At the annual general meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), the board decided to continue theRegistration Data Request System (RDRS) for another two years. The RDRS will therefore remain available until the end of 2027. The time until a decision is made on a possible extension will be used to gain greater knowledge and information on the use and further development of the system. However, there is still a need for mutual understanding when processing urgent requests.
With the online-based platform for querying registration data, ICANN made an instrument available in November 2023 for an initial two-year test phase, with which authorities and individuals with a legitimate interest can obtain information on unpublished gTLD registration data via a standardised procedure. The service operates as an intermediary between those seeking information and the various registries. The advantage of this is that such a request only needs to be addressed to one central point. This is important for law enforcement authorities, for example, if they need to find out who owns a domain through which depictions of child sexual abuse are made available online. Previously necessary investigations to determine which register is responsible for the respective domain can thus be completely eliminated in the future. The extension of the term is now also to be used to involve further registers. This is an essential prerequisite for the effective use of the instrument.
However, there is still a need for further clarification regarding the time frame within which urgent requests must be processed. There are differing views on this issue between the Governmental Advisory Committee (GAC) on the one hand and the representatives of the registry services on the other. The members of the GAC agree that registry data should be made available within a few hours in order to prevent damage to life or critical infrastructure. Currently, a deadline of 24 hours is under discussion, which the GAC believes should be reduced. However, the registry services point out that they fear they will not be able to meet this requirement. Originally, they requested a deadline of up to three working days for processing such requests. However, an extension of the deadline beyond 24 hours should only be possible in very few, justified exceptions.
In order for requests for information to the platform for querying registration data to be effective, it is necessary that the stored data and information are correct. This requires a check of the data to be provided. The form and depth of this check is part of the consultations on the implementation of a process for assessing human rights implications. For legitimate reasons, it is pointed out that the publication of such personal data could put people at risk who are involved in democratic processes and procedures in authoritarian states, for example. There are also fears that high requirements for checking the reliability of the data to be provided when registering a domain could deter people from exercising their right to participate in the digital environment. Nevertheless, the accuracy of the data is a prerequisite for identifying potential offenders. Against this background, Torsten Krause pointed out at the public forum at ICANN's annual general meeting that human rights should not be prioritised against each other, but rather balanced with each other. Solutions must be found that take all legitimate concerns into account and serve the implementation of human rights.