[RDS-WHOIS2-Safeguard] Work plan for Safeguard Registrant Data

[Volker Greimann]

Hi Alan,


> 1. Given the number of data breaches that we regularly hear about, the 
> question was raised about whether we should look into the ICANN's 
> Escrow facilities, most likely focusing on the main provider, Iron 
> Mountain. I think this is a valid point. I would propose that we first 
> talk to someone from the ICANN Global Domains Division who is 
> knowledgeable on the Escrow rules and procedures. Presumably they can 
> also provide some documentation. Following that, we should interview 
> someone from Iron Mountain so that we understand how data is 
> transferred to them, how it may be retrieved in disaster-like 
> circumstances, and how the data is protected. When Iron Mountain 
> started, I suspect the bulk of their business was transporting and 
> storing magnetic takes. Now I presume it is all online and potentially 
> vulnerable.
I agree, but we should also ask for a report from ICANN staff on the 
current status accreditation of alternative escrow providers. As far as 
I understand, multiple alternate providers have been accredited, and 
efforts are underway to make the available to contracted parties at the 
same terms.

Also, alternative options exist for for registry data escrow in the new 
TLDs.

Picking out only IM might draw negative comments.
>
> In addition to this, perhaps we might also want to talk to a sampling 
> of registrars and registries (if we can find any who are willing!). 
> Although WHOIS data is currently public, perhaps we want to ask about 
> how well it is protected from being changed or erased.
Good point.

Best,
Volker