[registrars] [Fwd: [dow3tf] TF3 - Best Practices Recommendations]

Wed Apr 28 15:45:14 UTC 2004

These recommendations are in the process of being amended by the 
author, I would appreciate getting any feedback that you might have 
prior to next Wednesday on these general points. To get an idea of the 
position that I have put forward in response, please review the 
archive of the mailing list starting with this message: 
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00147.html

The remainder of the messages can be found at the following links:

http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00148.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00149.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00150.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00151.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00152.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00153.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00154.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00156.html
http://gnso.icann.org/mailing-lists/archives/dow3tf/msg00157.html

These are all located towards the bottom of this page: 
http://gnso.icann.org/mailing-lists/archives/dow3tf/thrd3.html

-------- Original Message --------
Subject: [dow3tf] TF3 - Best Practices Recommendations
Date: Fri, 23 Apr 2004 13:03:29 -0400
From: Brian Darville <BDARVILLE at oblon.com>
To: <dow3tf at gnso.icann.org>
CC: <gnso.secretariat at gnso.icann.org>, <roseman at icann.org>

Here is a rough draft of some best practices recommendations and 
procedures for moving forward.  Please review these and send me any 
comments.

Best Practices

The surveys conducted by Task Force 3 did not result in any meaningful 
level of response that could serve as a basis for assessing best 
practices for improving data accuracy and verification.  Nevertheless, 
the Task Force compiled a list of preliminary recommendations for 
potential best practices and for further assessment of best practices.

1)	ICANN should work with all relevant parties to create a uniform, 
predictable, and verifiable mechanism for ensuring compliance with the 
WHOIS-related provisions of the present agreements, and should devote 
adequate resources to such a compliance program.  The Registrar 
Accreditation Agreement makes the requirements clear.  See 
http://gnso.icann.org/issues/whois-privacy/raa-whois-16dec03.shtml. 
However, this agreement is only as good as the level of compliance 
with it, and recent decisions by US courts indicate that only ICANN 
can enforce these agreements.  See Register.com v. Verio, Inc., 356 
F.3d 393 (2d Cir. 2004)

2)	A Best Practices document geared toward improving data verification 
on a global basis should be developed through a continuing ICANN 
sponsored program.  ICANN should consider retaining an independent 
third party which could, on a confidential basis, gather the critical 
underlying data germane to assessing current data verification 
practices in the registrar and other relevant industries, as well as 
from selected ccTLDs.

3)	Automated verification processes should be employed for identifying 
suspect registrations containing plainly false or inaccurate data and 
for communicating this fact to the domain name registrant.

4)	Manual verification processes should be employed to identify domain 
name registrations that, on their face, appear to contain inaccurate 
or false data.  Presentations at the ICANN Rome Meeting made clear 
that such manual review and verification could be performed in a 
cost-effective manner.

5)	Where available automated address and contact databases should be 
consulted and used to check or verify apparently suspect addresses.

6)	Consideration should be given to inclusion of the "last verified 
date" and "method of verification" as Whois data elements, as 
recommended by the Security and Stability Advisory Committee.

7)	ICANN should require registrars to develop, in consultation with 
other interested parties, "best practices" concerning the "reasonable 
efforts" which should be undertaken to investigate reported 
inaccuracies in contact data (RAA Section 3.7.8).  See 
http://www.dnso.org/dnso/notes/20030219.WhoisTF-accuracy-and-bulkaccess.html. 

8)	ICANN should ask each registrar to present a plan, by a date 
certain, for substantially improving the accuracy of Whois data that 
it collects.  The plans will be made publicly available except to the 
extent that they include proprietary data.  The plans should include 
at least the following features:

o	identification and public disclosure of a contact point for 
receiving and acting upon reports of false Whois data;

o	how the registrar will train employees and agents regarding the 
Whois data accuracy requirements;

o	how the registrar will take reasonable steps to screen submitted 
contact data for falsity, which steps may include use of automated 
screening mechanisms, manual checking, including spot-checking, and 
verification of submitted data;

o	when false data comes to the registrar's attention, whether through 
a third-party complaint or otherwise, how the registrar will treat 
other registrations in which the contact data submitted is 
substantially identical to that in the registration that has come to 
the registrar's attention;

o	how the registrar monitors the extent to which contact data 
submitted to it through re-sellers or other agents is false or 
significantly incomplete, and what the consequences are for re-sellers 
or agents whose performance is unacceptable;

o	 how the registrar evaluates compliance by its current registrants 
with the obligation to provide accurate and current contact data;

o	how the registrar measures performance in improving the quality of 
the Whois data it manages.

9)	Procedures should be considered for facilitating updates of or 
correction to Whois data including expedited priority handling of such 
requested updates.

10)	Once fully developed, ICANN should evaluate the pending IRIS 
protocol being developed by the CRISP working group.

11)	Contracts should be amended to ensure that there is effective 
enforcement of the contractual requirements germane to domain name 
registration and the provision of accurate Whois data.  The RAA and 
gTLD registry agreements should be modified to provide for a regime of 
graduated or intermediate sanctions for patterns of violations by a 
registrar of the Whois data accuracy obligations of those agreements. 
  (This recommendation is without prejudice to the possibility that 
such a regime would also be appropriate for encouraging compliance 
with other provisions of these agreements.)

12)	The PDP with regard to the issues addressed by TF3 should mutate 
into an ongoing effort with the following goals:

o	Research and dissemination of information on practicable and 
cost-effective methods used to improve the quality of identifying and 
contact data submitted by customers in online transactions outside the 
realm of gTLD domain name registration

o	Development of best practices within the realm of gTLD domain name 
registration for improving the accuracy, currency, and reliability of 
contact data in the Whois database

13)	ICANN staff should undertake a review of the current registrar 
contractual terms and draft any changes needed to reflect the new 
policies and procedures ultimately adopted as the result of the 
current PDP.

**********************

Regards,

Brian Darville
Oblon, Spivak
(703) 412-6426
bdarville at oblon.com

-- 

                        -rwr

                 "Don't be too timid and squeamish about your actions.
                                            All life is an experiment.
                             The more experiments you make the better."
						- Ralph Waldo Emerson

Got Blog? http://www.blogware.com
My Blogware: http://www.byte.org