[RDS-WHOIS2-RT] Subgroup 4 Compliance draft report
Volker Greimann
vgreimann at key-systems.net
Fri Jun 15 14:51:27 UTC 2018
Hi Susan,
just a few notes and points:
3.2.1.1 - Analysis, second paragraph: In my operative experience, the
main reason for the cancellation or suspension of a domain name after
receiving an inaccuracy complaint is nowhere near as nefarious as the
subgroup assumed, but rather the fact that the registrant did not
respond to the request of the registrar to either confirm or update his
data. This can be due to the contact data on file being outdated, a
reseller failing to forward the inquiry, the registrant failing to
respond (mail ignored/seen as spam/overlooked/mailbox not main
mailbox/etc) and things like that. As the RAA states unequivocally that
a non-response within a certain time and as we do not have the time and
ressources to chase after each such registrant, this usually causes:
first the deactivation, then a call from an irate customer and then the
re-instatement of the domain. Of course, many registrants do not even
notice the deactivation, for example if the domain is parked or unused.
The sad fact of the matter is that this contractual requirement causes
at least as much harm for the registrants as it does provide benefits
for those interested in more accuracy.
I hope that we can update the analysis to move out of the realm of
speculation and more into the realm of experience based evidence. And by
that, I am not disputing that there are also cases where the record was
intentionally false. But in my experience, these make up less than 10%
of the cases I see.
As for the issues following from that earlier assumption: While the
registrar has the ability to unsuspend at any time, ICANN compliance
will follow up on such cases and demand the same type of evidence they
would ask for in a case where the registrant updated his whois details.
So i am not really sure this actually is an issue...
Second issue: I am not actually sure that there are more suspensions for
abuse than for nonpayment for example. What data was used to determine
that statement that "most of them (occur) for abusive activity"? Or is
this speculation and assumptions again?
I also note that the statement that the inaccurate data is still visible
in the WHOIS is outdated since last month ;-)
Third point: This should be already taken care of by the compliance
follow-up that will follow any unsuspension.
The recommendation is problematic as this would effectively result in
domain names without any data. I would prefer the "incorrect data" to
remain in place as we do not know why the domain was suspended. Again,
suspension usually just means someone did not reply in time. Also,
suspensions can occur for a multitude of other reasons. Forcing a whois
verification for a unsuspension after a bill is paid late for example
seems unreasonable.
f) Grandfathered domains: Correction: The actual calendar date is
irrelevant to whether a domain is considered grandfathered or not.
Instead, only only relevant date is the effective date the sponsoring
registrar signed on to the 2013 RAA. So the section would have to be
reworded.
Obviously I also disagree with the conclusions drawn here, so I provide
an alternative for those as well.
Suggestion:
/40% of the WHOIS ARS domain names that are sampled for this program are
grandfathered domain names that have not yet been subjected to the
rigorous verification and validation requirements of 2013 RAA. The 2009
RAA neither required the collection and display of Registrant email
address, postal address or phone number it not the validation or
verification of the data. This applies to domain names registered prior
to the date that the sponsoring registrar signed on to the 2013 RAA that
have not since been transferred to a registrar that had at the time of
the transfer signed on to the 2013 RAA and that did not have a change of
RNH occur after such a time.
/
////
/*Analysis:*//If we assume the sample of ARS domain names of 40%
grandfathered domain names then we can extrapolate (based on wrong
assumption of what constutes a legacy domain name).///
//
/We have asked the compliance team to provide data on this statistics
but they do not track this data./
/P//roblems/Issues:/
/There are domain name registrations that currently do not comply with
the current WHOIS format requirements and/or policy requirements as they
were registered under contractual terms different to those required now
and have since then not been updated in a meaningful way. In fact, the
last registrar under the 2009 RAA is expected to switch from the 2009 to
the 2013 RAA this year. The current process foresees a smooth and
gradual transition of legacy domain names to the new requirements upon
the occurrence of certain trigger events and it is expected that the
number of such domain will gradually drop over time as they are deleted,
get transferred between registrars or the RNH data gets updated.
Further, as such domain names are usually significantly older domain
names, the likelyhood of abusive registrations amongst them is
significantly lower than for newly registered domain names. The WG
therefore currently sees no need to suggest modifications to the
transition process foreseen in the 2013 RAA./
/
/
3.2.1.3 For this section, I question the viability of this tool under
GDPR. As bulk whois inquiries are now a thing of the past, it seems
counter-intuitive to continue to provide a bulk complaint tool as the
complainant has no way of knowing if the data of multiple domains is
identical. We should discuss this point more.
3.2.1.4 Strike the last sentence in the first paragraph, or replace by:
/Potential benefits of a more proactive approach to RDS inaccuracy
should be investigate as better data quality is seen as beneficial to
internet users.
/Question: Do we have any indication about the investigative and
financial ressources such a proactive approach would require? We should
not make a recommendation that would result in an unreasonable increase
in costs of the compliance function. So the recommendation should at a
minimum also require a cost/benefit study prior to any expansion of the
compliance function into this area. ICANN is strapped for cash as it is...
Open Questions:
This actually is not an open question. Work between ICANN and registrars
on identifying a solution that meets the requirements of the RAA is
ongoing. There is no compliance issue to this until the time that such a
program becomes an actual contractual obligation.
4 Problem issues:
a) Problem, second paragrph, first sentence, replace by:
Registrars are contractually required by the 2013 Registrar
Accreditation Agreement (RAA) to conduct verification and validation
operations regarding registration data.
Recommendation #2:
I would actually support removing this recommendation entirely, as
described above. Maybe we can add something that ICANN should monitor
whether the soft transition process included in the 2013 RAA actually
works as intended, e.g. the number of such domain names is gradually
decreasing. Anyway, the statement that it has been a 5 year transition
time is blatantly false and misleading, as detailed above, but I do not
blame anyone for the misconception.
Such an undertaking as proposed would also be highly unfeasible as
especially for these older registrations as the only contact between
registrars and these customers often is their payment of the invoices.
Having to reach out proactively to these customers without any
indication of an issue will just lead to countless unjustified and
problematic suspensions and angry customers.
Recommendation #3 should be changed as described above. I also do not
get why the renewal reference is in there. Even suspended domains get
renewed after all... Also note that a "suspension for incorrect data"
may also occur under the current RAA requirements regardless of whether
the whois is actually correct or incorrect as non-response already
triggers suspension.
Recommendation 7:
I move to strike this in its entirety. This is based on so many
errouneous assumptions and will result in so much additional work for
contracted parties, it isn't even funny. I have argued this in previous
mails, so I will leave it at that. This one has to go...
Recommendation8 is missing the feasibility section, which I think is key
for this section. In itself it is a good idea, but the benefits must be
weighed against the costs.
Apologies that this went longer than I originally intended, thanks for
bearing with me,
Volker
/
/
Am 15.06.2018 um 15:18 schrieb Susan Kawaguchi:
> Hello All,
>
> I have updated the Compliance report for subgroup 4.
>
> Please see attached.
>
> Susan
>
>
> _______________________________________________
> RDS-WHOIS2-RT mailing list
> RDS-WHOIS2-RT at icann.org
> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net
Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com
Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
www.keydrive.lu
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rt/attachments/20180615/2140ccde/attachment.html>
More information about the RDS-WHOIS2-RT
mailing list