<div dir="ltr">Please see my comments in red below. <br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 15, 2018 at 9:51 AM, Volker Greimann <span dir="ltr"><<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Susan, <br>
</p>
<p>just a few notes and points:</p>
<p>3.2.1.1 - Analysis, second paragraph: In my operative experience,
the main reason for the cancellation or suspension of a domain
name after receiving an inaccuracy complaint is nowhere near as
nefarious as the subgroup assumed, but rather the fact that the
registrant did not respond to the request of the registrar to
either confirm or update his data. This can be due to the contact
data on file being outdated, a reseller failing to forward the
inquiry,<font color="#ff0000"> This is an issue we should review if the reseller is not following through which would constitute noncompliance by Registrar. </font> the registrant failing to respond (mail ignored/seen as
spam/overlooked/mailbox not main mailbox/etc) and things like
that. As the RAA states unequivocally that a non-response within a
certain time and as we do not have the time and ressources to
chase after each such registrant, this usually causes: first the
deactivation, then a call from an irate customer and then the
re-instatement of the domain. <font color="#ff0000">Registrants often do not understand their responsibilities when registering a domain name which is something more communication by the Registrar could alleviate. </font> Of course, many registrants do not
even notice the deactivation, for example if the domain is parked
or unused.</p>
<p>The sad fact of the matter is that this contractual requirement
causes at least as much harm for the registrants as it does
provide benefits for those interested in more accuracy. <font color="#ff0000">I absolutely disagree with this statement and would fall into category of you making an assumption, as you have accused me in the following paragraphs, unless you can provide hard data on this. </font><br>
</p>
<p>I hope that we can update the analysis to move out of the realm
of speculation <font color="#ff0000">did you read all the ARS reports? </font> and more into the realm of experience based
evidence. <font color="#ff0000">My analysis is experience based but not YOUR experience. The only domain names I would bother to file an inaccuracy report on are those that are already acting in an abusive manner. I have no interest in a domain name record that is not abusive. </font>And by that, I am not disputing that there are also
cases where the record was intentionally false. But in my
experience, these make up less than 10% of the cases I see. <font color="#ff0000">Please provide data on your 10% assumption. </font><br>
</p>
As for the issues following from that earlier assumption: While the
registrar has the ability to unsuspend at any time, ICANN compliance
will follow up on such cases and demand the same type of evidence
they would ask for in a case where the registrant updated his whois
details. So i am not really sure this actually is an issue...<font color="#ff0000">We should clarify with compliance whether this is an issue. </font><br>
<br>
Second issue: I am not actually sure that there are more suspensions
for abuse than for nonpayment for example. What data was used to
determine that statement that "most of them (occur) for abusive
activity"? <font color="#ff0000">My personal experience and analysis but if a registrant never steps forward to rectify inaccurate data on a suspended domain name please let me know what other conclusions could be made. </font>Or is this speculation and assumptions again? <font color="#ff0000">I worked very hard on reviewing all the reports and developing a sound analysis so let's change the rhetoric and stop the name calling. It is not fruitful or helpful. This may be a language barrier but I take offense that your analysis is correct and my is speculation and assumptions. </font></div></blockquote><div><br></div><div> <font color="#ff0000">My flight is taking off so will have to finish my responses once the wifi works. </font></div><div><font color="#ff0000"><span style="caret-color: rgb(255, 0, 0);">I am very concerned that I will not be on this call so that we could have had a reasonable dialogue. </span></font></div><div><font color="#ff0000"><span style="caret-color: rgb(255, 0, 0);"><br></span></font></div><div><font color="#ff0000"><span style="caret-color: rgb(255, 0, 0);">Susan </span></font></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div text="#000000" bgcolor="#FFFFFF"><br>
I also note that the statement that the inaccurate data is still
visible in the WHOIS is outdated since last month ;-)<br>
<br>
Third point: This should be already taken care of by the compliance
follow-up that will follow any unsuspension.<br>
<br>
The recommendation is problematic as this would effectively result
in domain names without any data. I would prefer the "incorrect
data" to remain in place as we do not know why the domain was
suspended. Again, suspension usually just means someone did not
reply in time. Also, suspensions can occur for a multitude of other
reasons. Forcing a whois verification for a unsuspension after a
bill is paid late for example seems unreasonable.<br>
<br>
f) Grandfathered domains: Correction: The actual calendar date is
irrelevant to whether a domain is considered grandfathered or not.
Instead, only only relevant date is the effective date the
sponsoring registrar signed on to the 2013 RAA. So the section would
have to be reworded. <br>
Obviously I also disagree with the conclusions drawn here, so I
provide an alternative for those as well.<br>
<br>
Suggestion:<br>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2">40%
of the WHOIS ARS domain names that are sampled for this
program are
grandfathered domain names that have not yet been subjected
to the rigorous verification and validation requirements of
2013
RAA. The 2009 RAA neither required the collection and
display of
Registrant email address, postal address or phone number it
not the validation or verification of the data. This applies
to domain names registered prior to the date that the
sponsoring registrar signed on to the 2013 RAA that have not
since been transferred to a registrar that had at the time
of the transfer signed on to the 2013 RAA and that did not
have a change of RNH occur after such a time. <br>
</font></font></i></p>
<i>
</i><i>
</i>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2"><b>Analysis:</b></font></font></i><i><font face="Arial, serif"><font style="font-size:11pt" size="2">
If we assume the sample of ARS domain names of 40%
grandfathered
domain names then we can extrapolate (based on wrong
assumption of what constutes a legacy domain name).</font></font></i><i><font face="Arial, serif"><font style="font-size:11pt" size="2">
</font></font></i>
</p>
<i>
</i>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2">We
have asked the compliance team to provide data on this
statistics but
they do not track this data.</font></font></i></p>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2">P</font></font></i><i>roblems/Issues:</i></p>
<p style="margin-bottom:0cm;line-height:100%">
</p>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2">There
are domain name registrations that currently do not comply
with the
current WHOIS format requirements and/or policy requirements
as they were registered under contractual terms different to
those required now and have since then not been updated in a
meaningful way. In fact, the last registrar under the 2009
RAA is expected to switch from the 2009 to the 2013 RAA this
year. The current process foresees a smooth and gradual
transition of legacy domain names to the new requirements
upon the occurrence of certain trigger events and it is
expected that the number of such domain will gradually drop
over time as they are deleted, get transferred between
registrars or the RNH data gets updated. Further, as such
domain names are usually significantly older domain names, the
likelyhood of abusive registrations amongst them is
significantly lower than for newly registered domain names.
The WG therefore currently sees no need to suggest
modifications to the transition process foreseen in the 2013
RAA.</font></font></i></p>
<p style="margin-bottom:0cm;line-height:100%"><i><font face="Arial, serif"><font style="font-size:11pt" size="2"><br>
</font></font></i></p>
3.2.1.3 For this section, I question the viability of this tool
under GDPR. As bulk whois inquiries are now a thing of the past, it
seems counter-intuitive to continue to provide a bulk complaint tool
as the complainant has no way of knowing if the data of multiple
domains is identical. We should discuss this point more.<br>
<br>
3.2.1.4 Strike the last sentence in the first paragraph, or replace
by:<br>
<i>Potential benefits of a more proactive approach to RDS inaccuracy
should be investigate as better data quality is seen as beneficial
to internet users.<br>
<br>
</i>Question: Do we have any indication about the investigative and
financial ressources such a proactive approach would require? We
should not make a recommendation that would result in an
unreasonable increase in costs of the compliance function. So the
recommendation should at a minimum also require a cost/benefit study
prior to any expansion of the compliance function into this area.
ICANN is strapped for cash as it is...<br>
<br>
Open Questions:<br>
This actually is not an open question. Work between ICANN and
registrars on identifying a solution that meets the requirements of
the RAA is ongoing. There is no compliance issue to this until the
time that such a program becomes an actual contractual obligation.<br>
<br>
4 Problem issues: <br>
a) Problem, second paragrph, first sentence, replace by:<br>
<p style="margin-bottom:0cm;line-height:100%">
</p>
<p style="margin-bottom:0cm;border:none;padding:0cm;line-height:100%">
<font color="#000000"><font face="Arial, serif"><font style="font-size:11pt" size="2">Registrars
are contractually required by the 2013 Registrar
Accreditation
Agreement (RAA) to conduct verification and validation
operations regarding registration data. </font></font></font>
</p>
<br>
Recommendation #2:<br>
I would actually support removing this recommendation entirely, as
described above. Maybe we can add something that ICANN should
monitor whether the soft transition process included in the 2013 RAA
actually works as intended, e.g. the number of such domain names is
gradually decreasing. Anyway, the statement that it has been a 5
year transition time is blatantly false and misleading, as detailed
above, but I do not blame anyone for the misconception.<br>
Such an undertaking as proposed would also be highly unfeasible as
especially for these older registrations as the only contact between
registrars and these customers often is their payment of the
invoices. Having to reach out proactively to these customers without
any indication of an issue will just lead to countless unjustified
and problematic suspensions and angry customers. <br>
<br>
Recommendation #3 should be changed as described above. I also do
not get why the renewal reference is in there. Even suspended
domains get renewed after all... Also note that a "suspension for
incorrect data" may also occur under the current RAA requirements
regardless of whether the whois is actually correct or incorrect as
non-response already triggers suspension.<br>
<br>
Recommendation 7: <br>
I move to strike this in its entirety. This is based on so many
errouneous assumptions and will result in so much additional work
for contracted parties, it isn't even funny. I have argued this in
previous mails, so I will leave it at that. This one has to go...<br>
<br>
Recommendation8 is missing the feasibility section, which I think is
key for this section. In itself it is a good idea, but the benefits
must be weighed against the costs.<br>
<br>
Apologies that this went longer than I originally intended, thanks
for bearing with me,<br>
<br>
Volker<br>
<i><br>
</i>
<div class="m_-6609096448993282271moz-cite-prefix">Am 15.06.2018 um 15:18 schrieb Susan
Kawaguchi:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello All,
<div><br>
</div>
<div>I have updated the Compliance report for subgroup 4. </div>
<div><br>
</div>
<div>Please see attached. </div>
<div><br>
</div>
<div>Susan </div>
</div>
<br>
<fieldset class="m_-6609096448993282271mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
RDS-WHOIS2-RT mailing list
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="mailto:RDS-WHOIS2-RT@icann.org" target="_blank">RDS-WHOIS2-RT@icann.org</a>
<a class="m_-6609096448993282271moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/rds-whois2-rt" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/rds-whois2-rt</a>
</pre>
</blockquote>
<br>
<pre class="m_-6609096448993282271moz-signature" cols="72">--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
------------------------------<wbr>--------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>
Web: <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.key-systems.net" target="_blank">www.key-systems.net</a> / <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.RRPproxy.net" target="_blank">www.RRPproxy.net</a>
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.domaindiscount24.com" target="_blank">www.domaindiscount24.com</a> / <a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.BrandShelter.com" target="_blank">www.BrandShelter.com</a>
Follow us on Twitter or join our fan community on Facebook and stay updated:
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a>
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a>
CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP
<a class="m_-6609096448993282271moz-txt-link-abbreviated" href="http://www.keydrive.lu" target="_blank">www.keydrive.lu</a>
This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
</pre>
</div>
<br>______________________________<wbr>_________________<br>
RDS-WHOIS2-RT mailing list<br>
<a href="mailto:RDS-WHOIS2-RT@icann.org">RDS-WHOIS2-RT@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/rds-whois2-rt" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/rds-whois2-rt</a><br>
<br></blockquote></div><br></div></div>