Public Comment CloseStatement
Name 

Status

Assignee(s)

Call for
Comments Open
Call for
Comments
Close 
Vote OpenVote CloseDate of SubmissionStaff Contact and EmailStatement Number


15 January 2018


Competition, Consumer Trust, and Consumer Choice Review Team – New Sections to Draft Report of Recommendations


ADOPTED

14Y, 0N, 0A


Holly Raiche

ABDULKARIM AYOPO OLOYEDE

Sarah Kiden


11 December 2017


03 January 2018


08 January 2018


12 January 2018


15 January 2018


AL-ALAC-ST-0118-05-00-EN

Hide the information below, please click here 

FINAL VERSION TO BE SUBMITTED IF RATIFIED

The final version to be submitted, if the draft is ratified, will be placed here by upon completion of the vote. 


 


FINAL DRAFT VERSION TO BE VOTED UPON BY THE ALAC

The final draft version to be voted upon by the ALAC will be placed here before the vote is to begin.


Introduction:  This submission should be read together with the previous ALAC submission (dated 13 December 2016) to the Draft Report on Competition, Consumer Trust and Consumer Choice (CCTR).  In this submission, we will only comment on the new sections that impact on Internet end users. We note our earlier response to the Report:

In conclusion, the outcomes of Assessment are, at best, equivocal. While there has been some expansion in registry numbers and new market entrants, only 15% of the new domains have the characteristics of primary registration. From an end user perspective, most of the resultant new registrations are speculative, defensive, unused or parked – adding little of value to end users. And from an industry, there is no clear evidence of lower prices or more choice. Based on this Assessment, there is little evidence of benefit to end users with the introduction of new gTLDs.

The new sections of the Report add useful information and analysis from the three additional reports (a discussion on parking, a study on costs to brand owners, and a study on DNS abuse). Our comments are on parking and DNS abuse. While there is an interesting discussion and recommendations on Rights Protection Mechanisms, the issues raised and recommendations do not impact significantly on end users.

Parking:  Findings from the parking discussions show that 68% of new gTLD registrations are parked.  As the report notes, there are several ways in which a name would be considered as ‘parked’, only one of which is that the name displays advertisements, offers the domain for sale, or is used as a vector to distribute malware. (CCRT p. 8) The report also notes the significant geographic differences in parking practice;  the parking rates for China  are ‘very high’, whereas in the Latin American/Caribbean area, 78% of the new gTLDs are active. (CCTR p. 10-11).  In any case, this report could not ‘identify any direct relationship between parking and DNS abuse’, but suggested there may be ‘some correlation between parking and malware’. (CCTR p. 12) In its recommendation, the report suggests the high rate of parked domains could have an impact on competition in the domain name landscape, and recommends that further information is collected on parking data.

ALAC Supports Recommendation 3 on the collection of parking data.

DNS Abuse: The DNS study provides very useful information not only about the incidence of abuse, but about the situations when it occurs, with real implications on steps that could be taken to address the issue.  The Report noted that there has been a ‘significant increase’ in phishing attacks in 2016.  As the report then notes, some registration operators do not act until there are complaints – contrasting with others who do check registrant credentials, block domain name strings similar to known phishing targets and scrutinize domain name resellers. (CCTR p. 21-2)

The findings suggest, however, is that abuse is ‘not rampant’ – that five new gTLDs accounted for over 58% of blacklisted gTLD domains. (CCTR p. 24).

Early in the discussion on DNS Abuse, the Report includes the nine steps that can be taken to mitigate DNS abuse. (CCTR p. 18).  However, the report then notes that factors such as registration restrictions, price and registrar specific practices are more likely to affect abuse rates, making low priced domain names with easy registrations attractive attack vectors’. (CCTR p. 23)  As the Report then acknowledged, low cost names may also be appealing for registrants ‘with legitimate interests and the overarching goal of a free and open Internet’.  Therefore, the ‘monetary incentives’ targeted at registry operators may be appropriate to prevent ‘systematic abuse’ by supporting proactive screening and the detection of malfeasance’. (CCTR p. 25)

The Report suggests four recommendations to address DNS Abuse.  These include recommendations for;

  • Recommendation A: negotiations on amendments to the registry agreements to provide incentives for the adoption of  proactive abuse measures
  • Recommendation B: negotiations on amendments to registry agreements to including provisions on preventing the systemic use of specific registrars for technical DNS abuse
  • Recommendation C: Conduct a study – that is made publicly available – on the relationship between specific registry operators,  registrars and DNS abuse
  • Recommendation D: (which was not unanimously supported by the CCT WG) to establish a DNS Abuse Resolution Policy (DADRP) to deal with registry operators and registrars that are identified as having excessive levels of abuse.

The Report also includes Recommendation 5, calling for ICANN to: ‘collect data about and publicize the chain of parties responsible for gTLD domain registration.

This recommendation is included as an ‘individual statement’ not included in the body of the report because there was ‘insufficient time’ for it to be fully discussed by the Review Team.  The explanation for this recommendation is that, at present, ‘there is no consistent mechanism for determining all of the ICANN contracted and non-contracted operators associated with a gTLD domain name registration. Whois records often do not distinguish between registrars and resellers. 

The ALAC supports Recommendations A, B,C,D, and ‘Recommendation 5’ relating to DNS Abuse

 


FIRST DRAFT SUBMITTED

The first draft submitted will be placed here before the call for comments begins.


Introduction:  This submission should be read together with the previous ALAC submission (dated 13 December 2016) to the Draft Report on Competition, Consumer Trust and Consumer Choice (CCTR).  In this submission, we will only comment on the hew sections that impact on Internet end users. We note our earlier response to the Report:

In conclusion, the outcomes of Assessment are, at best, equivocal. While there has been some expansion in registry numbers and new market entrants, only 15% of the new domains have the characteristics of primary registration. From an end user perspective, most of the resultant new registrations are speculative, defensive, unused or parked – adding little of value to end users. And from an industry, there is no clear evidence of lower prices or more choice. Based on this Assessment, there is little evidence of benefit to end users with the introduction of new gTLDs.

The new sections of the Report add useful information and analysis from the three additional reports (a discussion on parking, a study on costs to brand owners, and a study on DNS abuse). Our comments are on parking and DNS abuse. While there is an interesting discussion and recommendations on Rights Protection Mechanisms, the issues raised and recommendations do not impact significantly on end users.

Parking:  Findings from the parking discussions show that 68% of new gTLD registrations are parked.  As the report notes, there are several ways in which a name would be considered as ‘parked’, only one of which is that the name displays advertisements, offers the domain for sale, or used as a vector to distribute malware. (CCRT p. 8) The report also notes the significant geographic differences in parking practice;  the parking rates for China  are ‘very high’, whereas, in the Latin American/Caribbean area, 78% of the new gTLDs are active. (CCTR p. 10-11).  In any case, this report could not ‘identify any direct relationship between parking and DNS abuse’, but suggested there may be ‘some correlation between parking and malware’. (CCTR p. 12) In its recommendation, the report suggests the high rate of parked domains could have an impact on competition in the domain name landscape, and recommends that further information is collected on parking data.

ALAC Supports Recommendation 3 on the collection of parking data.

DNS Abuse: The DNS study provides very useful information not only about the incidence of abuse, but about the situations when it occurs, with real implications on steps that could be taken to address the issue.  The Report noted that there has been a ‘significant increase’ in phishing attacks in 2016.  As the report then noted, some registration operators do not act until there are complaints – contrasting with others who do check registrant credentials, block domain name strings similar to known phishing targets and scrutinize domain name resellers. (CCTR p. 21-2)

The findings suggest, however, is that abuse is ‘not rampant’ – that five new gTLDs accounted for over 58% of blacklisted gTLD domains. (CCTR p. 24).

Early in the discussion on DNS Abuse, the Report includes the nine steps that can be taken to mitigate DNS abuse. (CCTR p. 18).  However, the report then notes that factors such as registration restrictions, price and registrar specific practices are more likely to affect abuse rates, making low priced domain names with easy registrations attractive attack vectors’. (CCTR p. 23)  As the Report then acknowledged, low cost names may also be appealing for registrants ‘with legitimate interests and the overarching goal of a free and open Internet’.  Therefore, the ‘monetary incentives’ may be appropriate to prevent ‘systematic abuse’3by supporting proactive screening and the detection of malfeasance’. (CCTR p. 25)

The Report suggests four recommendations to address DNS Abuse.  These include recommendations for;

  • Recommendation A: negotiations on amendments to the RAA to provide incentives for the adoption of  proactive abuse measures
  • Recommendation B: negotiations on amendments to including provisions on preventing the systemic use of specific registrars for technical DNS abuse
  • Recommendation C: Conduct a study – that is made publicly available – on the relationship between specific registration operators and registrars and DNS abuse
  • Recommendation D: (which was not unanimously supported by the CCT WG) to establish a DNS Abuse Resolution Policy (DADRP) to deal with registry operators and registrars that are identified as having excessive levels of abuse.

The Report also includes Recommendation 5, calling for ICANN to: ‘collect data about and publicize the chain of parties responsible for gTLD domain registration.

This recommendation is included as an ‘individual statement’ not included in the body of the report because there was ‘insufficient time’ for it to be fully discussed by the WG.  The explanation for this recommendation is that, at present, ‘there is no consistent mechanism for determining all of the ICANN contracted and non-contracted operators associated with a gTLD domain name registration. Whois records often do not distinguish between registrars and resellers. 

The ALAC supports Recommendations A, B,C,D, and ‘Recommendation 5’

13 Comments

  1. This statement seems to me the best response to the additional information in the updated report, cautious optimism. 


    -Carlton

     

    1. Hi Carlton,

      I'd like to ask whether – by your comment here – you have changed your mind about disagreeing with Recommendation D, or that despite disagreeing with Recommendation D, you think the ALAC should support the Recommendation which discloses a minority view against the proposal to create DADRP? 

      Thanks,
      Justine

      1. Hi Justine

        My eading of Carlton is that he supports Recommdation D - which is about having a dispute resolution for the issue.  I was well aware - as I'm sure Carlton is - that there was a Minority Report in relation to that recommendation, but I personally support the recommendation.  Im happy to hear from others on the issue.

        1. Hi Holly,

          Thanks for your reply but I think I may have been misunderstood. I posed my question to Carlton because he was one of the members of the CCTRT who held the Minority View regarding Recommendation D.

          Cheers,
          Justine

  2. This statement is well written.  Fully agreed.

  3. From Slovene Consumer Association

    On 15/12/2017 13:42, Krisper, Marjan wrote:


    I read your report. It is comprehensive and covers all topics of Competition and Consumer Trust regarding gTlD. Recommendations also cover all problems, so i don't have any additional proposals. The most important are registrars restrictions and enforcement for new gTLD.


    My opinion is that document is too long, almost 150 pages. But this is general problem with all ICANN documents.


    Best regards


    Marjan Krisper
    Slovene Consumer Association



  4. Several comments come to mind:-

    Introduction

    • Para 3 "While there is an interesting discussion and recommendations on Rights Protection Mechanisms, the issues raised and recommendations do not impact significantly on end users" – while what is considered "significant" is subjective, I noted with curiosity that the Independent Review of the TMCH services by AG, as referred to by the CCTRT on p.39-40, did suggest that "...trademark holders appeared less concerned about variations of trademark strings and thus felt that an expansion of the matching criteria may in fact bring little benefit to trademark holders. On the contrary, the potential harm towards non trademark-holder domain registrants could be increased. The latter could find themselves deterred from registering trademark string variations that would not be considered trademark infringement."  Noting that perhaps the term "Internet end users" or "end users" used in this ALAC draft comment refer strictly to Internet end users who have no desire to register for a domain name? Noting also that the PDP WG on RPMs are also looking into this issue.

    Parking

    • It was pointed elsewhere that the parking data which the CCTRT looked at was very expansive, even out of context (as in some of the examples that were listed on p.8 of the New Sections Report as behaviours considered as parking should be not be so and ought to be excluded). I wonder if the CCTRT is in a position to highlight to I*Org on the specific nature of "parking data" to be collected as referred to in its Recommendation 3 in the table on p.6 (also as recommendation 5 on p.12 beyond the text under 'Details').  


    Some suggested edits and/or typos to note:-

    • The reference to 'monetary incentives' in the section on DNS Abuse – can we add "targeted at registry operators and/or registrars" after 'monetary incentives'? Also what is "'systematic abuse'3"?
    • Recommendation A in New Sections Report specifically mentions Registry Agreements (ie RA) not Registrar Accreditation Agreement (ie RAA). Also an omission carried by the CCTRT in the New Sections Report – should be "... adoption of proactive anti-abuse measures."
    • Recommendation C – should be registry operators?
    • 1st para, 2nd sentence – new sections
    • 2nd para, end of 3rd sentence – delete "of" from "...adding little of value to end users."
    • References to "WG" should be to "RT" instead perhaps?

    *I confess I am somewhat confused between the reference to Recommendation 3 in the table on p.6 and Recommendation 5 on p.12*


    Cheers,
    Justine

    1. Thank youfor your recommendations, which will be incorporated into the final draft

    2. To provide more specific feedback on the points you raise:

      • there is no question that, potentially, end users can also become registrants and thus impacted by IP issues. However, the ALAC focus has been on the potentially more direct impacts on all end users of  both parking and DNS Abuse
      • a good suggestion that should be made to the ALAC members of the RT - Kaili and Carlton
      • Edits/typos:
      • happy to add the suggested phrase
      • will make that change on agreement.  However, throughout ICANN discussions, the reference is to DNS abuse, not anti-abuse
      • Recommendation C : actually incudes both registry and registrar operators.  It is not clear as to the other references you make (and I think you are correcting their text, not mine)
      • Willchange WG to Review Team
      • On the confusion - yes, the report does change the numbers as between the summary table and the discussion following. The meaning, however, is clear

  5. I do agree with the first draft.My only comment is on the survey itself. This is because it seems that it's majorly the big companies that responded. 

    1. The Report refers to more than one study: are you talking about the parking survey or the DNS study?

  6. My proposed revised draft, taking into account comments made above, is below:

    Introduction:  This submission should be read together with the previous ALAC submission (dated 13 December 2016) to the Draft Report on Competition, Consumer Trust and Consumer Choice (CCTR).  In this submission, we will only comment on the new sections that impact on Internet end users. We note our earlier response to the Report:

    In conclusion, the outcomes of Assessment are, at best, equivocal. While there has been some expansion in registry numbers and new market entrants, only 15% of the new domains have the characteristics of primary registration. From an end user perspective, most of the resultant new registrations are speculative, defensive, unused or parked – adding little of value to end users. And from an industry, there is no clear evidence of lower prices or more choice. Based on this Assessment, there is little evidence of benefit to end users with the introduction of new gTLDs.

    The new sections of the Report add useful information and analysis from the three additional reports (a discussion on parking, a study on costs to brand owners, and a study on DNS abuse). Our comments are on parking and DNS abuse. While there is an interesting discussion and recommendations on Rights Protection Mechanisms, the issues raised and recommendations do not impact significantly on end users.

    Parking:  Findings from the parking discussions show that 68% of new gTLD registrations are parked.  As the report notes, there are several ways in which a name would be considered as ‘parked’, only one of which is that the name displays advertisements, offers the domain for sale, or is used as a vector to distribute malware. (CCRT p. 8) The report also notes the significant geographic differences in parking practice;  the parking rates for China  are ‘very high’, whereas in the Latin American/Caribbean area, 78% of the new gTLDs are active. (CCTR p. 10-11).  In any case, this report could not ‘identify any direct relationship between parking and DNS abuse’, but suggested there may be ‘some correlation between parking and malware’. (CCTR p. 12) In its recommendation, the report suggests the high rate of parked domains could have an impact on competition in the domain name landscape, and recommends that further information is collected on parking data.

    ALAC Supports Recommendation 3 on the collection of parking data.

    DNS Abuse: The DNS study provides very useful information not only about the incidence of abuse, but about the situations when it occurs, with real implications on steps that could be taken to address the issue.  The Report noted that there has been a ‘significant increase’ in phishing attacks in 2016.  As the report then notes, some registration operators do not act until there are complaints – contrasting with others who do check registrant credentials, block domain name strings similar to known phishing targets and scrutinize domain name resellers. (CCTR p. 21-2)

    The findings suggest, however, is that abuse is ‘not rampant’ – that five new gTLDs accounted for over 58% of blacklisted gTLD domains. (CCTR p. 24).

    Early in the discussion on DNS Abuse, the Report includes the nine steps that can be taken to mitigate DNS abuse. (CCTR p. 18).  However, the report then notes that factors such as registration restrictions, price and registrar specific practices are more likely to affect abuse rates, making low priced domain names with easy registrations attractive attack vectors’. (CCTR p. 23)  As the Report then acknowledged, low cost names may also be appealing for registrants ‘with legitimate interests and the overarching goal of a free and open Internet’.  Therefore, the ‘monetary incentives’ targeted at registry operators may be appropriate to prevent ‘systematic abuse’ by supporting proactive screening and the detection of malfeasance’. (CCTR p. 25)

    The Report suggests four recommendations to address DNS Abuse.  These include recommendations for;

    • Recommendation A: negotiations on amendments to the registry agreements to provide incentives for the adoption of  proactive abuse measures
    • Recommendation B: negotiations on amendments to registry agreements to including provisions on preventing the systemic use of specific registrars for technical DNS abuse
    • Recommendation C: Conduct a study – that is made publicly available – on the relationship between specific registry operators,  registrars and DNS abuse
    • Recommendation D: (which was not unanimously supported by the CCT WG) to establish a DNS Abuse Resolution Policy (DADRP) to deal with registry operators and registrars that are identified as having excessive levels of abuse.

    The Report also includes Recommendation 5, calling for ICANN to: ‘collect data about and publicize the chain of parties responsible for gTLD domain registration.

    This recommendation is included as an ‘individual statement’ not included in the body of the report because there was ‘insufficient time’ for it to be fully discussed by the Review Team.  The explanation for this recommendation is that, at present, ‘there is no consistent mechanism for determining all of the ICANN contracted and non-contracted operators associated with a gTLD domain name registration. Whois records often do not distinguish between registrars and resellers. 

    The ALAC supports Recommendations A, B,C,D, and ‘Recommendation 5relating to DNS Abuse