Page History

...

The Registrars Stakeholder Group and ICANN announced in Dakar the immediate commencement of negotiations on the RAA.  These negotiations will occur regularly with the goal of issuing agreed amendments to the RAA for consideration by the ICANN Board.

Current Status  

Archive of Documents Related to the Toronto Meeting:

In  In advance of the Toronto Meeting, on 24 September 2012,  ICANN posted a group of documents on the status of negotiation of amendments to the Registrar Accreditation Agreement (RAA). These include:

• RAA Toronto Update Memorandum
• RAA Torornto Toronto Summary Chart
  
  

More information is available by reviewing the Transcript and recording of the Toronto Update on the RAA Session.

  Archive of Documents Posted Prior to the Prague Meeting:

...

• The ICANN Board’s Dakar resolution on the RAA is posted at: http://www.icann.org/en/minutes/resolutions-28oct11-en.htm#7
• To review the Final Report on Improvements to the RAA, please see: http://gnso.icann.org/issues/raa/raa-improvements-proposal-final-report-18oct01-en.pdf
• To review the Staff Discussion Paper published prior to Dakar, please see: http://gnso.icann.org/issues/final-raa-discussion-paper-13oct11-en.pdf 
• To learn more about the RAA, please refer to the Non-Lawyers Guide to the RAA, posted at: http://www.icann.org/en/registrars/non-lawyers-guide-to-ra-agreement-15feb10-en.htm
• Reports of each of the RAA meetings and discussion of amendment topics addressed at each meeting will be posted on separate WIKI pages attached to this Home Page.
• The GNSO  Final Issue Report delivered by Staff in response to the Board Dakar Resolution identifies the policy avenues for addressing these amendment topics.
• A Status Report on the RAA Negotiations was published on the ICANN website on 1 March 2012, at  http://www.icann.org/en/news/announcements/announcement-01mar12-en.htm
• An updated Status Report on the RAA Drafting Team recommendations as of 1 March 2012 

Community Consultation in Toronto

...

• 2012

...

 _________________________________________________

AGENDA FOR PUBLIC MEETING

Key Areas for Community Input

Below we provide some key questions and points of information in advance of community discussions in Toronto – some of which are the same as we posed to the community in Prague. We seek community input on these points.  We also seek to continue discussion on how to assure that, when the new RAA is eventually approved, all Registrars will move to the new agreement.

Specific questions and points to help pinpoint the issues are:

...

...

Registrars respond that this approach could have a significant negative impact on customer experience without commensurate law enforcement benefits.  In particular, registrars have argued that: (1) requiring all registrars to perform phone verification (such as through SMS) could greatly impair registrar ability to serve customers outside of their home country and could impose language challenges in conducting phone verification; (2) verification is likely to result in some customer confusion and will almost certainly increase registrar costs and, if both verification methods are required, the requirement could become cost prohibitive or create barriers to registration services; (3) depending on the country or region, some registrars may prefer to use phone verification methods over email verification methods because of concerns of spam filters, etc; (4) wrongdoers will easily pass either verification test, and neither verification test will have a meaningful impact on deterring or combating illegal activity; and (5) given the uncertainty about the costs and benefits of such verification, registrars advocate an either/or approach and to gather data to enable the community to evaluate the relative merit of each one.  

In Toronto, community input is sought on:

• Should the process of registering domain names be changed to perform Whois verification before domain names are allowed to resolve? (As the agreement currently stands, validation of would take place prior to resolution.) As part of an agreement to support a post-resolution verification model, the negotiation teams have agreed in principle to a review of the Whois verification specification after 12 months of registrar adoption, to determine the effectiveness of the new verification obligations, as well as the launch of work to investigate a pilot program for pre-resolution verification.  In addition, the registrars have proposed the creation of a cross-stakeholder working group to collect data and inform further enhancements and/or policy development.

• Should registrants be required to have and publish a phone number? (Currently the registrar only has to publish telephone numbers for the administrative and technical contacts, not for the Registered Name Holder.) How else might this impact registrants?
• What are the actual technical and financial burdens for Registrars and the Community in verifying phone numbers and/or email addresses or in conducting such verification before resolution of the domain name? 
• What are the costs associated with a requirement to verify both telephone and email contact data, and will such a requirement have a meaningful impact on deterring or combating illegal activity?

Re-verification

The GAC/law enforcement proposal requires some form of re-verification of registrant information. The Whois Reminder Policy has limited effect on Whois accuracy, and some in the community argue that it should be augmented with a re-verification requirement. Conversations have now turned to defining the types of events that should trigger a Registrar obligation to re-verify the certain registrant WHOIS information.  Some suggestions of this trigger are:  transfers, bounced emails sent by the registrar, a Whois Data Problem Report Service notification, renewal and if registrar has any information suggesting that the contact information is incorrect. 

Community input is sought on:

• Should re-verification of Whois information be required on a periodic (e.g., annual) basis as opposed to being event driven?  How much of a burden would annual verification impose on legitimate registrants, including those registering large numbers of names?
• Is it appropriate to require registrars to suspend a domain name registration if the annual re-verification is not completed?  Are the possible unintended consequences, including liability associated with such suspensions, disproportionate? 
• What are other possible events that should trigger a requirement to re-verify registrant Whois data?
• What benefits will re-verification achieve?

 Data Retention

Law enforcement representatives appear to be willing to accept a dual-tiered retention schedule, requiring some elements such as transaction data to be retained for a minimum of six months (not six months after the expiration of the domain name), while other kinds of data would be kept for two years past the life of the registration.  This addresses a key registrar concern that imposing a universal two-year retention requirement would obligate registrars to retain data for longer than it is useable, impose new data retention costs, and create an uneven obligation among registrars, as the data protection/privacy regimes in some jurisdictions would not allow for all data to be maintained for that length of time.  The two-tiered schedule is proposed as a schedule that is more likely to be permitted under various data protection regimes, and to assure a consistent application of obligations under the RAA. 

The possibility, however, always remains that some registrars may find their data retention obligations to be prohibited by even more restrictive laws.  As a result, ICANN and the registrars have discussed various processes under which a registrar might seek a waiver of certain elements of the data retention requirements to the extent that they are in conflict with laws applicable to the registrar.  With the assistance of the Governmental Advisory Committee, ICANN and the registrars are evaluating possible modification of the existing “ICANN Procedure For Handling WHOIS Conflicts with Privacy Law” (at http://archive.icann.org/en/processes/icann-procedure-17jan08.htm) as a basis for this process.  There is concern, however, that as currently drafted, the procedure may only be invoked where a legal proceeding against the registrar has been initiated.  The parties believe that in appropriate circumstances it would be preferable to permit a registrar to invoke the waiver process, and for ICANN to consider a waiver request prior to the initiation of a regulatory or judicial proceeding.

• Is the use of a process like the ICANN Procedure for Handling Whois Conflicts with Privacy Law helpful to identify when registrars should be relieved from certain data retention obligations?  If no, what process should be used?
• What standards could be imposed to invoke the process, short of requiring the initiation of a formal legal or regulatory process?

 Universal Adoption of RAA

 The Registrar Negotiating Team has requested, and ICANN agrees, that it is essential to consider how to require and/or incentivize universal adoption of this new RAA. The accreditation model is based upon the principle of uniformity of contracts for all ICANN-accredited Registrars.   ICANN and the registrars recognize that those moving to the new RAA will face many new obligations and associated implementation costs.  ICANN and the Registrars are striving to create a globally acceptable improved RAA.  Accordingly, the discussion continues on how can global implementation be best achieved.

Some ideas that have been suggested and ICANN seeks community input on these suggestions:

...

If you have general feedback you'd like to provide, please provide them by submitting comments below.

...