[dow3tf] Revised Best Practices-Related Recommendations
Based on this morning's conference call, set forth below are the revised Best Practices-Related Recommendations that we discussed on this morning's call. There is a clean and lined version in Word and a PDF of the clean version. Brian Darville Best Practices The surveys conducted by Task Force 3 did not result in any meaningful level of response that could serve as a basis for assessing best practices for improving data accuracy and verification. Nevertheless, the Task Force compiled a list of preliminary recommendations for potential best practices and for further assessment of best practices, which is set forth below. 1) ICANN should work with all relevant parties to create a uniform, predictable, and verifiable mechanism for ensuring compliance with the WHOIS-related provisions of the present agreements, and should devote adequate resources to such a compliance program. The Registrar Accreditation Agreement makes the requirements clear. See http://gnso.icann.org/issues/whois-privacy/raa-whois-16dec03.shtml. However, this agreement is only as good as the level of compliance with it, and recent decisions by US courts indicate that only ICANN can enforce these agreements. See Register.com v. Verio, Inc., 356 F.3d 393 (2d Cir. 2004). ICANN should require registrars to develop, in consultation with other interested parties, "best practices" concerning the "reasonable efforts" which should be undertaken to investigate reported inaccuracies in contact data (RAA Section 3.7.8). See http://www.dnso.org/dnso/notes/20030219.WhoisTF-accuracy-and-bulkaccess.html 2) A Best Practices document geared toward improving data verification on a global basis should be developed through a continuing ICANN sponsored program. ICANN should consider retaining an independent third party which could, on a confidential basis, gather the critical underlying data germane to assessing current data verification practices in the registrar and other relevant industries, as well as from selected ccTLDs. In addition, ICANN should consider the work of the IETF, including its work on the IRIS protocol being developed by the CRISP working group. 3) Additional work is required regarding the identification and viability of a) automated and manual verification processes that can be employed for identifying suspect domain name registrations containing plainly false or inaccurate data and for communicating this fact to the domain name registrant; and b) readily available databases that could be used for or to assist in data verification. 4) Consideration should be given to inclusion of the "last verified date" and "method of verification" as Whois data elements, as recommended by the Security and Stability Advisory Committee. 5) As a matter of policy, ICANN should ask each registrar to present a plan, by a date certain, for substantially improving the accuracy of Whois data that it collects. The plans will be made publicly available except to the extent that they include proprietary data. The plans should include at least the following features: o identification and public disclosure of a contact point for receiving and acting upon reports of false Whois data; o how the registrar will train employees and agents regarding the Whois data accuracy requirements; o how the registrar will take reasonable steps to screen submitted contact data for falsity, which steps may include use of automated screening mechanisms, manual checking, including spot-checking, and verification of submitted data; o when false data comes to the registrar's attention, whether through a third-party complaint or otherwise, how the registrar will treat other registrations in which the contact data submitted is substantially identical to that in the registration that has come to the registrar's attention; o how the registrar monitors the extent to which contact data submitted to it through re-sellers or other agents is false or significantly incomplete, and what the consequences are for re-sellers or agents whose performance is unacceptable; o how the registrar evaluates compliance by its current registrants with the obligation to provide accurate and current contact data; o how the registrar measures performance in improving the quality of the Whois data it manages. 6) ICANN staff should undertake a review of the current registrar contractual terms and determine whether they are adequate or need to be changed in order to encompass improved data accuracy standards and verification practices as a result of the current PDP. 7) Contracts should be amended to ensure that there is effective enforcement of the contractual requirements germane to domain name registration and the provision of accurate Whois data. The RAA and gTLD registry agreements should be modified to provide for a regime of graduated or intermediate sanctions for patterns of violations of the Whois data accuracy obligations of those agreements. (This recommendation is without prejudice to the possibility that such a regime would also be appropriate for encouraging compliance with other provisions of these agreements.) 8) The PDP with regard to the issues addressed by TF3 should mutate into a further PDP with the following goals: o Research and dissemination of information on practicable and cost-effective methods used to improve the quality of identifying and contact data submitted by customers in online transactions outside the realm of gTLD domain name registration o Development of best practices within the realm of gTLD domain name registration for improving the accuracy, currency, and reliability of contact data in the Whois database ***************************** Attachment:
TF3-Best Practices2.doc Attachment:
TF3-Best Practices2Clean.doc Attachment:
TF3-Best Practices2Clean.pdf
|