[council] Response from GoDaddy regarding action taken with respect to a .org domain name

Mon Feb 19 03:29:13 UTC 2007

Hello Bruce and all,

I wish to acknowledge the right of reply given to Go Daddy on this
list, and say that that was not the intent of the author of the
initial message that was forwarded to this list (on the request of
the NCUC chair, not the author.) Rather, the author wanted the
constituency to discuss the broader policy issues that could be
considered based on the experience of that specific case, and then if
relevant, raise them with the Council.

I am pasting below a public exchange (on NCUC list) I had with Harold
Feld in that regard, after forwarding your message with GoDaddy's
response to the constituency. Though the name of the registrar is
mentioned, please understand the spirit of this exchange as being
concerned with broadly applicable policy measures.

[> Mawaki]
> 1) If we want to go further on this, and I do think it is a
relevant
> to do so, I would advise that we also request the "plaintiff" to
> explain and document how end users credentials of another network
end
> up being disclosed on their web servers and pages, and based on
their
> policy provisions what actions they have or should have taken
against
> the person/service responsible of such misuse. Why nothing has been
> done in that regard, and contact has not been made with MySpace to
> inform them of whatever steps were taken to resolve that issue. As
an
> end user, I wouldn't like to see my identity credentials in a
network
> service that I use be disclosed by any organization be it an NCUC
> member.

[Harold]
I am concerned less with the specifics of this case then with the  
process generally.  While it is useful to receive full information on

this particular incident, I believe it more important to focus on the

general concern that this leaves far too much power in the hands of  
registrars.  Even if Go Daddy behaved entirely correctly, the next  
registrar may not.

I would also very much like to know how Go Daddy determined what harm

would result from elimination of the name.  How did Go Daddy satisfy 

itself that it's actions would not have caused significant harm to  
innocent parties?  Or did it really believe that the potential harm
of  
the released information was so great that it justified immediate  
action regardless.  And, if this is the case, what procedures did it 

have in place to restore service to innocent third parties.

> 2) ICANN has responsibility to do something there, while it should
> avoid micro-regulation and micro-management. At least because all
> this industry is highly geographically distributed, and there is a
> void in many countries to that effect (the former explaining the
> latter, maybe.) As for issues such as the grace period, etc. ICANN
> could have a safeguard policy that would require a minimum of
notice
> to be given and steps to be taken before any drastic measure such
as
> shutting down a website. If necessary, provision could be made for
> the principle of subsidiarity wherever there might be conflict with
> national regulations.

Indeed, what the appropriate steps are is another conversation.  It  
may simply be enough to put registrars on notice that such behavior  
will arouse regulatory scrutiny.  It may be worthwhile to make a  
formal request, either by the NCUC to the Registrar Constituency or  
requesting that the GNSO make such a request, that the Registrar  
community adopt a "best practices" document.  Or some form of  
enforcement action via the ICANN process to prevent a name deletion  
may be necessary.

Like Sitefinder, the question is not merely "what was the right thing

to do here," but "what is the process for ensuring that the right  
result happens consistently in the future."  This need not take the  
form of regulation (although that might ultimately prove necessary). 

But it seems to me that it warrants rather more than "how do you even

suspect a registrar might act inappropriately."

Best regards,

Mawaki

--- Bruce Tonkin <Bruce.Tonkin at melbourneit.com.au> wrote:

> Hello All,
> 
> Earlier this week there was a posting about a specific case of
> action taken by a registrar over a domain name.  I don't think the
> Council list is the appropriate place for discussing specific
> disputes, but rather the list should be used to highlight general
> issues that apply to multiple situations which may require policy
> action.
> 
> Given that there is a public posting on this list, I gave the
> Registrar, GoDaddy, the right of reply.
> 
> See below.
> 
> Regards,
> Bruce Tonkin
> 
> 
> -----Original Message-----
> From: Tim Ruiz, Vice President, Corporate Development & Policy,
> GoDaddy
> 
> 
> We believe, under the circumstances, that we took the appropriate
> action. This was not about "a controversial speaker" or freedom of
> speech. This was about inappropriately acquired MySpace credentials
> being made public. The posted credentials exposed tens of
> thousands,
> many no doubt minors, to potential harm. The site publisher could
> not
> be reached and we took the appropriate action as allowed under our
> Registration Agreement and Terms of Service. We stand behind our
> actions.
>  
> The author of this note, and the NCUC chair that decided to forward
> it
> to the Council list, have indicted us in the very same manner they
> are
> accusing us of. They have not even attempted to contact us for an
> explanation, and have ignored our own response to the CNET News.com
> article. In fairness, we ask that the Council also consider our
> response, as well as the responses of others who have taken a
> different
> view of our actions.
> 
> 
> GoDaddy Response:
>
http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232062&start=-1
> 
> 
> As awful as this article describes GoDaddy...:
>
http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232289&start=-1
> 
> 
> Im sick...:
>
http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232213&start=-1
> 
> 
> Am I in the Twilight zone here???:
>
http://news.com.com/5208-1025_3-0.html?forumID=1&threadID=24518&messageID=232031&start=-1
> (This response is apparently from a MySpace user as indicated from
> a
> post on her blog, linked to in the above response.)
> 
> 
> Tim Ruiz
> Vice President
> Corporate Development & Policy
> GoDaddy.com
> ---------------------------------------------------------
> 
> -----Original Message-----
> From: owner-council at gnso.icann.org
> [mailto:owner-council at gnso.icann.org]
> On Behalf Of GNSO.SECRETARIAT at GNSO.ICANN.ORG
> Sent: Monday, 29 January 2007 7:35 PM
> To: 'Council GNSO'
> Subject: [council] [Fwd: [Fwd: [NCUC-DISCUSS] Recent Actions By Go
> Daddy]]
> 
> The Chair of the NCUC has asked that the mail below be circulated
> on the
> 
> Council list.
> 
> Thank you.
> Glen
> 
> 
> -------- Original Message --------
> Subject: [NCUC-DISCUSS] Recent Actions By Go Daddy
> Date: Fri, 26 Jan 2007 10:53:30 -0500
> 
> 
> I would like to draw attention to the recent actions of the Go
> Daddy
> registrar in its decision to pull a .org domain name at the request
> of
> social networking site myspace.com because a third party had placed
> on
> the site a list of passwords and accounts of myspace users.
> http://news.com.com/2100-1025_3-6153607.html
> 
> This strikes me as a serious abuse of power by a registrar, and
> should
> alarm the users of this constituency.  If registrars can exercise
> such
> unrestrained authority over registrants, then no controversial
> speaker
> is safe.
> 
> If there is not already a procedure for addressing this, I would
> strongly urge this constituency to take appropriate action.
> 
> Harold Feld
> 
> 
> 
> -- 
> Carlos A. Afonso
> diretor de planejamento
> Rits - Rede de Informaï¿½ï¿½es para o Terceiro Setor
> ***************************************************************
> Projeto Sacix - Apoio tï¿½cnico a iniciativas de inclusï¿½o digital
> com software livre, mantido pela Rits em colaboraï¿½ï¿½o com o
> Coletivo Digital. Para mais informaï¿½ï¿½es:
> www.sacix.org.br   www.rits.org.br   www.coletivodigital.org.br
> ***************************************************************
> 
> 
> -- 
> Glen de Saint Gï¿½ry
> GNSO Secretariat - ICANN
> gnso.secretariat[at]gnso.icann.org
> http://gnso.icann.org 
> 
> 
> 