: Marika Konings <marika.konings@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>
Subject: WHOIS Disclosure System NSp T&C question
Caution:
This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious
emails to isitbad@.
Dear Sebastien,
Thank you for your follow-up question about a potential requirement for registrars to agree to additional indemnification terms toward ICANN if the WHOIS Disclosure System is implemented.
In ICANN org’s 5 October response to the Small Team, we noted that “If the Small Team would confirm that sending the completed Data Request Form to the registrar managing the domain
name subject to the request is necessary, including personal data of the requestor and third party(it’s), ICANN org is willing to consider this request, on the common understanding that the registrar will accept all risks related to sending personal and confidential
data via a less secure transmission mode and deviate from the original design which was built in accordance with the principles of privacy and security by design.”
This response concerned the specific proposal at issue, which significantly deviated from the approach proposed in the design paper: that the contents of a request would be transmitted
by the system to the registrar by simple (unencrypted) email. As we’ve discussed, ICANN org does not believe that this method for communicating request data to the registrars is suitable from a data protection and security perspective.
The discussion has since evolved, to focus on the possibility of sending request data to registrars via encrypted email, provided an adequate encryption key management process is designed.
In ICANN org’s view, this approach would mitigate the risks associated with sending personal data and confidential information via unencrypted emails, in line with the principles of privacy and security by design.
Based on the current design under discussion, ICANN org does not anticipate a need to require additional indemnification and liability terms specifically related to sending request
data to registrars via encrypted email.
We hope that this information is helpful. Please let us know if you have further questions or issues you would like to discuss.
Thank you,
Yuko Yokoyama
Program Director
Strategic Initiatives, Global Domains & Strategy
Internet Corporation for Assigned Names and Numbers (ICANN)
Direct Line: +1 310 578 8693
Mobile: +1 310 745 1517
E-mail: yuko.yokoyama@icann.org