Versions Compared

Old Version 45

changes.mady.by.user Margie Milam

Saved on

compared with

New Version 46

changes.mady.by.user Margie Milam

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

At the Prague Update on the RAA Negotiations Session scheduled on Monday 25 June 2012 from 11:00-12:30, Staff will seek input on the following:

 _________________________________________________

AGENDA FOR PUBLIC MEETING

Key Areas for Community Input

 Below we provide some key questions and points of information that we hope to guide the community discussions in Prague. We seek a discussion and input from the community as to where ICANN should hold firm to the proposals within the law enforcement recommendations on Whois verification and data retention issues, and where further negotiation might be required. The pros and cons on these and other issues that should be discussed in a public session are provided below.   We also seek discussion on how to assure that, when the new RAA is eventually approved, all Registrars will move to the new agreement.

 

Specific questions and points to help pinpoint the issues are:

...

  • Should the process of registering domain names be changed to perform Whois validation and verification before domain names are allowed to resolve?  
  • Will pre-verification address law enforcement’s concern?
  • How big of a change is this to the current registration marketplace? 
  • What are the costs to Registrars in modifying their systems to allow for pre-verification? 
  • What are the costs to registrants?
  • How does the fact that registrants often submit a domain name registration request in order to obtain an email address affect the discussion?

 Phone Verification 

The law enforcement proposal requires verification of email (requiring the return of a unique code) AND phone numbers through processes such as calling the phone or sending a SMS and requiring the return of a unique code. Registrars are willing to verify through one of: (1) an email requiring a return of a unique code; (2) phone number through processes such as calling the phone or sending a SMS; OR (3) verification thorough postal mail. The Registrars propose that the choice among the three options would be made by each registrar.

Registrars state that: (1) phone verification will dramatically increase costs for some registrars, putting small registrars out of business; and (2) wrongdoers will easily pass this test.  Registrars note that due to the variety of Registrar business models, some Registrars may actually prefer phone verification over email verification at this time, but not all Registrars are equipped to perform phone verification.

  • Should registrants be required to have a phone number? (Currently the registrar only has to publish telephone numbers for the administrative and technical contacts, not for the Registered Name Holder.) How else might this impact registrants?
  • What are the actual technical and financial burdens for Registrars? 
  • Will this encourage the use of proxy services? (Proxy services might also be required to verify the contact details of their customers.)
  • What goals will phone verification achieve?

 Annual Re-verification  

The law enforcement proposal requires annual re-verification of registrant information.  The Whois Reminder Policy has limited effect on Whois accuracy, and some in the community argue that it should be augmented with annual verification.

 

The Registrars are willing to maintain responsibility for sending Whois reminder policy notices OR verifying information when changed by the registrant.  Registrars state that an annual re-verification requirement imposes significant costs without additional benefit.

  • How much of a burden would annual verification impose on legitimate registrants, including those registering large numbers of names?
  • Is requiring the cancellation of a domain name if the annual re-verification cannot be completed too high a penalty?  Are the possible unintended consequences disproportionate?
  • What are the actual technical and financial burdens for Registrars? 
  • What goals will this re-verification achieve?

 

Data Retention 

Law enforcement has requested that all identified data elements be kept for two years past the life of the registration. 

The Registrars have raised questions regarding their universal ability to retain the data identified by law enforcement, citing various data privacy laws.  Registrars are willing to retain most of the information requested by law enforcement. Registrars state that some elements such as transaction data can only be retained for six months (not six months after the expiration of the domain name, just six months). Registrars state that this is due to data privacy laws in certain jurisdictions. The Registrars have expressed concerns that registrars in jurisdictions with less-restrictive data protection/privacy regimes will be put at a disadvantage if they are required to maintain registrant data for the full term requested by law enforcement, which is two years past the life of registration, while registrars in other countries may not be able to keep this information for more than 6 months from creation. 

  • Is the duration proposed by law enforcement proportionate with their objective, or does it place too high a burden on registrants and Registrars?
  • How should ICANN monitor compliance with a two-year plus retention period when many of its accredited Registrars might not be permitted to meet that duration?  Is this counter to a goal of uniformity in contracts across Registrars?
  • Does the GAC (or do the governments participating through the GAC) agree with the clarifications proffered by law enforcement?  Can authorities expert in data privacy assist in proposing how ICANN and the Registrars should address the competing legal regimens into a standard that can be uniformly implemented?
  • Are any of these requirements already imposed at a national level?

 

Universal Adoption of RAA

 

The Registrar Negotiating Team has requested, and ICANN agrees, that it is essential to consider how to require and/or incentivize universal adoption of this new RAA. The accreditation model is based upon having a uniform contract applicable to all ICANN-accredited Registrars, and those moving to the new RAA will face many new obligations.  ICANN and the Registrars have been working hard to create a globally acceptable improved RAA.  How can global implementation be best achieved?

 

Some ideas that have been suggested either in negotiations or publicly by interested parties:

  • Begin limitations on the terms of accreditations and renewals under the 2009 RAA to allow all registrars to move to the new RAA together. 
  • Creating milestones for the phasing in of certain terms under the new RAA, so that more Registrars would be subject to the new RAA when the terms come into effect.
  • Providing incentives for adoption of the new RAA prior to the expiration of a Registrar’s current RAA.
  • Use of a Registrar Code of Conduct process to require certain terms to be followed by all Registrars, regardless of whether they are on the 2009 RAA or the new RAA.
  • Requiring use of the new agreement when registering names in new gTLDs.

...

If you have general feedback you'd like to provide, please provide them by submitting comments below.

...