[ga] Is VeriSign in violation of section 16.C of the 2001 .com Registry Agreement?

[George Kirikos <gkirikos@xxxxxxxxx>]

Hello,

I'd discussed section 16.C in the past at:

http://www.icannwatch.org/article.pl?sid=06/06/28/0231226

An interesting post by Edward Hasbrouk at:

http://forum.icann.org/lists/revised-biz-info-org-agreements/msg00011.html

prompted me to look at:

http://www.treas.gov/offices/enforcement/ofac/

and in particular the list of entities at:

http://www.treas.gov/offices/enforcement/ofac/sdn/index.shtml
http://www.treas.gov/offices/enforcement/ofac/sdn/prgrmlst.txt
("Specially Designated Nationals List", the text version sorted by
program)

If one finds VeriSign doing business with any of those entities, that
would seem to be a no no, wouldn't it?? Anyhow, in the Cuba section, I
noticed:

HOLA SUN HOLIDAYS LIMITED, 146 Beaver Creek Road, Richmond Hill,
Ontario, L4B
1C2, Canada [CUBA]

(there are probably others, but that's just one I found fast by
searching for "Canada")

According to their WHOIS: http://whois.domaintools.com/holasun.com

Registrant: 
Hola Sun Holidays 
  146 West Beaver Creek Road 
  Richmond Hill, Ontario L4B 1C2 
  CA 

Of course, this is a .com -- a registry run by our good friends at
VeriSign. The domain is registered with Network Solutions, which was
once owned by VeriSign. And according to the historic WHOIS at
domaintools.com (membership required):

http://domain-history.domaintools.com/?page=details&domain=holasun.com&vol=2&date=2000-04-11

Domain:	holasun.com
Cache Date:	 2000-04-11
Registrar:	NETWORK SOLUTIONS, INC.

Registrant:
Hola Sun Holidays
146 West Beaver Creek Road
Richmond Hill, Ontario L4B 1C2
CA

And if one looks at the SSL certificate used for that domain name, it
is provided by Thawte, which is owned by VeriSign:

https://www.thawte.com/core/process?process=public-site-seal-cert-details&public-site-seal-cert-details.referer=http://www.holasun.com/

[ organization ]	Holasun Holidays Ltd
[ domain ]	www.holasun.com
[ country ]	Canada
[ current status ]	Valid
[ valid from ]	2006.09.20
[ valid until ]	2008.09.19

So, does VeriSign have the necessary exemptions in place to be able to
register domains or issue SSL certs to these entities? [Other
registries (and registrars) might want to be careful, too.] If not, is
16.C triggered?? I'm not a lawyer (nor play one on TV!), so perhaps
some of the legal eagles on this list might weigh in with their views.

BTW,
http://www.treas.gov/offices/enforcement/ofac/regulations/t11trav.pdf
makes interesting reading, e.g.:

"Can a travel agent in the United States... 

?   do business with Aero Continente, Aerocaribbean Airlines, Cubana
Airlines or Vinales Tours?     Not   those companies, nor any of the
other 2,400 individuals and  organizations on a U.S. Government
Specially Designated list. 

..... And what if a travel agent DOES do any of these things?     
Criminal violations of the statutes administered by OFAC can result in
corporate and personal fines of up to $1 million per count and, in the
case of individuals, a maximum of 10 to 12 years in jail per count.  
OFAC also has independent authority to impose civil penalties from
$11,000 to $1,075,000 per count depending upon the sanctions involved."


One can probably find more examples, including in other gTLD
registries. I leave that as an exercise for gentle readers (finding
ones that use VeriSign certs directly, instead of their Thawte division
might be fun to post).

Given ICANN charges 25 cents per .com, might the same arguments apply
to ICANN itself??!!??

Sincerely,

George Kirikos
http://www.kirikos.com/