[RDS-WHOIS2-RT] Subgroup 4 Compliance draft report

Mon Jun 18 14:55:52 UTC 2018

Please see my comments in red below.

On Fri, Jun 15, 2018 at 9:51 AM, Volker Greimann <vgreimann at key-systems.net>
wrote:

> Hi Susan,
>
> just a few notes and points:
>
> 3.2.1.1 - Analysis, second paragraph: In my operative experience, the main
> reason for the cancellation or suspension of a domain name after receiving
> an inaccuracy complaint is nowhere near as nefarious as the subgroup
> assumed, but rather the fact that the registrant did not respond to the
> request of the registrar to either confirm or update his data. This can be
> due to the contact data on file being outdated, a reseller failing to
> forward the inquiry, This is an issue we should review if the reseller is
> not following through which would constitute noncompliance by Registrar.  the
> registrant failing to respond (mail ignored/seen as spam/overlooked/mailbox
> not main mailbox/etc) and things like that. As the RAA states unequivocally
> that a non-response within a certain time and as we do not have the time
> and ressources to chase after each such registrant, this usually causes:
> first the deactivation, then a call from an irate customer and then the
> re-instatement of the domain. Registrants often do not understand their
> responsibilities when registering a domain name which is something more
> communication by the Registrar could alleviate.  Of course, many
> registrants do not even notice the deactivation, for example if the domain
> is parked or unused.
>
> The sad fact of the matter is that this contractual requirement causes at
> least as much harm for the registrants as it does provide benefits for
> those interested in more accuracy.   I absolutely disagree with this
> statement and would fall into category of you making an assumption, as you
> have accused me in the following paragraphs, unless you can provide hard
> data on this.
>
> I hope that we can update the analysis to move out of the realm of
> speculation did you read all the ARS reports?  and more into the realm of
> experience based evidence. My analysis is experience based but not YOUR
> experience.   The only domain names I would bother to file an inaccuracy
> report on are those that are already acting in an abusive manner.  I have
> no interest in a domain name record that is not abusive.  And by that, I
> am not disputing that there are also cases where the record was
> intentionally false. But in my experience, these make up less than 10% of
> the cases I see.  Please provide data on your 10% assumption.
> As for the issues following from that earlier assumption: While the
> registrar has the ability to unsuspend at any time, ICANN compliance will
> follow up on such cases and demand the same type of evidence they would ask
> for in a case where the registrant updated his whois details. So i am not
> really sure this actually is an issue...We should clarify with compliance
> whether this is an issue.
>
> Second issue: I am not actually sure that there are more suspensions for
> abuse than for nonpayment for example. What data was used to determine that
> statement that "most of them (occur) for abusive activity"? My personal
> experience and analysis but if a registrant never steps forward to rectify
> inaccurate data on a suspended domain name please let me know what other
> conclusions could be made. Or is this speculation and assumptions again?  I
> worked very hard on reviewing all the reports and developing a sound
> analysis so let's change the rhetoric and stop the name calling.  It is not
> fruitful or helpful.  This may be a language barrier but I take offense
> that your analysis is correct and my is speculation and assumptions.
>

 My flight is taking off so will have to finish my responses once the wifi
works.
I am very concerned that I will not be on this call so that we could have
had a reasonable dialogue.

Susan

>
> I also note that the statement that the inaccurate data is still visible
> in the WHOIS is outdated since last month ;-)
>
> Third point: This should be already taken care of by the compliance
> follow-up that will follow any unsuspension.
>
> The recommendation is problematic as this would effectively result in
> domain names without any data. I would prefer the "incorrect data" to
> remain in place as we do not know why the domain was suspended. Again,
> suspension usually just means someone did not reply in time. Also,
> suspensions can occur for a multitude of other reasons. Forcing a whois
> verification for a unsuspension after a bill is paid late for example seems
> unreasonable.
>
> f) Grandfathered domains: Correction: The actual calendar date is
> irrelevant to whether a domain is considered grandfathered or not. Instead,
> only only relevant date is the effective date the sponsoring registrar
> signed on to the 2013 RAA. So the section would have to be reworded.
> Obviously I also disagree with the conclusions drawn here, so I provide an
> alternative for those as well.
>
> Suggestion:
>
>
> *40% of the WHOIS ARS domain names that are sampled for this program are
> grandfathered domain names that have not yet been subjected to the rigorous
> verification and validation requirements of 2013 RAA. The 2009 RAA neither
> required the collection and display of Registrant email address, postal
> address or phone number it not the validation or verification of the data.
> This applies to domain names registered prior to the date that the
> sponsoring registrar signed on to the 2013 RAA that have not since been
> transferred to a registrar that had at the time of the transfer signed on
> to the 2013 RAA and that did not have a change of RNH occur after such a
> time. *
>
> *Analysis:** If we assume the sample of ARS domain names of 40%
> grandfathered domain names then we can extrapolate (based on wrong
> assumption of what constutes a legacy domain name).*
>
> *We have asked the compliance team to provide data on this statistics but
> they do not track this data.*
>
> *P**roblems/Issues:*
>
> *There are domain name registrations that currently do not comply with the
> current WHOIS format requirements and/or policy requirements as they were
> registered under contractual terms different to those required now and have
> since then not been updated in a meaningful way. In fact, the last
> registrar under the 2009 RAA is expected to switch from the 2009 to the
> 2013 RAA this year. The current process foresees a smooth and gradual
> transition of legacy domain names to the new requirements upon the
> occurrence of certain trigger events and it is expected that the number of
> such domain will gradually drop over time as they are deleted, get
> transferred between registrars or the RNH data gets updated. Further, as
> such domain names are usually significantly older domain names, the
> likelyhood of abusive registrations amongst them is significantly lower
> than for newly registered domain names. The WG therefore currently sees no
> need to suggest modifications to the transition process foreseen in the
> 2013 RAA.*
>
>
> 3.2.1.3 For this section, I question the viability of this tool under
> GDPR. As bulk whois inquiries are now a thing of the past, it seems
> counter-intuitive to continue to provide a bulk complaint tool as the
> complainant has no way of knowing if the data of multiple domains is
> identical. We should discuss this point more.
>
> 3.2.1.4 Strike the last sentence in the first paragraph, or replace by:
>
>
> *Potential benefits of a more proactive approach to RDS inaccuracy should
> be investigate as better data quality is seen as beneficial to internet
> users. *Question: Do we have any indication about the investigative and
> financial ressources such a proactive approach would require? We should not
> make a recommendation that would result in an unreasonable increase in
> costs of the compliance function. So the recommendation should at a minimum
> also require a cost/benefit study prior to any expansion of the compliance
> function into this area. ICANN is strapped for cash as it is...
>
> Open Questions:
> This actually is not an open question. Work between ICANN and registrars
> on identifying a solution that meets the requirements of the RAA is
> ongoing. There is no compliance issue to this until the time that such a
> program becomes an actual contractual obligation.
>
> 4 Problem issues:
> a) Problem, second paragrph, first sentence, replace by:
>
> Registrars are contractually required by the 2013 Registrar Accreditation
> Agreement (RAA) to conduct verification and validation operations regarding
> registration data.
>
> Recommendation #2:
> I would actually support removing this recommendation entirely, as
> described above. Maybe we can add something that ICANN should monitor
> whether the soft transition process included in the 2013 RAA actually works
> as intended, e.g. the number of such domain names is gradually decreasing.
> Anyway, the statement that it has been a 5 year transition time is
> blatantly false and misleading, as detailed above, but I do not blame
> anyone for the misconception.
> Such an undertaking as proposed would also be highly unfeasible as
> especially for these older registrations as the only contact between
> registrars and these customers often is their payment of the invoices.
> Having to reach out proactively to these customers without any indication
> of an issue will just lead to countless unjustified and problematic
> suspensions and angry customers.
>
> Recommendation #3 should be changed as described above. I also do not get
> why the renewal reference is in there. Even suspended domains get renewed
> after all... Also note that a "suspension for incorrect data" may also
> occur under the current RAA requirements regardless of whether the whois is
> actually correct or incorrect as non-response already triggers suspension.
>
> Recommendation 7:
> I move to strike this in its entirety. This is based on so many errouneous
> assumptions and will result in so much additional work for contracted
> parties, it isn't even funny. I have argued this in previous mails, so I
> will leave it at that. This one has to go...
>
> Recommendation8 is missing the feasibility section, which I think is key
> for this section. In itself it is a good idea, but the benefits must be
> weighed against the costs.
>
> Apologies that this went longer than I originally intended, thanks for
> bearing with me,
>
> Volker
>
> Am 15.06.2018 um 15:18 schrieb Susan Kawaguchi:
>
> Hello All,
>
> I have updated the Compliance report for subgroup 4.
>
> Please see attached.
>
> Susan
>
>
> _______________________________________________
> RDS-WHOIS2-RT mailing listRDS-WHOIS2-RT at icann.orghttps://mm.icann.org/mailman/listinfo/rds-whois2-rt
>
>
> --
> Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
>
> Mit freundlichen Grüßen,
>
> Volker A. Greimann
> - Rechtsabteilung -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> Geschäftsführer: Alexander Siffrin
> Handelsregister Nr.: HR B 18835 - Saarbruecken
> Umsatzsteuer ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
>
> --------------------------------------------
>
> Should you have any further questions, please do not hesitate to contact us.
>
> Best regards,
>
> Volker A. Greimann
> - legal department -
>
> Key-Systems GmbH
> Im Oberen Werk 1
> 66386 St. Ingbert
> Tel.: +49 (0) 6894 - 9396 901
> Fax.: +49 (0) 6894 - 9396 851
> Email: vgreimann at key-systems.net
>
> Web: www.key-systems.net / www.RRPproxy.netwww.domaindiscount24.com / www.BrandShelter.com
>
> Follow us on Twitter or join our fan community on Facebook and stay updated:www.facebook.com/KeySystemswww.twitter.com/key_systems
>
> CEO: Alexander Siffrin
> Registration No.: HR B 18835 - Saarbruecken
> V.A.T. ID.: DE211006534
>
> Member of the KEYDRIVE GROUPwww.keydrive.lu
>
> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
>
>
>
>
>
> _______________________________________________
> RDS-WHOIS2-RT mailing list
> RDS-WHOIS2-RT at icann.org
> https://mm.icann.org/mailman/listinfo/rds-whois2-rt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rt/attachments/20180618/a9c8e327/attachment-0001.html>