[council] IPC Statement - Critical OPoC Implementation Questions and Issues

[Rosette, Kristina]

Further to the request made during the 15 March GNSO Council meeting and on behalf of the IPC, please find set forth below a statement identifying critical OPoC implementation questions and issues.

Kristina Rosette

-*-

The OPoC proposal leaves unanswered at least six critical questions:

(a)  On what issues is the OPoC expected to act?  "Operational issues relating to a domain name" is only minimally defined, and probably does not include many issues for which the public relies on Whois access today.  For example, today Whois provides a means to quickly identify and contact a party responsible for content on a web site to which the domain name resolves - content that may be part of the perpetration of an online fraud, or that may violate intellectual property rights.  Unless this is treated as an "operational issue related to a domain name," the presence of contact information on the OPoC is useless to the party seeking to curtail the fraud or to resolve the intellectual property infringement, and contacting the OPoC on these issues would be a fruitless gesture.

(b)  What is the OPoC supposed to do?  Its "purpose" includes "pass[ing] on data."  Is this purpose fulfilled if the OPoC simply notifies the registrant of a query and does nothing more?  If so, contacting the OPoC would not only be fruitless but often counter-productive, since it could alert an infringer or other wrongdoer of the existence of an investigation and prompt him to take evasive action.   Nothing in the OPoC proposal indicates that the OPoC is authorized to provide the querying party with the real contact information for the registrant.

(c)  How quickly must the OPoC act?  Even if a matter falls within the range of issues for which the OPoC has responsibility, and even if the OPoC responds by providing the requester with the contact data of the registrant (assuming that the OPoC is even authorized to do this), this process will inevitably be far slower and less efficient than the status quo, in which contact data is available via Whois almost instantaneously.  If the OPoC does not put the requester into direct contact with the registrant, but instead remains in the role of a go-between through whom all communication must be channeled, delay is virtually guaranteed.  Accordingly, many of the efficiencies achieved by quick contact with the registrant and prompt resolution of the matter will be lost.   

(d)  What if the OPoC fails to act or to act promptly?  The OPoC may do absolutely nothing (indeed, there is nothing to prevent a registrant from designating an OPoC who does not even know the registrant or how to contact him/her/it).  The proposal provides the requester with no recourse in this case.  The OPoC would owe no contractual duty to ICANN, either, so ICANN would appear powerless as well to do anything about an OPoC that fails to act.  The likely result would be more requests to the registrar/registry (whether through litigation or other channels) for actionable contact information to be divulged, thus increasing costs both for requesters and for registrars/registries. 

(e)  Under what circumstances would true contact information for the registrant be provided to those with a legitimate need for it?  This huge gap in the OPoC proposal has been identified, not only by active  users of the current Whois system --- from law enforcement agencies and intellectual property owners to financial institutions and major charities seeking to combat online fraud --- but also by domain name registries and some registrars, as a major unanswered question.  In short, interposing an "operational point of contact" between the Whois requester and the registrant will generally make the process of contacting the registrant slower, more difficult, and less reliable than it is today.  The benefits for all parties of quick contact and prompt resolution will be largely forfeited; more cases will have to be resolved through more formal channels, including litigation; and expense, delay  and uncertainty are likely to increase for all concerned.  

(f)  How will requesting parties make jurisdictional determinations and satisfy due process requirements?  Some proponents of OPoC have contended that parties seeking more detailed registrant information are free to do so via the applicable judicial system.  In truth, however, the absence of complete address information will make it exceedingly difficult - if not impossible - for a party seeking to obtain such information to identify in the first instance the court that would have the jurisdiction over the registrant that is required to proceed.  This will be true in every state or province that contains more than one judicial district.  Even if the party seeking such information is able to identify the correct court, the OPoC proposal - as written - would prevent the registrant from being formally served with notice of the proceeding consistent with due process requirements. The registrant name, state/province, and country information will not provide sufficient detail to permit service on the registrant and the OPoC has no current obligation to forward such service.  Even if it did, it is far from clear that service via the OPoC would satisfy due process requirements.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20070324/d9003386/attachment.html>