[GNSO-TPR] Reasons to deny a transfer

[Rich]

Hi team,

I know this is a topic we’ve already discussed but it came up again for us
at Tucows recently and I want to share some more thoughts for the group’s
consideration before we come back to it in a meeting

I think we should keep ‘violation of the registration agreement’ in the
reasons why the losing registrar MAY deny a transfer.

If we want the DNS space to have the trust and respectability of the
Internet community, we must take a ‘responsible registrar’ approach to
certain types of domain. Issues outlined in the DNS Abuse Framework
<https://dnsabuseframework.org/>, for example, may extend beyond standard
DNS Abuse in some cases, but absolutely causes terrible harm to the world
that disallowing domain transfer is appropriate. For example, a domain
suspended for promoting terrorism, shouldn’t simply be allowed to be
transferred to a less-aware registrar and continue promoting
terrorism. The extremely
minor speed bump of having to find a new domain and a new registrar is the
literal least we can do.

I’m concerned that by removing this option from registrars we lose an
important measure to prevent abuse and other online harms. When we
discussed this topic in a recent meeting, I had thought that the registrar
would address the harm by revoking ownership of the domain name (e.g. by
updating the RNH contact info to their own), but upon further discussion
both internally and with some other Rr’s I have come to understand that is
not common practice nor should it be the expected path. As such, there
needs to be some method for the Rr to deny the transfer in this type of
situation while the original RNH remains listed on the registration record.

I know there’s a concern that some registrars might have unreasonable
terms, but don't we generally expect that the Rr will set reasonable terms
and the RNH will understand those terms prior to accepting them? If we
start assuming that the RNH did not understand the terms they accepted,
that seems like a dangerous path to go down.

Going back to the terrorism example, a registrar that hasn’t signed on to
the DNS Abuse Framework isn’t required to suspend a domain for terrorism
(unless told to by appropriate LEA, but that’s a different case). But one
that has shouldn’t be forced to allow terrorists to continue at another
Registrar, they should be able to follow their published policy of
suspending the service and denying transfer away.

I understand this isn’t simple and there are valid concerns about
Registrars setting impossible or inappropriate Terms in order to retain
customers by preventing transfer out. I hope that as a team we can find
some way to balance all these issues and include violation of the
registration agreement in our updated reasons why the Registrar MAY deny
the transfer.

Thank you,

*Rich Brown*

Compliance Officer

Tucows, Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-tpr/attachments/20220329/5c623262/attachment.html>