You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 46 Next »

ICANN-accredited registrars and ICANN commenced a series of direct bilateral negotiations to amend and update the current Registrar Accreditation Agreement (RAA) in November, 2011.   These negotiations are currently underway.

Negotiation Goals/Objectives 

During the ICANN Dakar Meeting, ICANN and the Registrar Stakeholder Group announced their agreement to commence negotiations on possible amendments to the RAA to address recommendations made by law enforcement agencies and the GNSO, provide increased protections for registrants, to enhance  security generally, and to increase predictability for all stakeholders.  

At its meeting in Dakar, the ICANN Board directed these negotiations to commence immediately, with the goal of reaching agreement on amendments that are “in the global public interest with the twin goals of registrant protection and stability...” for consideration by the ICANN Board at the Costa Rica Meeting.  

ICANN and the Registrars have agreed to discuss the following topics in these negotiations: 

  • The law enforcement RAA recommendations, including as formulated by law enforcement in its proposed code of conduct;
  • The “High Priority” recommendations from the joint GNSO/ALAC RAA Drafting Team’s Final Report (see Final Report);
  • To the extent time permits, the  “Medium Priority” recommendations from the joint GNSO/ALAC RAA Drafting Team’s Final Report;
  • Other topics that would advance the goals of registrant protection, DNS stability, and increased predictability for all stakeholders.

Background

In 2009, the GNSO Council embarked on a collaborative process with the At Large Advisory Committee regarding the RAA.  As part of this process, a joint GNSO/ALAC drafting team was formed (known as the RAA Drafting Team or, “RAA DT”) to consider various proposals for improvements to the RAA. The RAA DT reviewed proposals from the law enforcement community, the Intellectual Property Constituency, as well as other stakeholders.  The RAA DT published a Final Report on 18 October, 2010, that identified potential topics to be addressed in an amended RAA.  The RAA DT also propose several  next steps for the GNSO Council to consider in determining whether to recommend a new form of RAA.   

Prior to Dakar, Staff published a Discussion Paper on the Next Steps for the RAA that recommended the immediate commencement of bilateral negotiations with the Registrars.   At Dakar, law enforcement representatives and other stakeholders debated the need for additional amendments to the RAA. 

In Dakar, the ICANN Board adopted a resolution (2011.10.28.31) <http://www.icann.org/en/minutes/resolutions-28oct11-en.htm#7> acknowledging that the effort to evolve the RAA is an important element in a program to protect registrants and safeguard the stability of a single interoperable Internet.  The resolution called for immediate negotiations and called on the negotiating teams to publish proposed amendments for consideration at ICANN’s meeting in Costa Rica in March 2012. The Board resolution called on the negotiating teams to address of law enforcement and GNSO working group recommendations as well as other topics that would advance the twin goals of registrant protection and DNS stability.  The ICANN Board also directed Staff to prepare an Issues Report with respect to any remaining items suited for a PDP.

The Registrars Stakeholder Group and ICANN announced in Dakar the immediate commencement of negotiations on the RAA.  These negotiations will occur regularly with the goal of issuing agreed amendments to the RAA for consideration by the ICANN Board.

Current Status  

 In advance of the Prague Meeting,on 4 June 2012,  ICANN posted a group of documents on the status of negotiation of amendments to the Registrar Accreditation Agreement (RAA).

These documents note that while ICANN and the Registrars have made progress in the negotiations, the negotiations are not complete and there remain key areas of difference. Of highest priority for ICANN are the areas of Whois verification and data retention requirements, where ICANN and Registrars were not able to agree on certain aspects of the law enforcement recommendations. Because these two areas are so important, ICANN and the registrars were not able to post consolidated, negotiated amendments in advance of the Prague meeting. The RAA Negotiations Summary Memorandum posted on 4 June 2012 explains this more fully; the Draft RAA reflects ICANN's most recent proposal as of 4 June 2012.

Recent Developments since the Costa Rica Meeting

More Information

Community Consultation in Prague

At the Prague Update on the RAA Negotiations Session scheduled on Monday 25 June 2012 from 11:00-12:30, Staff will seek input on the following:

 _________________________________________________

AGENDA FOR PUBLIC MEETING

Key Areas for Community Input

 Below we provide some key questions and points of information that we hope to guide the community discussions in Prague. We seek a discussion and input from the community as to where ICANN should hold firm to the proposals within the law enforcement recommendations on Whois verification and data retention issues, and where further negotiation might be required. The pros and cons on these and other issues that should be discussed in a public session are provided below.   We also seek discussion on how to assure that, when the new RAA is eventually approved, all Registrars will move to the new agreement.

Specific questions and points to help pinpoint the issues are:


Pre-resolution Verification

Law enforcement recommends the verification of registrant Whois data before allowing a new domain name registration to resolve.  The Registrars are willing to agree to verify registrants within a certain time after the resolution (such as 5 days), with a requirement to suspend the registration if verification is not successful in that interim time period. 

Registrars state that: (1) currently, domain names resolve immediately upon registration and changing that practice and delaying resolution for a period of days should be a policy discussion as it dramatically changes the domain name registration market; (2) this attempt to stop the tiny percentage of wrongdoers materially inconveniences the legitimate registration of millions of domain names; and (3) registrants often obtain domain names in order to obtain an email address (associated with the new domain name) so verifying the email addresses prior to registration is not feasible.

Law enforcement states that domain names abuses can be effective even if the domain name is held only a few days and so verification prior to allowing the name to resolve is necessary.

  • Should the process of registering domain names be changed to perform Whois validation and verification before domain names are allowed to resolve?  
  • Will pre-verification address law enforcement’s concern?
  • How big of a change is this to the current registration marketplace? 
  • What are the costs to Registrars in modifying their systems to allow for pre-verification? 
  • What are the costs to registrants?
  • How does the fact that registrants often submit a domain name registration request in order to obtain an email address affect the discussion?

 Phone Verification 

The law enforcement proposal requires verification of email (requiring the return of a unique code) AND phone numbers through processes such as calling the phone or sending a SMS and requiring the return of a unique code. Registrars are willing to verify through one of: (1) an email requiring a return of a unique code; (2) phone number through processes such as calling the phone or sending a SMS; OR (3) verification thorough postal mail. The Registrars propose that the choice among the three options would be made by each registrar.

Registrars state that: (1) phone verification will dramatically increase costs for some registrars, putting small registrars out of business; and (2) wrongdoers will easily pass this test.  Registrars note that due to the variety of Registrar business models, some Registrars may actually prefer phone verification over email verification at this time, but not all Registrars are equipped to perform phone verification.

  • Should registrants be required to have a phone number? (Currently the registrar only has to publish telephone numbers for the administrative and technical contacts, not for the Registered Name Holder.) How else might this impact registrants?
  • What are the actual technical and financial burdens for Registrars? 
  • Will this encourage the use of proxy services? (Proxy services might also be required to verify the contact details of their customers.)
  • What goals will phone verification achieve?

 Annual Re-verification

The law enforcement proposal requires annual re-verification of registrant information.  The Whois Reminder Policy has limited effect on Whois accuracy, and some in the community argue that it should be augmented with annual verification.

The Registrars are willing to maintain responsibility for sending Whois reminder policy notices OR verifying information when changed by the registrant.  Registrars state that an annual re-verification requirement imposes significant costs without additional benefit.

  • How much of a burden would annual verification impose on legitimate registrants, including those registering large numbers of names?
  • Is requiring the cancellation of a domain name if the annual re-verification cannot be completed too high a penalty?  Are the possible unintended consequences disproportionate?
  • What are the actual technical and financial burdens for Registrars? 
  • What goals will this re-verification achieve?

Data Retention

Law enforcement has requested that all identified data elements be kept for two years past the life of the registration.

The Registrars have raised questions regarding their universal ability to retain the data identified by law enforcement, citing various data privacy laws.  Registrars are willing to retain most of the information requested by law enforcement. Registrars state that some elements such as transaction data can only be retained for six months (not six months after the expiration of the domain name, just six months). Registrars state that this is due to data privacy laws in certain jurisdictions. The Registrars have expressed concerns that registrars in jurisdictions with less-restrictive data protection/privacy regimes will be put at a disadvantage if they are required to maintain registrant data for the full term requested by law enforcement, which is two years past the life of registration, while registrars in other countries may not be able to keep this information for more than 6 months from creation. 

  • Is the duration proposed by law enforcement proportionate with their objective, or does it place too high a burden on registrants and Registrars?
  • How should ICANN monitor compliance with a two-year plus retention period when many of its accredited Registrars might not be permitted to meet that duration?  Is this counter to a goal of uniformity in contracts across Registrars?
  • Does the GAC (or do the governments participating through the GAC) agree with the clarifications proffered by law enforcement?  Can authorities expert in data privacy assist in proposing how ICANN and the Registrars should address the competing legal regimens into a standard that can be uniformly implemented?
  • Are any of these requirements already imposed at a national level?

Universal Adoption of RAA

The Registrar Negotiating Team has requested, and ICANN agrees, that it is essential to consider how to require and/or incentivize universal adoption of this new RAA. The accreditation model is based upon having a uniform contract applicable to all ICANN-accredited Registrars, and those moving to the new RAA will face many new obligations.  ICANN and the Registrars have been working hard to create a globally acceptable improved RAA.  How can global implementation be best achieved?

Some ideas that have been suggested either in negotiations or publicly by interested parties:

  • Begin limitations on the terms of accreditations and renewals under the 2009 RAA to allow all registrars to move to the new RAA together. 
  • Creating milestones for the phasing in of certain terms under the new RAA, so that more Registrars would be subject to the new RAA when the terms come into effect.
  • Providing incentives for adoption of the new RAA prior to the expiration of a Registrar’s current RAA.
  • Use of a Registrar Code of Conduct process to require certain terms to be followed by all Registrars, regardless of whether they are on the 2009 RAA or the new RAA.
  • Requiring use of the new agreement when registering names in new gTLDs.

If you have general feedback you'd like to provide, please provide them by submitting comments below.

 

To Leave a Comment on This Page:  Any user logged into Confluence will see an "Add Comment" button at the bottom of this page, which can be used to leave a comment.  To log in, click the "Log In" button on the gray control bar toward the top of the page, and enter your user name and password.  If you do not have a user name and password, please e-mail seth.greene@icann.org with "Log In" in the subject line.  

  • No labels