[gnso-rds-pdp-wg] Registrar Data vs RDS Data

Tue Aug 8 13:53:35 UTC 2017

All

On one of our recent calls there was some discussion around the difference between the data that a registrar would have versus which data could end up in RDS.

As I mentioned on the call registrars have access to a lot of data that is beyond anything that is required for whois or its replacements. 

As some people pointed out there would also be data that is covered by other aspects of the contracts or policies.

For example the contracts will refer to data that can be collected during a domain registration transaction:
https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en

“1.2. Registrar shall collect the following information and maintain that information for no less than one hundred and eighty (180) days following the relevant interaction:

1.2.1. Information regarding the means and source of payment reasonably necessary for the Registrar to process the Registration transaction, or a transaction number provided by a third party payment processor;

1.2.2. Log files, billing records and, to the extent collection and maintenance of such records is commercially practicable or consistent with industry-wide generally accepted standard practices within the industries in which Registrar operates, other records containing communications source and destination information, including, depending on the method of transmission and without limitation: (1) Source IP address, HTTP headers, (2) the telephone, text, or fax number; and (3) email address, Skype handle, or instant messaging identifier, associated with communications between Registrar and the registrant about the Registration; and

1.2.3. Log files and, to the extent collection and maintenance of such records is commercially practicable or consistent with industry-wide generally accepted standard practices within the industries in which Registrar operates, other records associated with the Registration containing dates, times, and time zones of communications and sessions, including initial registration.”

None of the above would be stored in whois or RDS. 

And there is a lot of other data available to registrars, depending on their business model, which is completely outside the scope of the ICANN policies and contracts, such as all the other products and services that they have bought from the registrar. 
In our case, for example, that could encompass things like domains in ccTLDs, SSL orders, hosting accounts, broadband and many other things.

Some of the more information can be used in relation to ICANN audits or compliance requests.

Other, more sensitive, information might be used in investigations by law enforcement or subject to court orders etc., 

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/ 
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845