[RDS-WHOIS2-REC4-Compliance] ICANN compliance input on your questions

Alice Jansen alice.jansen at icann.org
Tue May 1 08:08:06 UTC 2018 

Dear Compliance Subgroup,
Attached to this email you will ICANN Compliance’s answers to your list of questions below.
Thanks so much,
Kind regards
Alice

From: Susan Kawaguchi <susankpolicy at gmail.com>
Date: Thursday 19 April 2018 at 13:36
To: Alice Jansen <alice.jansen at icann.org>, "rds-whois2-rec4-compliance at icann.org" <rds-whois2-rec4-compliance at icann.org>, RDS WHOIS2-RT List <rds-whois2-rt at icann.org>
Cc: SUN Lili <L.SUN at interpol.int>, Jean-Baptiste Deroulez <jean-baptiste.deroulez at icann.org>, Lisa Phifer <lisa at corecom.com>
Subject: Re: [Ext] RE: CONFIRMATION NEEDED - Questions for ICANN Compliance

Hello All,

Thank you Lili for the list of additional questions.  These all relate to our discussions at the F2F.

Please submit to the compliance team on our behalf.

Best regards,

Susan

On Thu, Apr 19, 2018 at 11:52 AM, Alice Jansen <alice.jansen at icann.org<mailto:alice.jansen at icann.org>> wrote:
Many thanks, Lili and Susan.
We will send these over to ICANN compliance and will get back to you on the estimated delivery date.
Could I ask you to send a note out to your subroups to inform them of the list of questions? That way, the request will also be official.
Thanks so much and safe travels! It was great to have you in Brussels!
Kind regards
Alice

From: SUN Lili <L.SUN at interpol.int<mailto:L.SUN at interpol.int>>
Date: Thursday 19 April 2018 at 07:05
To: Susan Kawaguchi <susankpolicy at gmail.com<mailto:susankpolicy at gmail.com>>, Alice Jansen <alice.jansen at icann.org<mailto:alice.jansen at icann.org>>
Cc: Jean-Baptiste Deroulez <jean-baptiste.deroulez at icann.org<mailto:jean-baptiste.deroulez at icann.org>>, Lisa Phifer <lisa at corecom.com<mailto:lisa at corecom.com>>
Subject: [Ext] RE: CONFIRMATION NEEDED - Questions for ICANN Compliance

Hi Alice, hi Susan,

Please check below the updated questions for ICANN Compliance, 2 questions from Data-Accuracy Subgroup have been solved, I added 3 more questions relating to compliance for Susan’s consideration.

Thanks and best regards,
Lili


  *   Data-Accuracy Subgroup Follow-up Questions for ICANN Compliance:
1.      Does the Compliance Team attempt to identify patterns within ARS-detected inaccuracies to enable proactive remediation of underlying causes?
2.      If a domain registration is suspended due to a reported or detected WHOIS inaccuracy, can the domain name be un-suspended without the inaccuracy being remediated?
3.      Does the WHOIS Quality Review (or any other program) audit how often un-suspension without accuracy remediation occurs? If so, for how long after suspension are those follow-up accuracy checks performed?
4.      Considering ARS compliance metrics: Why are the percentage of ticketed domains that end up being suspended or cancelled is increasing?
[cid:image002.jpg at 01D3D7DE.F0100690]
5.      ( Solved, delete) What percentage of ARS-initiated WHOIS Inaccuracy compliance tickets result in updates to correct WHOIS data prior to 3rd failure & breach notices?
This is already provided by WHOIS ARS Contractual Compliance Metrics[whois.icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__whois.icann.org_en_whoisars-2Dcontractual-2Dcompliance-2Dmetrics&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=OqbMONZYFKn2TSSCiipZNSZIeSAUg7tm78tFf40-tWo&e=>.
6.      ( Solved, delete) Is WDRP compliance being audited and reported? If so where?
WDRP compliance has been audited since 2012 as one of the many 2009 & 2013 RAA provisions, see more detail at Contractual Compliance Audit Program[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_audits-2D2012-2D02-2D25-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=m4-i2KfnUNyItzGg6L6v2QUxC5J-vw6z9cTeB4sVJjQ&e=>. However, only selected (or sampled) registrars were audited during each round, and besides a general percentage (20%-35%) of registrars with a deficiency on this, there was no further detail about the deficiency. See below the specific audit reports:

2016 May Contractual Compliance Registrar Audit Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_compliance-2Dregistrar-2Daudit-2Dreport-2D2016-2D16nov16-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=Q8I5towqWuC4bgGrE_O1cgAs8TOMd_0UBhmVmUyQqiw&e=> [PDF, 372 KB]

2016 September Contractual Compliance Registrar Audit Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_compliance-2Dregistrar-2Daudit-2Dreport-2D2016-2D20jun17-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=U8no0FzmRj41pgpDFVazioIUh7DcjmyQ7AV9NPZDqY4&e=> [PDF, 238 KB]

2015 September Contractual Compliance Registrar Audit Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_compliance-2Dregistrar-2Daudit-2Dreport-2D2015-2D06jul16-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=9Fqe6z-kAiF_xC-JWIrWWgxVrfc37ZlxGK2QA8gFY5A&e=> [PDF, 258 KB]

2014 Contractual Compliance Year Three Audit Program Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_resources_compliance_reports_contractual-2Dcompliance-2Daudit-2Dreport-2D2014-2D13jul15-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=usfkU4ZoxqMw7MR4nWFYvsrtQa5ljs9_H6WEgl17UiI&e=> [PDF, 851 KB]
2013 Contractual Compliance Year Two Audit Program Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_registrar-2Dregistry-2Daudit-2D2013-2D07jul14-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=5nxYIiXNZgcMQdS5nkyGIuLxrhLXBXUyFlI1_WL_Uco&e=> [PDF, 900 KB]
2012 Contractual Compliance Year One Audit Program Report[icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_en_system_files_files_registrar-2Dregistry-2Daudit-2D2012-2D25jun13-2Den.pdf&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=hgoi2V8bykqXjZC9kZZRTDSEJ4lQIyKh6k8Q-TUv6Ks&m=T2HTMIxEb2sZU9kozqx00kMdJ7aVPmD--pO_3TU2yZo&s=mXg9py1vlxsJlR_iVJN4MrM9XlxLfQSwv2M71ccVJQY&e=> [PDF, 322 KB]


  *   Compliance Subgroup Follow-up Questions for ICANN Compliance
1.      Is it known (or can it be determined from ARS-sampled data) how often Registrant Contact data elements such as Registrant email address, Registrant postal address, and Registrant telephone number are absent from WHOIS records for grandfathered domain names?
2.      Why are a significant number of WHOIS Inacccuracy Complaints closed without any action being taken? What does Compliance treat as valid reasons for immediate ticket closure and are there any metrics for how often tickets are closed for each of those reasons?
3.      What additional evidence in WHOIS Inaccuracy Complaints would Compliance find useful?
4.      Does Compliance do any analysis of WHOIS Inaccuracy trends? If not, why not? For example, would a policy be necessary to enable trend analysis?
5.      ( Newly added) It shows that one of Compliance activities is ICANN-initiated monitoring to take proactive actions. What kind of monitoring programs have been conducted or planned?
6.      ( Newly added) Is there any monitoring program to check some common grounds or linkages among ARS, Audit Program, public complaints received, e.g. from specific registrar, gTLD, region?
7.      ( Newly added) Does compliance credit-rate registrars or just treat all of them equally?

From: Susan Kawaguchi [mailto:susankpolicy at gmail.com<mailto:susankpolicy at gmail.com>]
Sent: Wednesday, 18 April, 2018 7:34 PM
To: Alice Jansen <alice.jansen at icann.org<mailto:alice.jansen at icann.org>>
Cc: SUN Lili <L.SUN at interpol.int<mailto:L.SUN at interpol.int>>; Jean-Baptiste Deroulez <jean-baptiste.deroulez at icann.org<mailto:jean-baptiste.deroulez at icann.org>>; Lisa Phifer <lisa at corecom.com<mailto:lisa at corecom.com>>
Subject: Re: CONFIRMATION NEEDED - Questions for ICANN Compliance

Thanks Alice and Jean-Baptiste,

All the questions seem fine to me.

Susan

On Tue, Apr 17, 2018 at 11:29 AM, Alice Jansen <alice.jansen at icann.org<mailto:alice.jansen at icann.org>> wrote:
Hi Lili, Hi Susan,
Below you will find the list of questions we extracted from the data accuracy and compliance subgroups related discussions yesterday.
Please review and let us know if you have any edits at your earliest convenience.
We will send to ICANN compliance once we have received your confirmations.
Thanks,
Kind regards
Alice


  *   Data-Accuracy Subgroup Follow-up Questions for ICANN Compliance:

1.     What percentage of ARS-initiated WHOIS Inaccuracy compliance tickets result in updates to correct WHOIS data prior to 3rd failure & breach notices?

2.     Does the Compliance Team attempt to detect patterns within ARS-detected inaccuracies to enable proactive remediation of underlying causes?

3.     Is WDRP compliance being audited and reported? If so where?

4.     If a domain registration is suspended due to a reported or detected WHOIS inaccuracy, can the domain name be un-suspended without the inaccuracy being remediated?

5.     Does the WHOIS Quality Review (or any other program) audit how often un-suspension without accuracy remediation occurs? If so, for how long after suspension are those follow-up accuracy checks performed?

6.     Considering ARS compliance metrics: Why are the percentage of ticketed domains that end up being suspended or cancelled is increasing?



  *   Compliance Subgroup Follow-up Questions for ICANN Compliance

1.     Is it known (or can it be determined from ARS-sampled data) how often Registrant Contact data elements such as Registrant email address, Registrant postal address, and Registrant telephone number are absent from WHOIS records for grandfathered domain names?

2.     Why are a significant number of WHOIS Inacccuracy Complaints closed without any action being taken? What does Compliance treat as valid reasons for immediate ticket closure and are there any metrics for how often tickets are closed for each of those reasons?

3.     What additional evidence in WHOIS Inaccuracy Complaints would Compliance find useful?

4.     Does Compliance do any analysis of WHOIS Inaccuracy trends? If not, why not? For example, would a policy be necessary to enable trend analysis?




***************************************************************************************************
This message, and any attachment contained, are confidential and subject of legal privilege. It may be used solely for the designated police/justice purpose and by the individual or entity to whom it is addressed. The information is not to be disseminated to another agency or third party without the author’s consent, and must not be retained longer than is necessary for the fulfilment of the purpose for which the information is to be used. All practicable steps shall be taken by the recipients to ensure that information is protected against unauthorised access or processing. INTERPOL reserves the right to enquire about the use of the information provided.
If you are not the intended recipient, be advised that you have received this message in error. In such a case, you should not print it, copy it, make any use of it or disclose it, but please notify us immediately and delete the message from any computer.
*************************************************************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rds-whois2-rec4-compliance/attachments/20180501/044920af/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 24917 bytes
Desc: image001.jpg
URL: <http://mm.icann.org/pipermail/rds-whois2-rec4-compliance/attachments/20180501/044920af/image001-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Compliance questions - April 2018.pdf
Type: application/pdf
Size: 876370 bytes
Desc: Compliance questions - April 2018.pdf
URL: <http://mm.icann.org/pipermail/rds-whois2-rec4-compliance/attachments/20180501/044920af/Compliancequestions-April2018-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Data Accuracy questions - April 2018.pdf
Type: application/pdf
Size: 667454 bytes
Desc: Data Accuracy questions - April 2018.pdf
URL: <http://mm.icann.org/pipermail/rds-whois2-rec4-compliance/attachments/20180501/044920af/DataAccuracyquestions-April2018-0001.pdf>

More information about the RDS-WHOIS2-REC4-Compliance mailing list