Dear Mikey:

As Stephanie notes, the EWG plans to issue its final report at (before?)  ICANN London in June.   At that point the community will find out exactly what the EWG proposes, with hopefully a full explanation of why.  Then the GNSO, the Board, and the community will need to decide whether the EWG’s proposals are good ones or not.   I assume that there will be a formal public comment period for the EWG’s final report; the GNSO should confirm that in Singapore.  I’m an expert on WHOIS, and I found the EWG’s interim report to be so impenetrable that it resisted interim comment (sorry, Stephanie!).

When the EWG was formed, ICANN said “The working group's results will feed into the GNSO's bottom-up, policy development process where all community interests will be encouraged to participate in the decision-making.”  If I have any personal advice for the GNSO, it is not to accept any fait accomplis.  The EWG is to propose policies, and I suggest that those proposals shouldn’t be allowed to take on a life of their own and be considered done deals or the only alternatives.  Part of the process should be a careful exploration of the implications and impacts of the proposed policies, and what alternative proposals may be proposed.  The EWG is doing some due diligence, but it has to finish its work soon and the GNSO will need to assume responsibility for further diligence and studies.

Where are things with establishing a registration data policy?  That is an interesting question.  The EWG’s initial report did not do a good job IMHO at proposing policies.  Here’s how SSAC061 put the problem; I think it is worth reiterating:

“The EWG, in parallel to proposing a new model for the purpose of registration data,  discussed several ‘system designs’ for access to the data and proposed one model, calling  for a centralized registration data repository. That approach poses a quandary: policies are expressions of goals and should articulate the problems the community designed them  to solve. Until proposed registration data policies and their justifications are stated clearly, it is not possible to comment definitively on their security and stability  consequences. And until the community accepts the policies, it is difficult to discuss  whether proposed delivery options will satisfy the goals in a suitably secure and stable  manner.…

Improving and ensuring security and stability require balancing risks, benefits, and costs.  While it is understood that the EWG Initial Report is a first attempt by the EWG to  address these issues, the SSAC does not believe adequate explanations of the perceived  benefits, risks, or costs, or how they were balanced has been provided. The EWG Initial  Report describes some proposed solutions but does not always discuss why those  solutions are justified. Instead, the report focuses on a specific outcome: a specific system  with many features. The EWG Initial Report did not state what alternatives it considered  and rejected and did not indicate the EWG’s methodology for developing its recommendations. Some of the items in the EWG’s list of “Desired Features and Design  Principles” (pages 20-27) may be seen within the community as new policies, and some are feature requests and implementation choices that may be only some of the possible  ways to execute on the policies. If the ICANN community does not accept some of the  proposed policies, the features and implementation choices will necessarily change. 

The SSAC believes a centralized meta-registry (e.g., the ARDS) is not the only solution  to problems stated by the WHOIS Review Team, and it is unclear whether that specific  solution will create net improvements when weighed against the risks. “

http://www.icann.org/en/groups/ssac/documents/sac-061-en.pdf

I personally will read that EWG final report to see if the EWG proposes a coherent set of WHOIS policies and under what basis the EWG justifies them.   Based on the EWG’s November interim report and its response to the initial public comments, the EWG apparently believes that the centralized model (ARDS) is the way to go.  I personally believe that that idea should receive robust debate and due diligence.

Among other things, SSAC recommended that a risk assessment be carried out.  “The EWG agrees that risk/impact assessment should be conducted” (https://www.icann.org/en/groups/other/gtld-directory-services/summary-response-initial-12nov13-en.pdf), but AFAIK that risk assessment has not yet been planned because we first need to see what the EWG final report says.  And then see above -- the scope of any risk assessments may be dependent on what the GNSO thinks.  For example, if it is determined that the centralized ARDS idea is a non-starter for overriding policy or legal reasons, then why would anyone do a risk assessment of its implementation?  In any case, I suggest the GSNO track and help direct the creation of risk assessments at the appropriate points.

In the meantime, ICANN has issued an RFI on behalf of the EWG: "to identify any organizations capable of accrediting users of the new [centralized] Registration Directory Service (RDS) now under consideration to replace the current WHOIS system....With this Request for Information, the EWG seeks to solicit responses from organizations that currently issue system access credentials to authorized members of their own community, using defined acceptance criteria...The purpose of this RFI is purely informational – that is, to inform the development of policies and procedures that may follow the EWG's Final Report. As a result, potential Respondents responding to any future RFP for the EWG Project will not be bound by the estimates, prices, or other information provided in response to this RFI."

https://www.icann.org/en/news/announcements/announcement-2-10feb14-en.htm

So that’s an interesting thing. 

All best,

--Greg