RESOLUTION OF THE AT-LARGE COMMUNITY

ON CONTRACTUAL RELATIONS BETWEEN REGISTRARS AND ICANN FOR THE BENEFIT OF DOMAIN NAME REGISTRANTS

After having examined the events connected with the "RegisterFly" case and the request for input made to the community by ICANN's CEO Paul Twomey, the ALAC has

resolved that:

ICANN, as the entity responsible for accreditation of gTLD registrars and registries and for the related contractual conditions, should take it as a duty to ensure that such contracts guarantee the minimal protection and prerogatives of registrants - especially individual ones - that are necessary to keep the market effective and competitive, by allowing consumers to freely select and change their domain name suppliers, and to enforce such rights in a predictable and accessible manner.

Specifically, for what regards the contractual agreements:

  • Recognizing that the public Internet users are intended beneficiaries of its contracts, ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
  • ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6, and from all registries;
  • ICANN should ensure that the agreements contain appropriate clauses that, while ensuring the security of the process, allow all registrants to promptly transfer their domain names away from registrars that provide a dissatisfactory level of service, without financial or procedural burdens;
  • ICANN should ensure that the agreements require registrars - and resellers, to the extent possible - to provide adequate information to all registrants about their contractual rights;
  • ICANN should enforce its contracts, possibly while adding intermediate and graduate actions against breaches.

The ALAC recognizes that much more can be obtained by adequate education of registrars, resellers and registrants, and by the establishment of voluntary light-weight best practices regarding procedures and relationships between these parties. The ALAC proposes to work together with the Registrar Constituency and any other interested party to build consensus on a mix of useful actions to address these issues.

Annex - Rationale for the "no third-party beneficiary" language

Earlier in the Registerfly controversy, ICANN Vice President Paul Levins
posted to the ICANN Blog:

> “ICANN is not a regulator. We rely mainly on contract law. We do not condone in any way whatsoever RegisterFly's business practice and behaviour.”

This is disingenuous. ICANN is the central link in a web of contracts that regulate the business of domain name allocation. ICANN has committed, as a public benefit corporation, to enforcing those contracts in the public interest. Domain name registrants, among others, rely on those contracts to establish a secure, stable environment for domain name registration and through that for online content location.

A user registers a domain name by contracting with a registrar, such as Registerfly. The terms of that agreement are constrained by ICANN's accreditation contract with the registrar http://www.icann.org/registrars/ra-agreement-17may01.htm. French
registrar Gandi http://gandi.net/ explains this web with helpful diagrams in its registration agreement http://www.gandi.net/contracts/en/g1/pdf/:

> Gandi is a Registrar, accredited by both the Trustee Authority (ICANN) and registry of each TLD to assign and manage domain names according to their specific TLD. We must abide by the terms and conditions of Our accreditation contract. As a consequence, We must pass some of Our obligations on to Our customers.
> ...
> As such, We commit Ourselves to providing you with the best possible service. This being said, due to Our contractual obligations with the Trustee Authorities and Registries, and which You must also abide by, Our services are limited in some of their technical, legal, regulatory and contractual aspects.

Now the ICANN contracts can both limit and help the end-user registrant. On the limit side, they restrict the registrant's ability to maintain anonymity or privacy by requiring the registrar to provide accurate identifying information to the WHOIS database http://www.icann.org/registrars/ra-agreement-17may01.htm#3.2, a duty the registrar fulfills by compelling provision of accurate information in its own contract with the registrant. This requirement benefits trademark holders, who have recently turned out

http://forum.icann.org/lists/whois-services-comments/ to prophesy doom if data display is limited.

On the benefit side, the RAA-imposed duty of data escrow http://www.icann.org/registrars/ra-agreement-17may01.htm#3.6, requiring the registrar to maintain an escrowed copy of its registration database, provides evidence of a registrant's domain name holdings in the event of registrar failure. Registrants seeing this provision could believe that their domain names would be secure even if the registrar who had recorded them defaulted.

So they might have believed, but apparently ICANN has never enforced this provision of its contracts http://gnso.icann.org/mailing-lists/archives/ga/msg06000.html. Moreover, ICANN denies that the public is a third-party beneficiary entitled to demand enforcement http://www.icann.org/registrars/ra-agreement-17may01.htm#5.10.

The Registerfly debacle (http://www.businessweek.com/technology/content/mar2007/tc20070307_079128.htm? chan=smallbiz_smallbiz+index+page_technology+) shows why this view is wrong as a matter of law and policy. ICANN was told more than a year ago of customer service problems at Registerfly, but did nothing to respond to those complaints, including escrowing data, leaving the company's 200,000 registrants at risk of losing domain names or the ability to update them when Registerfly's business troubles escalated early this year.

ICANN should recognize that the reason for its registrar contracts is precisely to benefit third parties: domain name registrants and those who rely on the domain name system. ICANN is not (or shouldn't be) accrediting registrars merely to have a larger pool of organizations paying fealty to it. Rather, it is imposing terms and conditions on registrars and, with an "ICANN accredited" seal, inviting the public to
rely on those terms for a secure domain name registration.

In cases where ICANN fails http://omblog.icann.org/?p=6 to recognize a registrar's problems http://www.theregister.com/2007/02/19/registerfly_angry_customers/,
concerned members of the public should be entitled to take action themselves. As well as enforcing public-benefit obligations on its own, ICANN should facilitate individual action by removing the "no third-party beneficiary" language from its contracts.