[council] IPC Statement - Critical OPoC Implementation Questions and Issues

["Rosette, Kristina" <krosette@xxxxxxx>]

Further to the request made during the 15 March GNSO Council meeting and on 
behalf of the IPC, please find set forth below a statement identifying critical 
OPoC implementation questions and issues.

Kristina Rosette

-*-

The OPoC proposal leaves unanswered at least six critical questions:

(a)  On what issues is the OPoC expected to act?  "Operational issues relating 
to a domain name" is only minimally defined, and probably does not include many 
issues for which the public relies on Whois access today.  For example, today 
Whois provides a means to quickly identify and contact a party responsible for 
content on a web site to which the domain name resolves - content that may be 
part of the perpetration of an online fraud, or that may violate intellectual 
property rights.  Unless this is treated as an "operational issue related to a 
domain name," the presence of contact information on the OPoC is useless to the 
party seeking to curtail the fraud or to resolve the intellectual property 
infringement, and contacting the OPoC on these issues would be a fruitless 
gesture.

(b)  What is the OPoC supposed to do?  Its "purpose" includes "pass[ing] on 
data."  Is this purpose fulfilled if the OPoC simply notifies the registrant of 
a query and does nothing more?  If so, contacting the OPoC would not only be 
fruitless but often counter-productive, since it could alert an infringer or 
other wrongdoer of the existence of an investigation and prompt him to take 
evasive action.   Nothing in the OPoC proposal indicates that the OPoC is 
authorized to provide the querying party with the real contact information for 
the registrant.

(c)  How quickly must the OPoC act?  Even if a matter falls within the range of 
issues for which the OPoC has responsibility, and even if the OPoC responds by 
providing the requester with the contact data of the registrant (assuming that 
the OPoC is even authorized to do this), this process will inevitably be far 
slower and less efficient than the status quo, in which contact data is 
available via Whois almost instantaneously.  If the OPoC does not put the 
requester into direct contact with the registrant, but instead remains in the 
role of a go-between through whom all communication must be channeled, delay is 
virtually guaranteed.  Accordingly, many of the efficiencies achieved by quick 
contact with the registrant and prompt resolution of the matter will be lost.   

(d)  What if the OPoC fails to act or to act promptly?  The OPoC may do 
absolutely nothing (indeed, there is nothing to prevent a registrant from 
designating an OPoC who does not even know the registrant or how to contact 
him/her/it).  The proposal provides the requester with no recourse in this 
case.  The OPoC would owe no contractual duty to ICANN, either, so ICANN would 
appear powerless as well to do anything about an OPoC that fails to act.  The 
likely result would be more requests to the registrar/registry (whether through 
litigation or other channels) for actionable contact information to be 
divulged, thus increasing costs both for requesters and for 
registrars/registries. 

(e)  Under what circumstances would true contact information for the registrant 
be provided to those with a legitimate need for it?  This huge gap in the OPoC 
proposal has been identified, not only by active  users of the current Whois 
system --- from law enforcement agencies and intellectual property owners to 
financial institutions and major charities seeking to combat online fraud --- 
but also by domain name registries and some registrars, as a major unanswered 
question.  In short, interposing an "operational point of contact" between the 
Whois requester and the registrant will generally make the process of 
contacting the registrant slower, more difficult, and less reliable than it is 
today.  The benefits for all parties of quick contact and prompt resolution 
will be largely forfeited; more cases will have to be resolved through more 
formal channels, including litigation; and expense, delay  and uncertainty are 
likely to increase for all concerned.  

(f)  How will requesting parties make jurisdictional determinations and satisfy 
due process requirements?  Some proponents of OPoC have contended that parties 
seeking more detailed registrant information are free to do so via the 
applicable judicial system.  In truth, however, the absence of complete address 
information will make it exceedingly difficult - if not impossible - for a 
party seeking to obtain such information to identify in the first instance the 
court that would have the jurisdiction over the registrant that is required to 
proceed.  This will be true in every state or province that contains more than 
one judicial district.  Even if the party seeking such information is able to 
identify the correct court, the OPoC proposal - as written - would prevent the 
registrant from being formally served with notice of the proceeding consistent 
with due process requirements. The registrant name, state/province, and country 
information will not provide sufficient detail to permit service on the 
registrant and the OPoC has no current obligation to forward such service.  
Even if it did, it is far from clear that service via the OPoC would satisfy 
due process requirements.