Input to Expert Working Group on gTLD Directory Services Comments made by Afnic on the EWG proposal

[Pierre Bonis]

Please, find hereby the



Comments made by Afnic on the report proposed for comments by the Expert
Working group on gTLD Directory Services



About Afnic

Afnic is the registry for the domain names in the geographical areas of
.fr (France), .re (Reunion Island), .pm (St. Pierre and Miquelon), .tf
(French Southern and Antarctic Territories), .wf (Wallis and Futuna) and
.yt (Mayotte).

Afnic carries out its assignments in the public interest by involving all
the relevant stakeholders in its decisions (scientists, the public
authorities, and representatives of private sector involved in the
Internet in France). As the primary operator for domain name registry
services in France and as the government-appointed Registry for the .fr
TLD, the goals set by Afnic are to develop a preference for the .fr TLD in
France, to help strengthen the resilience of the Internet, and to promote
its skills among the Internet community at large.

Afnic is recognized worldwide for the quality and resilience of its
services, the transparency of its management, and the relevance of its
contributions to the technological development of the Internet.

As well as pursuing its efforts in favour of operational excellence, AFNIC
is also expanding its activities as the technical operator for 17 new gTLD
registries, thus helping to develop secure and stable namespaces for use
on the international scale.

***

Afnic appreciates that the WG is facing a very complex issue, and would
like to commend its members for trying to suggest a new, innovative and on
the whole refreshing approach. The goal of our comments is to challenge
the proposed model in a constructive way.

Afnic's concerns are the following:

* The ARDS would have to be legally established in at least one country,
and its technical infrastructure would also have to be under at least one
jurisdiction. The current proposal does not explain how ARDS would ensure
the disclosure rules the disclosure rules should ponder into the
following:

a) Take into account the various legal regimes

b) Recognize and appropriately check whether Law Enforcement Authorities
are entitled to ask for disclosure

c) It should not be over-ruled by local authorities, providing one or a
handful of countries with privileged access to registrant data all over
the globe? (See examples such as PRISM)

* We would also like to stress that setting up a unique organization to
collect data from across the globe, within the ICANN framework, would
immediately introduce several legal bias such as:

- Use of English as the main language in the contract establishing the
organizations rights, thus benefiting English speaking providers

- Establishment under the umbrella of US law, thus benefiting US law
offices

- Higher complexity to take into account specific rights such as city
names, "appellations d'origine protégée", or non US IP right systems, as
demonstrated in the gTLD expansion through TMCH specifications debates.

* The recent letter from Article 29 Working Party relating to the
registrar accreditation agreement has shown that the diversity of privacy
regimes across the globe does not accommodate well with “one size fits
all” rules, or centralized regulations. We believe that the current
proposal does not appropriately explain how it could comply to such a
complexity. We also raise serious doubts about how European privacy
authorities would react to ARDS, should it be incorporated and / or
technically managed outside of the European Union.

In that regard, the recent Durban GAC communiqué anticipates such
difficulties. See point 8 of the communiqué at


<http://durban47.icann.org/meetings/durban2013/presentation-gac-communique
-18jul13-en.pdf>
http://durban47.icann.org/meetings/durban2013/presentation-gac-communique-
18jul13-en.pdf

*. We are concerned that the ARDS would use "one size fits all" rules to
assess request validity. With approximately 1500 TLDs in the root several
of them will be highly local, and should not be subject to the same rules
as .com or .net in terms of which Law Enforcement Agencies can request
access to data. Should Chinese LEAs be granted access to private data for
.berlin domain names for instance? We believe this issue is insufficiently
taken into account so far.

*. Gated access bears costs. Gathering data is also costly. Most Whois
users are not willing to pay to access data. So we challenge the WG's
assumption that the new model would be overall less costly to maintain, or
the alleged benefit for registries or registrars would offset the costs.
As this ARDS would be granted special exclusive powers, cost and price
controls would in addition be absolutely key to avoid excessive profits or
excessive administration within this body. The WG so far did not address
the issue of checks and balances to assess effective costs and pricing.

* The creation of ARDS should not prevent registrars and registries to
provide for free their own access to their own data (although they might
be relieved from the obligation). Real time access to Whois data currently
is an effective way to check, as a registrant, that a registration
transaction is complete. The proposed model does not seem to address that
legitimate use.

* We believe the proposal does not take into account one key drawback:
registrants do not know and will never know about ARDS. Thus, if contacted
by ARDS they will simply ignore its requests. This is already the case for
registries that try to get in touch with registrants quite often, so it
will be even worse with a remote, unknown organization. Registrant
contacts initiated by ARDS will lead to customer support calls to
registrars and registries, which will incur additional costs.

We would like to suggest the group the take the following steps before
proceeding:

- Formally ask advice from privacy authorities such as the Article 29
working party

- Explore ways to distribute the ARDS across several providers, which
would be based in several jurisdictions. A good model could be the recent
Federated ONS (Object Naming System) standard:


<http://www.gs1.org/gsmp/kc/epcglobal/ons/ons_2_0_1-standard-20130131.pdf>
http://www.gs1.org/gsmp/kc/epcglobal/ons/ons_2_0_1-standard-20130131.pdf

- Explore the possibilities to drastically reduce the volumes and types of
data collected in the first place

- Investigate further the proposed business model, taking into account the
efficiency incentives that should be created for registration Data storage
providers.

Afnic would like to thank the WG members once again for their time in
service of a complex issue, and is available to provide any further
details upon request. However, at this stage, our overall recommendations
are not to proceed with the proposal.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/input-to-ewg/attachments/20130726/4c6026b7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: r?ponse EWG26072013.pdf
Type: application/pdf
Size: 212292 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/input-to-ewg/attachments/20130726/4c6026b7/rponseEWG26072013.pdf>