Registrar Accreditation Agreement (RAA) DT
Sub Team B
TRANSCRIPTION
Wednesday 26 January 2010 at 18:00 UTC
Note: The following is the output of transcribing from an audio recording of Registrar Accreditation
Agreement (RAA) drafting team Sub Team B meeting on Wednesday 26 January 2010 at 18:00 UTC. Although the transcription is largely accurate, in some cases it is incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the meeting, but should not be treated as an authoritative record. jan
Coordinator: Good afternoon and thank you for standing by. I’d like to remind all participants this conference is being recorded. If you have any objections you may disconnect at this time. You may begin.
Gisella Gruber-White: Thank you. Good morning, good afternoon to everyone on today’s RAA Sub Team B call on Tuesday the 26th of January of Steve Metalitz, Michele Neylon, Tatyana Khramtsova, Holly Raiche, Siva Muthusamy, Paul Diaz, Cheryl Langdon-Orr.
From staff we have Margie Milam, David Giza and myself Gisella Gruber-White. We have apologies from Kristina Rosette, from Marc Trachtenberg, and (Nicole Rolter). Please remind everyone to state their names when speaking for transcript purposes. Thank you over to you Steve.
Steve Metalitz: Thanks very much Gisella. And is there anybody on the call that wasn’t named in that list? Okay if not why don’t we proceed? I think we have two really two agenda items on this call.
The first is to review the proposed time table for the rest of our work that I was asked to prepare on the last call and that was circulated a couple of days ago. So we should see if we can come to agreement on that and then the next item is to plunge back into our master chart which I think Margie has updated yet again.
And I believe we’re about to start on Item 9.4 so we can start there with our two tasks one is to determine whether it’s a high or low priority and the other is it that issue on which we have to flag some consensus policy concern. Are there any other agenda items that people wanted to bring up today?
If not let’s go ahead with the time table which I think everyone has seen. I worked backwards from the revised council meeting date which was April 21. And I believe the date by which anything would have to be submitted to be ripe on that agenda is April 7.
I’m sure the staff will correct me if I’m wrong but at least I’m within a day or two I think. And so working back from there I just laid out the tasks that we have remaining there was people’s feelings was we should continue through the chart and not have a parallel effort to work on recommendations for next steps.
And I try to keep to a bi-weekly schedule and I did that except for one of the bi-weeks turned out to be the week of March 8 which is the week of the ICANN meeting in Nairobi. So on the supposition I know some of our members will be there and will be traveling there.
I suggest that we meet either the week before that or the week after that so that means, you know, inevitably there will be a meeting two weeks in a row on one occasion. So that’s the proposal and the floor is open for comments or questions about this proposed time table.
Holly Raiche: I’m happy with it.
Steve Metalitz: Okay hearing no objection we could - can we consider that approved? Holly wants to be recognized I think.
Holly Raiche: No I was just saying I’m happy with it.
Steve Metalitz: Okay I don’t - I’m sorry about that. You know, you don’t need to do the - I mean you can do the Adobe connect hand or just speak up. We’re a small enough group if you want to be recognized.
Okay if there’s no objection then we’ll take that as approved and work from there. I will mention one other thing that we might want to feed in here at some point is toward, you know, toward the end of the process is in some cases we’ve had questions about, you know, what would the contract language look like?
To carry, you know, to deal with some of these topics and it may be that the staff could provide us with some language on that at various points. Again we’re not - our job is not really to negotiate contract language but if people are unclear and don’t know what it would look like in contract language then perhaps the staff could provide something along that line.
But I think we can fit that into our existing time table so I’m not sure we need a separate entry for that. If there’s no further discussion on that why don’t we - Margie has her hand up. Margie go ahead.
Margie Milam: About the contract language you could give us some guidance on what you’re thinking about. Would you want language for high priority, medium priority items? Just, you know, give us direction on how, you know, what kind of language you’d like from us and we’ll go ahead and take care of it.
Steve Metalitz: Okay we can deal with that either as we go along or else on a priority basis. I mean I assume that the high priority is of more interest than the low priority, you know, if there’s some unclarity about the low priority it’s probably less significant. But I think we can proceed on that basis.
Okay so let’s turn back then to the chart. Margie did circulate an update and I think it’s correct that we’ve gotten through 9.3. I don’t know if people have any questions about, you know, what’s in the chart up to 9.3, you know, in terms of whether it’s accurately transcribed, what we decided as far as high or low priority and so forth. You can certainly bring that up now.
Bur failing that maybe we should just start ahead with 9.4 there are actually three I guess there are three proposals under 9.4. Two of them really have to do with the form of business organization of a registrar and providing that information to ICANN.
And the third one they’re actually is about any change to certain facts about the registrar where it’s located, presiding officer, bankruptcy filing and so forth. So I guess those two are similar but not exactly the same.
Are there any comments on any of those proposals and any view on whether that’s high priority, top to be dealt with in the RAA or a low priority? Michele. Does anybody else want to be recognized?
Man: When we had rather hopefully leasing with law enforcements and they clarified a couple of these points I don’t think they - there was no kind of come back from that but I gathered from what he was saying that a couple of the points.
That I raise were subject to some clarification on their end or something like that. I’m just - because there were a couple of things. The 9.4 law enforcement clarifying within the country of operation because that wasn’t very clear.
Steve Metalitz: Right.
Man: The other one is 9.4 the (Neatle) civil actions I mean we all agreed if Steve happened to be in my office and broke his ankle it would really be pertinent for ICANN to know this.
Steve Metalitz: Yes.
Man: This was totally irrelevant so.
Steve Metalitz: Right.
Man: Just on the record, you know, there were a couple of things here that I think needed to be clarified as well but in their current form they’re a bit (unintelligible).
Steve Metalitz: I think you’re absolutely right as far as when we went through this with (Bobby Fling).
Man: Yes that’s all.
Steve Metalitz: Okay. Other comments on this? Do we think this is a high priority or - go ahead. Holly was that.
Holly Raiche: Yes I just a question it seems to me then that this has been clarified that you can look probably through 9, all of 9.4. Did the law enforcement agency see this as critical?
Steve Metalitz: I think so. I mean I don’t know exactly how they would - I don’t want to speak for them but (unintelligible).
Holly Raiche: Michele what was your impression of the discussion?
Michele Neylon: Well my impression of discussion I thought it was very useful. I mean, you know, law enforcement understands that from okay I can only speak from my own - for myself. I cannot possibly attempt to speak for other people within the registrar community so that’s here.
But, you know, the thing is from my perspective as a registrar I don’t have an issue with what they’re trying to do in most instances as long as it is recorded some where.
That for example the country of operation there well that is clarified by the legal civil actions base either be clarified then specifically pertinent to the services the registrar is providing or that it be dropped completely. It’s just that, I think there’s no point in us having getting somebody in from law enforcement to clarify what their wish list is.
And then for those clarifications not to be recorded and collected some where. Otherwise if you move this document some where else afterwards we’re going to end up having the same conversation again in six months time.
Holly Raiche: So is the answer then it’s a high priority but clarify to the extent that what they’re really talking about is information in relation to the business carried on by a registrar.
Michele Neylon: Well we turned to the priority I don’t really have any opinion either one way or the other because the thing is I do have a very strong opinion about what is being asked here because it’s going to affect me directly.
So from a legal perspective (unintelligible) as far as I’m concerned (unintelligible), you know, clarify exactly what is being asked or what you would like to ask of us whether that’s high priority or low priority. It’s largely irrelevant as far as I’m concerned.
Steve Metalitz: Okay well let me suggest that we mark this as high priority with the modifications that Michele listed which are clarifying what’s meant by country of operation and narrowing or eliminating items on the last of the three. So that it only applies to things that are really relevant to the registrar business. Is there any objection to proceeding in that way?
Holly Raiche: No.
Steve Metalitz: Then the staff’s got that captured I’m sure and we’ll have that in the notes column for next time.
Michele Neylon: I’m sorry Steve just one interjection before we move on. I mean, you know, (Bobby) from the FBI spent a good hour going through a lot of this stuff. So I mean it would seem to me that, you know, that stuff that he mentioned or was the case of where, you know, maybe some extra clarification might be forthcoming.
Or that he’s noted or clarified something here it would be useful if that was recorded somewhere or put into this document. Because otherwise, you know, its fine we get outside experts or various different stakeholder groups to, you know, clarify what exactly they’re talking about in these things.
But ultimately it’s fine that I know it. It’s fine that you know us but anybody’s else whose on this call or who follows these calls and listens to the MP3s understands where it’s at.
But ultimately you’re working with a document which somebody’s going to be passed to somebody else who may not have had that opportunity. So I just think it’s, you know, stuff should be noted somewhere that’s all.
Steve Metalitz: I think it will be noted on this point. And I think you’re points well taken and maybe we could ask the staff as they go maybe as they go back through this for the next iteration to look back on the notes of our meeting with (Bobby) and make sure that any points that were seem to be of agreement there would be reflective.
Margie Milam: Steve, this is Margie. I will go ahead and do that. I’ll look at the transcript from that meeting and make sure I pick up those comments in the notes column so we don’t have to go over them over and over again.
Steve Metalitz: Great thank you. Okay so now we’re onto I think we’re on to 9.5 which are three different ways of saying that some of the principle officers and directors of the registrar need to be identified and that information needs to be public and to be kept current.
Any comments on this and any thoughts about priority? And I’ll ask - I’ll roll on Michele if he has any notes about any modifications at the law enforcement people has on their flavor of 9.5 but are there any comments on 9.5? Excuse me.
Michele Neylon: This is Michele again. The - okay that I can collect all the information is fine. One of the things that I can see though as a problem moving forward with all of this is publicly display where, publicly list where? I mean look I can fully understand that you’re - that people are looking for a level of disclosure.
And I don’t have any issue with that. I mean of anybody who, you know, look I’m not hard to find for Christ’s sake. Anybody who has problems finding me really, you know, and it’s the same with, you know, it’s the same with any of the - with certain other people who are involved in this business.
We’re not particularly hard to find. I you can’t find us then it’s obviously you’re not trying too hard. But the things is this, you know, (unintelligible) XY in that. I mean where is the dean publicly displayed? I mean if I put that up on the front page of our Web site then that’s ridiculous.
Nobody gives a damn. If I put us five pages deep into our Web site then somebody might say we’re trying to hide us. It’s just something here about this publicly displaying and publicly listing and all this kind of thing I can just see it as being something that can cause problems further down the road.
And it’s just I can understand the spirit of it. And I think in some respects say for example what we’ve done in Ireland with the ISPAI which is part of your expert European ISP Association is that all members of the ISPAI are required to provide a law enforcement contact.
And that information is collected centrally and it is given to law enforcement because ultimately it’s law enforcement who wants the contact not (Joe Blogs). It’s, you know, Mr. Policeman over in the corner in whichever country and for that we have to follow proper procedure anyway.
And, you know, they’re going to have to follow a particular process if they’re asking us for evidence or whatever. So I mean in some respects maybe it might make more sense.
That we look at this if this is look more in the case of the line of along the lines of this information being made readily available to them through some manner and possibly centralized. I don’t know I just all this publicly displaying stuff I can see as ending up causing more problems than it actually solves just my involved 2 cents.
Steve Metalitz: Other comments on this point? Cheryl.
Cheryl Langdon-Orr: I just wanted slight candor. I understand what Michele is saying. And another thing from a registrant’s point of view some level of conformity, level of where should we want to find such information.
And it looks to me from (Danny Yunger) and our PC working group’s comments in 9.5 that they’re not looking at it from just a law enforcement contact point of view. And in fact the law enforcement agencies comments themselves are talking about display of (unintelligible) are present and other responsible officers.
Now some of course have that as simply, you know, good corporate law and some countries have and jurisdictions have central repositories with this information is held (unintelligible) in public access. So would it be appropriate Michele do you think to have more of a central repository some how, some where updated and legitimized?
Michele Neylon: Possibly. I mean the problem with a lot of these things is that while (Danny), unfortunately (Danny) isn’t on the call so it’s a bit unfair to (unintelligible) so be that as it may. I’ll have to pick on him. You know, (Danny) is saying that he wants registrars to publicly list XY and Z.
But ultimately to what end? I mean to companies that are publicly trading the information is going to be publicly accessible anyway. So for in the case of say I don’t know random large corporation who happens to have a registrar part of the business, you know, there’s a lot of disclosure as you already said Cheryl so to be fair.
But I’m trying to looking at it in terms of the pragmatic that in what are people trying to achieve by this? It’s not simply a case of publicly displaying information and that’s it. There’s a reason why they want to display it.
It’s more a case that they want the access to it at least that’s my understanding. Of course that didn’t answer your question but I’m Irish so I’ll always questions with another question anyway.
Cheryl Langdon-Orr: Fair enough. But I would think that a number of (unintelligible) would think that the matters raised in 9.5 are important. They’re certainly the at large believe it’s essential that these pieces of information on the accessibility for some details on registrars corporate structure and the details of the principle and officers is it commerce public some how.
And I think maybe one of the best and most - less challenging ways and one that gives great predictability to both the supply and the demand side of this discussion is if it’s held in some form of uniform and central repository and maybe that’s a job for ICANN.
Steve Metalitz: Well let - this is Steve. Let me just suggest that we list this as a high priority item but note that the - any requirement for public display would need to be clarified as to where and how.
Cheryl Langdon-Orr: Sure.
Steve Metalitz: And, you know, again I don’t think, you know, we’re not negotiating these provisions now we’re just trying to identify topics. So I think that these are some useful perspectives on this but I would suggest we proceed on that basis.
Michele Neylon: Just as a random thought that might simplify this completely. The internet Web site already has an individual listing page for each and every registrar. So if that information was published there would that satisfy what you’re looking for?
Cheryl Langdon-Orr: In my view yes.
Steve Metalitz: Well in that case I mean maybe another way to deal with this is to say publicly, you know, through ICANN or through internet. I mean I think that would be certainly as far as I know quite satisfactory to the law enforcement people and (Danny) certainly conforms with their proposals. And it certainly conforms with the IPC proposal which was that it be specified to ICANN and kept current. So is there any objection to that?
Michele Neylon: Well it would be - sorry just to cut across. I mean it might be interesting to see what ICANN staff in particular David’s what their views on this are because I mean ultimately they’re the guys that are going to have to enforce this or may have a better understanding of where this is coming from or what’s people are trying to achieve.
David Giza: Yes this is Dave. And thanks Michele I appreciate the lead in. From a contractual compliance perspective the real issue or challenge is keeping the information current. When the registrar leaves and obtains the initial information as part of the accreditation process they do deploy a fairly thorough process too to collect that information.
But then over time the information becomes stale, outdated and other wise, you know, incomplete and so as a result I think the IPC has this right that, you know, that the challenge here is to get this information in the hands of ICANN on a regular basis so that ICANN can then keep this information current.
And then if the recommendation down the road is to make that information available through internet you know, so be it. I think that would as Steve pointed out a topic to be negotiated or discussed later.
Steve Metalitz: Okay. Any further comments on this?
Cheryl Langdon-Orr: No.
Steve Metalitz: Okay I seemed to have - I may have drifted off the - no here it is I guess I’m back here. I lost my Adobe for a moment. Let’s move ahead then to Number 9.6 which is registrar required to provide ICANN with its current registration agreement if any and to keep it current.
I’m glad to explain the motivation behind this which is that obviously there are provisions in the RAA now and will be presumably in the future that specify certain things that have to be in the registration agreement between the registrar and the registrant.
Most registrars have a standard registration agreement not all. And most of them it’s relatively accessible because they’re trying to sell registrations. But that’s not always the case and for those circumstances where there is not a registration agreement available I understand the ICANN staff has had some trouble finding it some times.
So why not tell - make this an explicit requirement that the registrar send a copy of this to ICANN and if it changes its standard agreement send a new one. So any comment on 9.6?
David Giza: Yes this is Dave Giza. I’d like to weigh in on this one Steve.
Steve Metalitz: Okay Dave. Anybody else? Go ahead Dave.
David Giza: You know, I think this one is particularly important from a contractual compliance perspective as well because we recently conducted an audit of several provisions inside of the registrar accreditation agreement where we had to go out and do our own due diligence in obtaining registration agreements from registrars.
As Steve pointed out, you know, many registrars post those agreements on their Web site but others do not. And then we found that even some of the agreements that were posted on the Web sites were not current. And so it created much more complexity.
It created much more time consuming and manual activity for ICANN and all of that could be eliminated quite frankly if there was just a clean, simply obligation on the part of the registrar to provide the current registration agreement, keep it current.
When there’s an update just send an updated agreement to ICANN. And we would keep that information in the database. And it would be very manageable as a result.
Steve Metalitz: Okay any further comments on this point?
Cheryl Langdon-Orr: From a registrant’s point of view I would think it’s particularly important because it will allow the registrant to be able to say well what’s in the agreement and be able to go back to a current agreement to actually understand rights and responsibilities of both parties.
Steve Metalitz: All right. Any further comments? And I think Dave indicated he thought this would be a high priority from a compliance perspective. Is there any objection to listing this as a high priority item?
Cheryl Langdon-Orr: I agree.
Steve Metalitz: All right then we’re done with Section 9. And we’ll move right along into Section 10. The first point here 10.1 is to require uniformity in grace periods as a cross reference here to RAA provision dealing with the grace period - the auto renew grace period. And I think that’s what is basically referenced there.
So let’s open it up for discussion on - we’re now shifting gears from a lot of these disclosure issues to the Section 10 business dealings with registered name holders really the content of the registration agreement or of the way the registrar deals with the registrant. So let’s open discussion on 10.1. I see Siva has his hand up and Michele. So Siva go ahead.
Siva Muthusamy: Hello. (Unintelligible). You can see that (unintelligible). It should be possible (unintelligible) so let’s change that uniformity from minimum (unintelligible).
Steve Metalitz: Okay minimum...
Cheryl Langdon-Orr: Siva I could barely understand every third word that you said. Could you possibly type a synopsis of what you said to us please because I found that impossible?
Steve Metalitz: I think what Siva said was that rather than a uniform grace period the stress should be on a minimum grace period that they could have a longer one but there should be a minimum established in the RAA. Is that correct Siva?
Siva Muthusamy: (Unintelligible).
Steve Metalitz: Okay thank you. So let’s see I have - thank you Siva. Michele you had a comment. Does anybody else want to speak? If not Michele go ahead.
Michele Neylon: This is - I mean this is currently being discussed to death in PD&R.
Cheryl Langdon-Orr: Yes you’re psychic aren’t you Michele?
Michele Neylon: Well just because we’re on the same bloody working groups Cheryl. I mean the problem with grace periods unfortunately does not rest solely with the registrars which by the way I love saying. It’s also something that involves the registry operators.
So in - it’s just worth commenting that, you know, while you may want to make changes to this and several sacred cows may need to be sacrificed for that to happen.
Steve Metalitz: Okay I’m not sure whether you’re saying this is a complex topic that involves a lot of interest which I certainly accept or whether you’re saying it’s something that shouldn’t be an RAA amendment because it’s being discussed in another group. I wasn’t clear on that.
Michele Neylon: Both just to make sure it’s just both I mean it’s an incredibly complex area which I mean it’s - I don’t know I’ll leave Cheryl make a comment because I think she’s dealing with it as well.
Cheryl Langdon-Orr: Thank you Michele. And we have to stop cooperating we’re really ruining our reputations here. The other thing I suppose too is we don’t want things to fall through the crack. We don’t want the PENDR work group to assume that any recognition of RAA amendment changes will be picked up by this group.
And then not attach it, so things - Michele and I are going to stop this call and go straight into the next PENDR work group call, can he and I take on a action item to clarify with the other GNSO work group on the PENDR exactly what it’s understanding and expectations are of this work group to deal with or not in any way, shape or form this issue?
Steve Metalitz: That strikes me as an excellent suggestion. Is there any comment on that?
Michele Neylon: I agree with Cheryl.
Steve Metalitz: Okay. In that case we will list clarify with PENDR in the notes column. And we’ll come back to that. You guys, one of you will report back to us as to...
Cheryl Langdon-Orr: Michele will.
Steve Metalitz: I’ll let you fight that out. Okay.
Michele Neylon: Cheryl you’ll be getting a rude wait from me shortly.
Steve Metalitz: Okay moving right along to Item 10.2 direct transfer clauses. And I think this is in reference to a provision in the registrar agreement that would at the expiration of your registration period you’d transfer it to the registrar or to a third registrar associated third party.
So I think (Danny) is suggesting that this should not be - this should be a prohibited clause in the registrar agreement. The registrar shouldn’t be allowed to require this. So I’ll open the floor to discussion on Item 10.2. Any comments on this?
Michele Neylon: I have one I suppose.
Steve Metalitz: Okay go ahead.
Michele Neylon: This is one of the things that has come up in the post expirees. Now my personal take and this is purely my own personal take and obviously that’s all I can’t speak for anybody else on this. And I think a lot of the problem or the perceived problem here is when it’s not made clear to the registrant what’s going to happen to the domain post expiring.
The - removing the clause or not removing the clause isn’t really the issue. The issue is more a case of transpired (unintelligible) to the post expiry and (unintelligible) procedure and everything.
Steve Metalitz: Well that’s not quite how I read this suggestion. It’s not saying you have to disclose what your policy is. It says your policy cannot be this. I cannot be that on expiry the name automatically goes back to the registrar. It should be going to the pool. I think that’s what (Danny)’s proposing.
Michele Neylon: No I can say with all due respect I can read exactly what (Danny) has said and I understand exactly what he’s saying. But based on the very lengthy conversations we’ve had surrounding this kind of topic the root calls would appear to be why this is causing people headaches and why people have an issue with this is that they’re not aware of what happens to the domain if you follow me.
Steve Metalitz: Cheryl I think you wanted to be recognized.
Cheryl Langdon-Orr: Only in support of what Michele is saying and it certainly appears in the extensive discussions we’ve had in PENDR that the registrant’s frustration is directly and concern over things like this is directly correlated with their understanding of what is licensing versus what is ownership and what is their rights and responsibilities.
And there is a rather murky requirement but one where I think clarify at the moment where understanding of exactly what it is you have contracted for what period and what it is you need to know about might happen should you fail to do certain things by certain landmark times.
We’ll basically make this for most people not all people but we can’t keep everybody happy. But for most people far more satisfied than appears to be the case now.
Holly Raiche: But I would repeat the question clarification is one thing is this not simply a requirement to say look what has to happen is it has to go into a pool. Isn’t that what (Danny)’s saying? And clarification is simply well A, it doesn’t go into a pool B, it does go into a pool where as what (Danny)’s saying is well one of those options shouldn’t be available.
Cheryl Langdon-Orr: Well understand what (Danny)’s saying (Danny) is thinking in (Danny)’s voice what I’m making clear is the conceited opinions of many voices in discussion in another work group.
Steve Metalitz: Okay so Cheryl is this another topic that would be appropriate for you to go to the PENDR and ask what their expectations are? Or are you saying this shouldn’t be dealt...
Cheryl Langdon-Orr: When I wrote this is a ditto to 10.1 in my opinion that’s exactly what I meant.
Steve Metalitz: Okay all right. So let’s - let me ask...
Cheryl Langdon-Orr: Michele still has his hand up and I jump in albeit by invitation.
Michele Neylon: Well I mean I just - I would just add one thing to this. And I mean it’s just based on the experience in say for example COUK. Within the COUK CCTLD a registrar cannot take over a domain name directly in the manner that is possible currently with the GTLD.
So one might think logically that it isn’t an issue. What concerns (Danny) is a non issue. The reality is as the best people and companies, organizations in some cases they are individuals will basically achieve the same results by simply snapping the domains as they drop.
So realistically speaking putting in a clause there won’t actually solve the problem that he’s trying to solve. All it’ll do it will just move the problem to somewhere else.
Holly Raiche: Okay and so what I’m understanding is it’s not only it’s through clarification the problem will be solved.
Michele Neylon: Well it won’t be solved for everybody because no matter how many times you clarify something (unintelligible). You drive on what type of mode you drive on (unintelligible). If you hang around near motor ways for long enough you will still people driving up a motor way the wrong way.
Holly Raiche: Yes okay.
Steve Metalitz: Not for long.
Cheryl Langdon-Orr: And there are consequences to that.
Holly Raiche: I think that’s a self correcting problem actually.
Steve Metalitz: Yes okay let’s - I see Paul had his hand up and I just want to call everyone’s attention to Siva’s comments in the chat because I know he’s - we have a little trouble hearing him. But his comments are in the chat box so please take a look at that and Paul you had a comment.
Paul Diaz: Yes thanks Steve. You know, questions for the group I’m part of the other team. I’m subbing - filling in for (Staten) today. He wasn’t available. You know, on the other team we’re working ironically looking to this team to provide the list of all things.
You know, it’s kind of a chicken and egg situation but one question I just have in trying to have legs in both feet right now is this particular proposal 10.2 coming from Mr. (Yunger). And, you know, is this group considering by what right or rights the wrong word.
By what authority is - are any of these recommendations potentially taking away an existing services in the market place? And more importantly what is not at all reflected in (Danny)’s comment is that not all registrars have these sorts of clauses.
And in many cases and I’ll use my own registrar network solution as an example. We very explicitly made it very clear to registrants who are our customers if they want to opt out of having their name go through an auction process at the end they can do that.
And we will drop the name for them. We will respect their wish and drop the name. So, you know, it seems like a very draconian measure just do away with this particular ability when it will impact existing business interests and it will sort of take away a competitive differentiator that exists among some registrars as well.
I’m just left wondering okay there’s a lot of good stuff. And as Siva’s mentioning, you know, PENDR can discuss. In that other group we often bring back the idea but what about the market dynamics, the affects.
Don’t make policy in a vacuum. How will it impact what’s going on in the market place? And the importance that ought to exist a lot of the things that are done or not done often serve as a way to distinguish one registrar from another.
Steve Metalitz: Well let me just Paul let me just respond to this. You haven’t been in these discussions just to remind everyone that we’re not really debating the merits of these provisions. We’re trying to identify topics that were brought to us as high or low priority or if they’re unclear then that’s another point.
But I think this one is reasonably clear. But I think we have a suggestion from Cheryl that we ask this other working group are they handling this issue. And to me that’s kind of a question under our Task 2 which is to identify any points on which there’s a potential consensus policy issue because I assume that’s what that working group is working toward.
So I guess I’d like to get back to whether people are okay with doing a ditto on this as we did on 10.1 and asking Cheryl and Michele to come back to us with a report from that other working group. Or do we feel that there should be some other - this should be assigned a different priority?
Those are our options I think. Any comments on that? Okay again I see Siva’s commented that this isn’t - he feels this is a proper topic for the RAA amendments. And I have some sympathy for that view.
But let us I don’t think it’ll hold us up too long if we ask Cheryl and Michele to let us know what - if they can bring this up in the other working group and let us know what reaction there is. And then we can proceed accordingly.
Okay moving on to 10.3 privacy and security registrant records there’s three related proposals from the staff about requiring registrars to notify ICANN and then to registrants about security breaches.
Other comments on what priority we should assign to those proposals. Cheryl you wanted to speak. I don’t know if anyone from the staff has any comments they want to offer too. But Cheryl why don’t you go ahead.
Cheryl Langdon-Orr: I feel this is a very high priority. And I’m speaking with absolute bias from CCTLD experience where it’s only the existence of a similar clause that has allowed us to act in the best interests of our registrants and to protect very sensitive security and credit card information.
Steve Metalitz: Okay vote for high priority. I think Siva has his hand up. Anybody else? Dave Giza. Siva go ahead if you want to just speak.
Siva Muthusamy: (Unintelligible). So (unintelligible) to ask to store data in (unintelligible). All the registrant’s data (unintelligible) and so that will take care of the problem of possible breach.
Steve Metalitz: Okay so Siva if I understand you’re suggesting that registrars would not store any data but they would put it in a central repository (unintelligible) requirements where they have to put some information in a central repository. They have to ask for certain information but this is separate from that.
Siva Muthusamy: (Unintelligible) all data (unintelligible).
Steve Metalitz: Okay thank you. Dave I think.
Cheryl Langdon-Orr: Could you repeat that? Thanks.
Steve Metalitz: Again I think Siva was saying that all the data collected by registrars should be stored in a central repository with adequate security and that would mean that would eliminate the risk of security breaches of data that is held by the registrar.
Cheryl Langdon-Orr: I take a deep breath every time I hear central repository of data. I get very frightened because that becomes even more of a privacy threat.
Steve Metalitz: Okay I think Dave was the next in the queue.
David Giza: Thank you Steve. Steve this is a particularly high priority item for ICANN. And I’ve discussed this one with (Greg Retrey). It’s part of our security initiatives, you know, going forward. And so, you know, I would recommend to the group that we keep this as a high priority item.
Because security breaches with respect to any portion of a registrar’s system can and in many cases will impact registrants as well as ICANN. And so I think the idea here is to find that, you know, eventually when it’s time to negotiate to find that reasonable ground with registrars in terms of how registrars, you know, will notify ICANN of security breaches and then provide some reassurance.
The registrar provide some reassurance that, you know, that reasonable steps will be taken, you know, to prevent, you know, further unauthorized access to their accounts. And I do believe registrars can do that and so again I would put this as a high priority item.
Steve Metalitz: Okay thank you. Michele and then let’s try to wrap up on this.
Michele Neylon: I think there’s been a couple as such reports and documents over the last 12 or 18 months and other people on this call may recall with regard to security and everything else. And I think I could be completely wrong. Steve Crocker addressed that at one of the meetings recently and there was some discussion about coming up with some baseline security standards that could be applied.
And I think all that’s all move in the right direction and ultimately most of us are processing credit cards so therefore we would have to be PCIDFF compliant at one level or another. I’m sorry but I have to completely reject any suggestions for a centralized deposit of customer data.
It’s not going to happen. Anybody who suggests that no forget it. That’s absolutely insane you put it all in one place and then you’ve got - you’re giving everybody one central place to attack. I fail to see the logic behind that.
Demand high level security from registrars I don’t have any issue with that whatsoever. Centralized deposits not going to happen I’ll tear up my RAA and I’ll go back to teaching languages. I mean no way I’d do it. No way.
Steve Metalitz: Okay.
Holly Raiche: I support that as well just a central repository is a very scary thing from a privacy perspective. And I think security is one half of it and then a report when security doesn’t work is the other half. And I think we’re on the other half which is you should in some way report breaches of your own data which I cannot imagine anybody would be comfortable putting into a central repository.
Steve Metalitz: Okay Dave and Cheryl and I’d just call your attention to Siva had some responses in the chat window. But Dave and Cheryl, Dave first.
David Giza: Thank you Steve. Two points here. Number one, I completely agree with Michele on this issue and, you know, and staff is not advocating for a central repository for this information.
I think many of you know that we have a registrar data escrow program in place right now in order to protect registrants. If a registrar goes out of business so, you know, I feel fairly confident that that program is working well and it’ll serve that intended purpose.
Steve Metalitz: Okay thank you. Cheryl then we’ll wrap up...
Cheryl Langdon-Orr: Thank you and thank you Dave perfect send to what I was going to say Dave. I was saying that, you know, the escrow and repository issues as they are built to protect from loss important registrant information is entirely different to the requirement and the highly mandated requirement to keep any breach of established and agreed security.
Without us having an instantaneous reporting or reporting within X number of hours of being aware of it. I think it’s very important that it’s a high priority. And it’s something to again to have a lot more discussion of. But I think we’re starting to mix apples and oranges.
Steve Metalitz: Okay so my conclusion from this discussion is that this is a high priority item 10.3 and we will move onto 10.4. This is basically right now the registrar has the ability to cancel a registration for a breach of certain provisions in 3.7.7. This would make that mandatory after providing appropriate notice.
And just to give an example because the citation may not be that meaningful. Three point seven point two says that if the registered name holder willfully provides inaccurate or unreliable who is information, if it fails to update, willfully fails to update its information.
Or it doesn’t respond for 15 days to an inquiry from registrar about the accuracy of contact details that constitutes a material breach of the contract and can be a basis for a registered name cancellation. That’s the current - in fact that’s been in the RAA since the beginning.
And this proposal is directed to making that mandatory under certain circumstances rather than just leaving it up to the registrar. So I think from the IPC perspective this is an important issue and one that we think should have high priority.
I know there have been some registrar advisories that have been issued about circumstances under which ICANN encourages registrars to cancel registrations. But this would bring it into the RAA itself as a mandatory provision. So I’ll open the floor to any comments on this. Dave.
David Giza: Yes thank you Steve. For the benefit of the working group I just wanted you to be aware that we recently performed a Section 3.7.7.3 audit and as Steve pointed out, you know, many registrars fail to incorporate all of the provisions of 3.7.7, you know, 1 through 5 in their registration agreement.
And I do believe that some times that’s just an over sight on the part of registrars. But this would be a very instructive and I think efficient way to make sure that those provisions in the RAA under 3.7.7.3 literally become, you know, mirror image to NA registration agreement.
Thereby providing the kind of clarity that would help registrars and I believe registrants. So, you know, therefore I think this ought to be a high priority item.
Steve Metalitz: Thank you. Holly.
Holly Raiche: Yes I think the way you explained it made a lot more sense. The summary simply seems to indicate a very much broader obligation to terminate for if they’re in breach. So the way that you read 3.7.2 which is essentially if the registrant has given incorrect information.
And they have been approached and they have not responded and so forth then yes maybe termination. I guess my suggestion would be to tighten up the language so it’s very clear what we’re talking about.
This registrant inability to provide the correct information recognizing that there may be circumstances which in fact the registrant can be - there may be circumstances in which this isn’t something that should necessarily be to breach. But the way that the 3.7.7.2 is worded is probably a little bit better and more exact.
Steve Metalitz: Okay thank you. Michele. Michele, did you have your hand up?
Michele Neylon: Sorry just take myself off mute and my phone wasn’t cooperating. I mean the way that for example in (Dotau) that this is handled is nice in that if there is a perceived breach of the registrant data whatever they have a chance to rectify that.
If they don’t rectify within a timely fashion the domain name is suspended or deleted or whatever. And I just think it is important though that you do allow people an opportunity to rectify a breach because some times it just happens by accident. I mean, you know, people are humans.
And some times people they’ll make screw ups or a domain transfer can lead to all sorts of weird data being pulled across. And of course if you have an overly – well I’ll use the word dammit – rabid trademark occur that one period of time when the registrant data is not 100% compliant.
And I use compliant (unintelligible) here. But I don’t think that that is not reasonable and would cause other issues both for the registrar, the registry and ICANN so we’re forced to bluntly.
I mean I’m amazed in some cases that some of these that ICANN hasn’t been sued and that registrars haven’t been sued left, right and center for some of these things. I mean just, you know, you have to be reasonable as well. Just because some people are evil doesn’t mean that everybody is.
Steve Metalitz: Okay Paul and then we’re going to have to wrap up.
Paul Diaz: Sure thanks Steve. On this particular question I wonder has this group - is anybody participating in the registration abuse policies working group? Probably not I ask because I know this particular issue has been addressed by that group.
While I’m not part of it I was asked to do a little research about network solution experience here and this question or this suggestion I should say that registrars be required to cancel a name is really I think kind of problematic. Again it’s an extreme approach.
In that cancellation is sort of a nuclear option right and there could be things short of that. And what I found in our research is that there are a lot of cases some of which are published a lot of them unfortunately are not. But a lot of cases where over the year’s network solutions has gone and actually taken us a cancellation.
And we’ve been sued by the registrants and then we have incurred multi tens of thousands in legal fees defending ourselves for following our service agreement which is, you know, drafted in part around requirements coming out of the RAA.
And, you know, the long and short of it that as a registrar we would much rather have - we really expect to continue to have the ability to make the decision ourselves on how to proceed on a case where there’s some alleged or determined abuse or misuse or if you want to use the term breach in the agreement.
But requiring a very strong step like canceling the name is really going to be problematic. And for the group I think that, you know, probably want to really think through do we want to take it as far as is being suggested here or at least raise the issue that more could be done and, you know, perhaps soften it to okay.
Steve Metalitz: Well I appreciate you raising this issue. Like your last comment this is really not appropriate for this group and I know you have...
Paul Diaz: Okay I’m sorry I keep coming back to...
Steve Metalitz: We’re not debating the merits of this or when it shouldn’t, you know, the details on when it should or shouldn’t apply. We’re just trying to identify which are the priority items here for consideration as possible topics for new RAA amendments.
And I think we heard from Dave that this would be an important area to address. But I think there are also concerns about the need to have this, you know, have language - have it drafted tightly let’s put it that way because not all 3.7.7 breaches are created equal. At least that was my sense from Holly and others here so.
Paul Diaz: Thanks Steve. I’m sorry I keep forgetting the limits of the scope of the group.
Steve Metalitz: Yes I think, I mean I think the staff can capture that - can capture those comments and we can move onto the next topics. But I see Holly did you have your hand up again?
Holly Raiche: Sorry no.
Steve Metalitz: All right. Okay well we’ve kind of reached the end of our time here. And we will - we do now have a time table but I think it is going to require us to be pretty disciplined about again trying to stick to setting priorities or prioritizing proposals and identifying any consensus policy issues.
Otherwise I don’t think we’re going to be able to keep to that time table. So let’s try to do that remember we still have several items that are open for discussion on the list dealing with Sections 5 through 8 of this chart. I’m sure Margie will update the chart to reflect what we or the staff will update the chart to reflect what we go through today.
We will send out a (Dotau) poll for week after next so the week of February 8 and we’ll try to set a time for our next call then. And are there any last comments that people want to make before we adjourn?
Holly Raiche: Yes just one note 10.5 seems to be absorbed in the way that 10.1 came out because it seems to raise much the same issue. Can we just consider that 10.5 is part of the action items on 10.1?
Steve Metalitz: I’m happy to do that subject to Cheryl or Michele telling us that it’s not appropriate. It seems to be...
Cheryl Langdon-Orr: I agree 100% and in fact it was a point I was planning to make so I think 10.5, 10.1 and 10.2 we’ll get back to you on.
Steve Metalitz: Terrific and so thank you Holly that means we’ve gotten through entirely through Section 10. And so we can get on Section 11 when we reconvene in two weeks.
Holly Raiche: Thanks Dave.
Steve Metalitz: Thanks everybody. Okay bye.
END
