[GNSO-Accuracy-ST] Notes and action items: RDA Small Team Meeting - 14 April 2022

Caitlin Tubergen caitlin.tubergen at icann.org
Thu Apr 14 21:53:16 UTC 2022 

Dear RDA Scoping Team Members,

Please find below the notes and action items from today’s Small Team Meeting, where the Small Team discussed Proposal A (registrar survey) in more depth.

Best regards,

Marika, Berry, and Caitlin
--

Action Items<https://community.icann.org/pages/viewpage.action?pageId=176622913>

1. Michael P. to provide a written update to the list, informing the Scoping Team of the latest update from ICANN org re: specific accuracy scenarios.

2. Small Team to review the proposed answers from Sarah W. and provide additional feedback and suggestions re: the answers to the questions and proposed questions for the survey (Proposal A). (https://docs.google.com/document/d/1sScP8MwgDCg4yvFNAYwQVql7DQob60vX/edit?pli=1)

3. Small Team to review the questions and proposed answers for Proposal E and provide additional feedback by Wednesday, 20 April - to be discussed during the Small Team's next meeting on Thursday, 21 April. (https://docs.google.com/document/d/1sScP8MwgDCg4yvFNAYwQVql7DQob60vX/edit?pli=1)

RDA Scoping Team Meeting – Small Team Gap Analysis Proposals Meeting
14 April 2021


Discussion of Gap Analysis Proposals A & E


  *   RrSG reps have provided homework on proposals A and E
  *   Support Staff tried to identify specific questions to help guide the discussion – if anything is missing, please feel welcome to raise it during the call or add it to the Google doc

Proposal A (Survey to Registrars)

  *   Insight into which aspects would assist the Scoping Team in addressing its assignments, recognizing that information provided through a survey may only provide a partial picture?
     *   Rates of verified vs. unverified domains will help show a snapshot of the current amount of domains in each group. It is important to remember that because registration and verification of domains happens constantly the rates will change.
     *   Some Contracted Parties track validation/verification status in relation to a contact set, rather than a specific domain name. This is in alignment with the ICANN Whois Accuracy Program Specification (§3, Registrar is not required to perform the above validation and verification procedures in Section 1(a) through 1(f) above, if Registrar has already successfully completed the validation and verification procedures on the identical contact information and is not in possession of facts or knowledge of circumstances that suggest that the information is no longer valid.). This may affect the ability to report on rates of validated/verified domain names.
  *   A contact is verified, not a domain name. A contact can be shared b/w multiple domain names or multiple accounts. Important to word this correctly.
  *   The validation presumably counts for as many accounts as it was used to satisfy the accuracy spec – the intent of this question is to have 200MM domains, and 150MM are verified and 50MM are not. There are other questions associated with this. Have never had my contact info verified using the methodology used in the spec – there may be other questions or were other methods used to provide this verification prior to 2013.
  *   One interesting point: the role the reseller plays in the ecosystem. What could be helpful: is this verification done by the registrar, or is this outsourced to the reseller? This could be something that could be helpful, particularly for registrars operating under the reseller model.
  *   With respect to names registered prior to 2013 – the wording was intentional regarding legacy domain names. As long as none of the identified triggers are implicated for legacy domain names, the 2013 verification process would not have been triggered. With respect to the question regarding resellers, the answer is likely: it depends. The registrar is ultimately on the hook, but the verification could be done differently – some registrars may do it; some resellers may do it, depending on the business model.
  *   As far as the data that is the same, is it the account holder’s data or the registrant data? In other words, if the next domain name uses the same data – is this what does not require further verification?
  *   The registrant would not need to be re-validated.
  *   With respect to who does the verification, that will vary depending on the registrar.
  *   Think about specific questions to ask registrars – for example, would it help the scoping team to know the reseller’s role in verification?
  *   Puzzled as to why reseller question is being asked.
  *   It would be nice to know who is participating – registrars, resellers, etc.
  *   How broadly would the survey be circulated? If there is an expectation for it to go beyond registrars, the group should discuss how this could be achieved.
  *   The RAA is explicit that registrars are on the hook for the contractual requirements it outsources to a third party like resellers
  *   Suggest looking at specific questions that could be helpful to ask:
  *   The following questions look at how many domains have registration data which is validated and verified:
     *   Do you proactively track rates of completed validation for domains registered with you?
     *   Do you proactively track rates of completed verification for domains registered with you?
     *   If no, is it possible to gather those rates?
     *   If yes to a/b/c, what percentage of domains registered with you have validated registration data?
     *   If yes to a/b/c, what percentage of domains registered with you have verified registration data?
     *   What percentage of domains registered with you were created prior to the validation and verification requirements came into effect and have not yet been updated in a way that triggers the validation and verification requirements?



     *   The following questions look at how many domains have data which is currently in the verification process:
     *   Do you proactively track rates of in-progress validation for domains registered with you?
     *   Do you proactively track rates of in-progress verification for domains registered with you?
     *   If no, is it possible to gather those rates?
     *   If yes to a/b/c, what percentage of domains registered with you are in the validation process now?
     *   If yes to a/b/c, what percentage of domains registered with you are in the verification process now?
  *
     *   The following questions look at how many domains are suspended due to  incomplete verification:
     *   Do you proactively track rates of suspension due to  incomplete verification?
     *   If no, is it possible to gather those rates?
     *   If yes to a/b, what percentage of domains registered with you are suspended due to incomplete verification?



     *   The following questions look at the rate of email bounces for Whois Data Reminder Policy Notices sent out over a set time period.
     *   Do you proactively track the rate of bouncebacks to WDRP emails?
     *   If no, is it possible to gather those rates?
     *   If yes to a/b, what percentage of domains registered with you
     *   What information is needed from the Registrar for identification purposes?
     *   What information would be publicly shared?
     *   Who has access to the individual responses?
     *   Required for identification:
     *   IANA ID
     *   Person filling out the survey - name and contact email
     *
     *   Publicly shared:
     *   Number of Registrars which responded
     *   Aggregated and anonymized response information
     *
     *   Access to individual responses:
     *   TBD (need to discuss with the full Scoping Team). Restriction of access to the individual responses will help promote honesty of response.
     *   Could include a survey question allowing the responding registrar to opt in to having their response associated with their IANA ID (otherwise it would only be used in anonymized or aggregated form)



     *   It is also important to determine the retention period of the personal data contained within the responses and include that information in the initial survey. The data should be retained for as long as is necessary to evaluate responses and then deleted (anonymized/aggregated data may be retained).



  *   These questions are a great first start – group may need to edit further, and we should allow time for feedback.
  *   It would be nice to see individual responses. If that is not possible, it would be important to understand the responses. Doing it an aggregated way loses important granularity. For example, what size is the registrar that is responding?
  *   Who should be responsible for circulating the survey to Registrars? RrSG, ICANN org?
     *   ICANN Org should circulate the survey to all Registrars (not only those which are members of the RrSG).


     *   The RrSG will help with communicating to its membership.



  *   How much time should be provided to respond to the survey?
     *   Start with one month and increase if necessary
  *   What languages should be offered?
     *   UN6
  *   Translation be facilitated by ICANN org, but would add time
  *   What incentives could be provided to encourage Registrars to participate in the survey?
  *   Compliance safe harbor
  *   Publish names of those registrars would participated
  *   Publishing could also be a disincentive for participation
  *   ICANN to offer stay from the upcoming audit
  *   Is there a need for a compliance amnesty if survey responses indicate non-compliance?
     *   Yes, to encourage response
  *   Org would need to check with legal colleagues on this

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-accuracy-st/attachments/20220414/37c9e7d9/attachment-0001.html>

More information about the GNSO-Accuracy-ST mailing list