Re: [ga] [fwd] [council] Concerns Regarding Report of Deletes Task Force (from: touton@icann.org)

[Joop Teernstra <terastra@terabytz.co.nz>]

At 09:06 p.m. 12/04/2003, Thomas Roessler wrote:
>FYI.
>--
>Thomas Roessler                 <roessler-mobile@does-not-exist.org>
>
>
>
>
>
>----- Forwarded message from Louis Touton <touton@icann.org> -----
>
>From: Louis Touton <touton@icann.org>
>To: council@dnso.org
>Date: Fri, 11 Apr 2003 12:00:24 -0700
>Subject: [council] Concerns Regarding Report of Deletes Task Force
>
>To the GNSO Council:
>
>The agenda for the Council's next meeting (17 April 2003) includes the
>following item:
>
>  "6. Vote to approve the Deletes Task Force recommendations and
>  report for submission to the ICANN Board."
>
>Because the Deletes Task Force commenced work before the GNSO PDP came
>into effect on 15 December 2002, a Staff Manager has not been assigned
>and the Task Force has not otherwise had significant staff
>involvement/support to date. As part of the overall process of
>transitioning to the PDP, Dan Halloran and I have just reviewed the
>Deletes Task Force's Final Report, as posted at
><http://www.dnso.org/dnso/notes/20030323.DeletesTF-final-report.html>.
>
>Based on that review, we have concerns regarding some aspects of the
>report. The purpose of this message is to alert the GNSO Council to the
>staff's concerns with the recommendations as currently framed.
>
>Concern A: The Proposed Mandatory Deletion Policy Does Not Allow for
>Extenuating Circumstances
>
>In its current form, the report makes two recommendations that require
>registrars to delete domain-name registrations within 45 days after they
>expire. These recommendations appear to apply absolutely, not allowing
>exceptions for various extenuating circumstances under which deleting
>registrations by that deadline could harm innocent registrants or result
>in loss of DNS nameservice for other domains.
>
>The recommendations are 3.1.1 and 3.1.2:
>
>  "3.1.1 Domain names must be deleted if a paid renewal has not been
>  received by the registrar from the registrant or someone acting on
>  the registrant's behalf by the end of the Auto-renew Grace Period
>  (generally forty-five days after the domain's initial expiration).
>  As a mechanism for enforcing this requirement, registries may elect
>  to delete names for which an explicit renew command has not been
>  received prior to the expiration of the grace period."
>
>  "3.1.2 Domain names must be deleted within 45 days of the expiration
>  of the registration agreement between the registrar and registrant,
>  unless the agreement is renewed."
>
>It appears that a registrar has no ability to delay deletions past 45
>days in extenuating circumstances. Here are a few hypothetical
>situations intended to highlight the serious problems such an
>unqualified rule could cause:
>
>Hypothetical #1: Shortly before the 45-day deadline, the registrar
>discovers that its contact data for the registrant has been altered due
>to hacking or some other incident in the registrar's systems. The
>registrar concludes that, as a result of the alteration, a renewal
>notice was never sent to the proper address for the registrant, so that
>the registrant has never paid a renewal fee and has never entered into a
>renewed registration agreement. Nonetheless, the registrar is required
>by 3.1.1 and 3.1.2 to delete the registration, resulting in DNS service
>to the registrant being shut off. The service can only be restored,
>after some delay, through restoration under the redemption grace period.
>
>Hypothetical #2: The registrant's main office is located in a building
>that has suffered a disaster due to
>flood/fire/earthquake/war/terrorism/etc. The renewal notice was sent to
>that address, but it appears doubtful that the registrant would have
>been able to complete the renewal process by the deadline. Nonetheless,
>the registrar is required by 3.1.1 and 3.1.2 to delete the registration,
>resulting in DNS service being shut off.
>
>Hypothetical #3: A registration is the subject of court proceedings over
>who is the proper domain-name holder. The court issues an order
>requiring that the registrar "freeze" the domain registration, to
>prevent any changes. The registrant does not pay the renewal fee,
>putting the registrar in the position of either violating the court
>order or breaching 3.1.1 and 3.1.2 (and therefore its accreditation
>agreement with ICANN).
>
>Hypothetical #4: A registrar has submitted a "registrar certificate" to
>a court concerning a domain name that is currently involved in court
>proceedings. In the registrar certificate, the registrar has submitted
>the registration to the court's jurisdiction and has promised not to
>modify, transfer, or delete the registration during the court
>proceedings. No renewal takes place within 45 days after expiration, so
>that 3.1.1 and 3.1.2 require the registrar to act contrary to the
>registrar certificate.
>
>Hypothetical #5: A domain name registered through a registrar is used to
>support the host names of nameservers that provide secondary nameservice
>for 20,000 domains held by other customers, which are registered through
>many different registrars. The registration is not renewed. As a result,
>nameservice for the 20,000 other domains must be migrated to other
>hosts. This is not accomplished in 45 days, and as a result 20,000
>domains disappear from the Internet.
>
>Hypothetical #6: Shortly after the expiration date of a registration,
>the registrar is informed that the registrant has filed for bankruptcy.
>The registrar's legal advisors have cautioned the registrar to refrain
>from terminating services to the bankrupt registrant without court
>permission. Recommendations 3.1.1 and 3.1.2, however, require the
>registrar to delete the registration.
>
>Hypothetical #7: During the 45-day period after expiration, the
>registrant asserts that it has made a renewal payment to the registrar,
>but the registrar has been unable to complete its investigation into the
>payment dispute before the 45-day deadline. The registrar is uncertain
>whether it must delete the registration in order to comply with 3.1.1
>and 3.1.2.
>
>Hypothetical #8: The registrar has a long-standing relationship with a
>registrant; the registrar knows that one of the registrant's domain
>registrations that has expired is for an important and heavily used
>name, and suspects that the registrants' failure to renew was caused by
>an oversight. The registrar is unable to resolve the issue with the
>registrant within the 45-day period. As a result, recommendations 3.1.1
>and 3.1.2 require the registrar to delete the registration, shutting off
>nameservice for the domain.
>
>Based on a plain reading of the recommendations of 3.1.1 and 3.1.2, in
>many if not all of these hypothetical cases the registrar would
>apparently be required to delete names, even though contrary to
>technical prudence or even other legal requirements. While it may make
>sense to prescribe a uniform time frame for registrar deletion of
>expired names, the hypothetical situations described above point to the
>difficulty of making hard and fast rules without allowing for exceptions
>in extenuating circumstances.
>
>Concern B: The Recommendations Concerning Mandatory Disclosures
>Inappropriately Restrict Certain Registrar Business Models
>
>Recommendations 3.1.4 and 3.1.6 seem to prevent registrars from adapting
>and evolving their service offerings over time since they mandate that
>policies and prices be provided "at the time of registration", even
>though the policies and prices may not come into effect until after the
>registration expires (and after the registrant has the opportunity to
>transfer to another registrar). These provisions state:
>
>  "3.1.4 Registrars must provide a summary of their deletion policy,
>  as well as an indication of any auto-renewal policy that they may
>  have, at the time of registration. This policy should include the
>  expected time at which a non-renewed domain name would be deleted
>  relative to the domain's expiration date, or a date range not to
>  exceed ten days in length."
>
>  "3.1.6 Registrars should provide, both at the time of registration
>  and in a conspicuous place on their website, the fee charged for the
>  recovery of a domain name during the Redemption Grace Period."
>
>It is not clear whether registrars would be able to modify their
>procedures or prices at any time after initial registration of a domain
>name.
>
>Also, recommendations 3.1.5 and 3.1.6 seem to obligate all registrars to
>operate websites. In some business models currently available to
>registrars, including reseller models and models used in some regions of
>the world, registrars do not operate principally through websites, but
>use other means to communicate with prospective and actual customers.
>There is no current requirement that registrars operate websites, other
>than for a web-based Whois service. These recommendations appear
>unnecessarily to restrict these alternative registrar business models.
>
>Concern C: Mandatory "Payment" Policies Could Stifle Registrar Business
>Models
>
>Recommendation 3.1.1 (and possibly recommendation 3.1.6) appears to
>require that registrars charge all customers for registration and RGP
>services. Some registrars operate business models under which some or
>all registrants are not charged specifically for registration services.
>In accord with ICANN's mission, Registrar Accreditation Agreement
>§3.7.10 specifically precludes any policy that regulates registrar
>prices: "Nothing in this Agreement prescribes or limits the amount
>Registrar may charge Registered Name Holders for registration of
>Registered Names." By requiring that renewals be paid, recommendation
>3.1.1 contradicts this principle. Implementation of a requirement that a
>fee be charged for renewals would also raise serious concerns under
>relevant antitrust and competition laws.
>
>Concern D: Overlap with Whois Recommendations
>
>On 27 March 2003, the ICANN Board adopted four consensus-policy
>recommendations relating to Whois accuracy and bulk access. One of those
>recommendations states:
>
>  "B. When registrations are deleted on the basis of submission of
>  false contact data or non-response to registrar inquiries, the
>  redemption grace period -- once implemented -- should be applied.
>  However, the redeemed domain name should be placed in registrar hold
>  status until the registrant has provided updated WHOIS information
>  to the registrar-of-record."
>
>This recommendation is currently early in the implementation process.
>
>The Final Report of the Deletes Task Force contains this recommendation
>on the same topic, but proposing a somewhat different policy:
>
>  "3.3.1 The Redemption Grace Period will apply to names deleted due
>  to a complaint on WHOIS accuracy. However, prior to allowing the
>  redemption in such a case, the registrar must update the
>  registration with verified WHOIS data and provide a statement
>  indicating that the data has been verified in conjunction with the
>  request for the name's redemption. The same rules that apply to
>  verification of WHOIS data for regular domain names following a
>  complaint will apply to deleted names."
>
>By proposing overlapping policies so soon after one another, the GNSO
>would significantly complicate the task of implementing the policies.
>
>Thank you for your attention. Please feel free to contact me if you have
>any questions.
>
>Best regards,
>
>Louis Touton
>General Counsel


These appear to be largely registrant-friendly considerations.
Why did the ICANN staff not submit these points during the earlier comments 
period?


-joop-


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html