[Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2

Michele Neylon - Blacknight michele at blacknight.com
Tue Mar 18 08:14:53 UTC 2014 

John

Why should non-response lead to any action at all? Assuming that *if* there is an initial "verification" that the user of the service had verified / validated themselves.

Keep it to "failure" or something requiring attention and maybe we can reach agreement on something, but there's no way that I'd suspend any service like this based solely on the lack of response from a user.

Don't forget - the vast majority of domain name registrants are not "experts"

Many of the registrars and hosting providers offer privacy / proxy with all domain name registrations - in some cases the option is automatically added to the shopping cart when you register the domain name. So for many registrants they may like the service, but they're probably not even fully conscious that it is an "add on".

I cannot see any upside to forcing extra levels of verification / validation on p/p users.

What I can see, however, is an unreasonable burden being placed on innocent users of p/p services and their providers (the entire chain)

Sorry I won't get to argue with you about this today, but I'll be on a plane somewhere between Dublin and Dubai :)

Regards

Michele
--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Domains
http://www.blacknight.co/
http://blog.blacknight.com/
http://www.technology.ie
Intl. +353 (0) 59  9183072
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 1 4811 763
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces at icann.org [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of John Horton
Sent: Tuesday, March 18, 2014 3:34 AM
To: Graeme Bunton
Cc: gnso-ppsai-pdp-wg at icann.org
Subject: Re: [Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2

Question, with respect to the "suspension rates being catastrophic" concerns: if, for the sake of argument, we're talking about requiring additional verification for P/P beyond what the 2013 RAA requires, a failure -- especially one based solely on non-response -- wouldn't necessarily lead to domain name suspension, would it? (Unless the failure reasonably indicates that the Whois data is actually false.) I assume that failure of any supplemental verification required by a P/P service would result in merely terminating the P/P service itself, unless the failure actually indicates that the information is falsified.

In other words:

  *   If the verification already required under the 2013 RAA fails, the Registrar may have to suspend the domain name anyway.
  *   If any verification required for P/P providers in addition to the 2013 RAA requirements fails solely due to non-response, it doesn't seem to me that the remedy would have to be (or should be) domain name suspension; rather, it would likely only be terminating the P/P service itself, revealing the domain name registration data but leaving the domain name active and pointing to content.
  *   However, if any verification required for P/P providers in addition to the 2013 RAA requirements fails as a result of the underlying information actually being falsified, then suspension may be appropriate anyway, in addition to the P/P service being withdrawn.
My apologies if I'm missing something there, but I'm not sure that it follows that there would have to be any domain name suspensions for failures to verify the supplemental information not originally required to be verified by the 2013 RAA, as described in the Whois Accuracy Program Specification.

John Horton
President, LegitScript
 [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]



Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>

On Mon, Mar 17, 2014 at 7:50 PM, Stephanie Perrin <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>> wrote:
I agree with what James and Michele have said, and I view this as extremely discriminatory and therefore highly problematic from a competition policy perspective.
Stephanie Perrin

On Mar 17, 2014, at 10:41 PM, Graeme Bunton <gbunton at tucows.com<mailto:gbunton at tucows.com>> wrote:


Agreeing with what James and Michele have stated here.
The suspension rates would be catastrophic, with no real gain over what the 2013 RAA ensures.

Graeme
On 3/17/2014 6:24 PM, James M. Bladel wrote:
Everyone, this part of Michele's post is key:

If there's a bounce or any other indication that the contact details are invalid then let the 2013 RAA standards apply - if any.


The 2013 RAA requires registrar to re-verify the contact information if the information is known to be invalid.  A bounced or undeliverable reminder email certainly qualifies.

But to take this further, and claim that non-response = invalid contact information is speculation and could have catastrophic implications.  As Michele notes, registrars work our tails off to drive these response rates in to the high single digits or low teens.

Suspending upwards of 80% of domain names would be prohibitively disruptive and I've seen nothing in this thread/PDP to justify such a radical proposal.

Thanks--

J.

Sent from my iPad

On Mar 17, 2014, at 15:13, "Michele Neylon - Blacknight" <michele at blacknight.com<mailto:michele at blacknight.com>> wrote:
I cannot agree with this.

Just because somebody does not reply to an annual email does not mean anything and expecting registrars or proxy / privacy providers to do anything extra based on a lack of response is completely unreasonable.

If there's a bounce or any other indication that the contact details are invalid then let the 2013 RAA standards apply - if any.

But expecting registrars or privacy / proxy providers to do extra validation simply because a customer hasn't responded to an annual whois data reminder simply will not fly.

We send out thousands of these reminders every year. Only a tiny percentage of our clients ever reply to them - and if their details haven't changed why on earth would they have to?

Regards

Michele

--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Domains
http://www.blacknight.co/
http://blog.blacknight.com/
http://www.technology.ie<http://www.technology.ie/>
Intl. +353 (0) 59  9183072<tel:%2B353%20%280%29%2059%C2%A0%209183072>
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090>
Fax. +353 (0) 1 4811 763<tel:%2B353%20%280%29%201%204811%20763>
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Valeriya Sherman
Sent: Monday, March 17, 2014 8:09 PM
To: Metalitz, Steven; 'Williams, Todd'; Marika Konings; gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: Re: [Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2

I, Jim Bikoff, David Heasley, and Griffin Barnett agree with Todd's assessment:

Contact information that is ultimately revealed is valuable only if it is accurate.

The validation/verification requirements should be consistent with the 2013 RAA requirements, but should go above and beyond those requirements to ensure the accuracy of contact information.

Registrars already send an annual Whois Data Reminder Policy notification to registrants, reminding them to provide accurate and up-to-date information.

Similarly, the privacy/proxy customer's contact information should be verified upon initial registration of the domain name (either by the registrar or the Privacy/Proxy Service Provider) and periodically thereafter by automated annual email re-verification notifications that require an affirmative response by the P/P customer.  Absence of a response would trigger a follow-up, reminding the privacy/proxy customer to provide accurate and up-to-date information.

Regards,

Valeriya Sherman
Silverberg, Goldman & Bikoff, L.L.P.
1101 30th Street, N.W.
Suite 120
Washington, D.C. 20007
Tel 202.944.2330<tel:202.944.2330>
Cell 303.589.7477<tel:303.589.7477>
vsherman at sgbdc.com<mailto:vsherman at law.gwu.edu>
________________________________
From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org> [gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org>] on behalf of Metalitz, Steven [met at msk.com<mailto:met at msk.com>]
Sent: Monday, March 17, 2014 6:13 AM
To: 'Williams, Todd'; Marika Konings; gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: Re: [Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2
I agree with Todd's characterization of the status of this discussion, and that the questions he highlights are still open.

Another aspect of the second question below is how the p/p service provider should handle situations in which the contact information supplied by the customer cannot be verified. In the parallel situation involving non-proxy registrations, the RAA specification calls either for suspension of the registration, or "manual verification," which is not defined. How should this apply in the p/p service scenario?

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Williams, Todd
Sent: Friday, March 14, 2014 4:53 PM
To: Marika Konings; gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: Re: [Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2

Thanks Marika.  I missed part of the call on Tuesday where this may have been discussed, but I don't see how the draft preliminary recommendation follows from the attached Word document, insofar as it concludes that p/p customer data should be validated and verified in a manner consistent with the requirements outlined in the 2013 RAA.  I thought the current posture was that the WG has basically agreed to the 2013 RAA requirements as a floor, but that there was not yet agreement on: 1) whether validation/verification requirements should go beyond the 2013 RAA; and 2) if so, how.

On the first question (2013 RAA vs. "more"), it appears that more of the responses in the attached argue for "more" than not.  That also seems to have been an open topic in our email threads (see attached).  Just to reiterate from that thread, the basic argument on the "more" side (which I agree with) is that in order to partially offset the delay that will inevitably occur when accessing p/p data, the "more" should consist of whatever reasonable validation/verification steps can be taken to increase the likelihood  that the information ultimately obtained will be accurate enough to facilitate contact.  I suppose that if we ultimately settle on a "reveal" procedure that is essentially instantaneous in certain cases (once we get to discussing "reveal" procedures), that may mitigate this concern.  But absent assurances on that point, I would think we need to address it.

On the second question: the attached appears to include multiple proposals as to what may or may not ultimately comprise the "more" (e.g., email and phone vs. or; periodic/annual re-verification vs. re-verification with information suggesting the contact information is incorrect; etc.).  Have we debated the relative merits of those?  Are some more likely to be effective than others?  I have my thoughts, but I'm curious to hear what everybody else thinks.

Thanks all.

Todd.

From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Marika Konings
Sent: Thursday, March 13, 2014 7:04 AM
To: gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: [Gnso-ppsai-pdp-wg] For your review - updated template Cat B - question 2

Dear All,

Following our call earlier this week, please find attached the updated template for Category B - question 2. To facilitate your review, I've posted below the draft preliminary recommendation in which we've aimed to capture the conversation to date taking into account the language of the Whois Accuracy Specification Program of the 2013 RAA. If you are of the view that this does not accurately capture the WG's view to date and/or have specific suggestions for changes / edits, please share those with the mailing list. Also, if there are any other issues that need to be addressed in relation to this question and/or the preliminary recommendation, please share those as well.

Best regards,

Marika

Draft Preliminary Recommendation - Category B - question 2 (Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?)

The WG recommends that proxy and privacy customer data be validated and verified in a manner consistent with the requirements outlined in Whois Accuracy Specification Program of the 2013 RAA. The WG furthermore agrees that in the cases where validation and verification of the P/P customer data was carried out by the registrar, reverification by the P/P service of the same, identical, information should not be required.

Similar to ICANN's Whois Data Reminder Policy (http://www.icann.org/en/resources/registrars/consensus-policies/wdrp), the P/P provider should be required to inform the P/P customer annually of his/her requirement to provide accurate and up to date contact information to the P/P provider. If the P/P provider has any information suggesting that the P/P customer information is incorrect (such as P/P service receiving a bounced email notification or non-delivery notification message in connection with compliance with data reminder notices or otherwise) for any P/P customer, the P/P provider must verify or re-verify, as applicable, the email address(es). If, within fifteen (15) calendar days after receiving any such information, P/P service does not receive an affirmative response from the P/P customer providing the required verification, the P/P service shall verify the applicable contact information manually.
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg


_______________________________________________

Gnso-ppsai-pdp-wg mailing list

Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg







--

_________________________

Graeme Bunton

Information Specialist

Tucows Inc.

PH: 416 535 0123 ext 1634<tel:416%20535%200123%20ext%201634>
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg


_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140318/5fa49794/attachment-0001.html>

More information about the Gnso-ppsai-pdp-wg mailing list