<<<
Chronological Index
>>> <<<
Thread Index
>>>
[registrars] Whois TF3 Ballot - Accuracy "Best Practices"
- To: registrars@xxxxxxxx
- Subject: [registrars] Whois TF3 Ballot - Accuracy "Best Practices"
- From: "Ross Wm. Rader" <ross@xxxxxxxxxx>
- Date: Wed, 26 May 2004 13:00:38 -0400
- Organization: Tucows Inc.
- Reply-to: ross@xxxxxxxxxx
- Sender: owner-registrars@xxxxxxxxxxxxxx
- User-agent: Mozilla Thunderbird 0.5a (Windows/20040113)
Registrars,
Whois TF3 is voting on the following "best practices" during the next 24
hours. I do not believe that these recommendations are fully formed, nor
that the report is complete. The proposal includes several last minute
additions by the chair (Brian Darville, IPC) that were not discussed by
the task force. Despite my best efforts, I have been unable to convince
the chair that this is an unfinished proposal and he is pushing forward
with a vote on these statements for inclusion into the Preliminary
Report of the task force.
Once they have been included in the Preliminary Report, the report will
be published for Public Comment. It is not clear whether or not we will
have the opportunity to revise these proposals before they are taken to
a vote of the GNSO Council.
Unless I hear otherwise, I will be voting "no" on each recommendation in
this proposal for the reasons outlined above (I'd be happy to clarify
further if anyone is *really* interested.)
I apologize for the short-time frame for review that this time-frame
gives you, but this is what I have been given to work with and is
generally indicative of the quality of the processes employed by this
task force.
Comments welcomed here or in private email (or call if you are feeling
chatty :-)
----
Proposed Best Practices
The surveys conducted by Task Force 3 provided limited input that could
serve as a basis for identifying and assessing best practices for
improving data accuracy and verification. Taking these limited inputs
into account, the Task Force compiled a list of preliminary
recommendations relating to best practices, which are set forth below.
1) ICANN should work with all relevant parties to continue to create its
ongoing compliance program to ensure that contractual parties are
meeting the WHOIS-related provisions of the present agreements. ICANN
should devote additional resources to such a compliance program in order
to provide adequate support. See
http://gnso.icann.org/issues/whois-privacy/raa-whois-16dec03.shtml.
ICANN should work with and assist registrars in developing, in
consultation with other interested parties, and by a date certain, "best
practices" concerning the "reasonable efforts" which should be
undertaken by registrars to investigate reported inaccuracies in contact
data (RAA Section 3.7.8). See
http://www.dnso.org/dnso/notes/20030219.WhoisTF-accuracy-and-bulkaccess.html.
2) In developing such a program, ICANN should consider:
a) The resources assigned to manage this plan, including up front and
careful consideration of the costs associated with implementing various
recommendations for registrars and flexible options for registrars to
implement the policies in a compliant manner;
b) The specific elements of compliance that the internet community is
primarily concerned with;
c) development and implementation of a graduated scale of sanctions
that can be applied against those who are not in compliance with their
contractual obligations or otherwise violating the contractual rights
under these agreements;
d) Measurement and reporting mechanisms that allow appropriate
analysis of the effectiveness of this ongoing program including existing
compliance assistance mechanisms such as ICANN's online Whois data
inaccuracy reporting tools;
e) Continued outreach to and education of affected stakeholders to
ensure that existing requirements and obligations are understood and met
and that new requirements are captured and appropriately dealt with.
This effort should ensure that ICANN advisories related to this issue
are specifically brought to the attention of newly accredited Registrars
and that resources be made available to the Registrar community to
ensure that the impact and scope of these obligations are apparent and
understood.
f) Requiring that Informational resources be provided to new
Registrants and brought to their attention via the registration
agreement that all Registrants must agree to prior to the activation and
renewal of their gTLD registration, based on a model version of
materials, so that no registrar gains a competitive advantage from
differential treatment of this requirement;
g) Ongoing development and promotion of gTLD Registry, Registrar and
Registrant best practices that foster the accuracy of the Registrant
data contained in the Whois database
3) Any Best Practices that are viewed as being mechanisms for improving
data verification on a global basis should be developed by or under the
direction of ICANN, soliciting the cooperation of responsible
registrars, and disseminated to accredited registrars and other relevant
parties as part of ICANN’s ongoing educational and compliance
initiatives. In such efforts, recognizing that technology/software may
play a role in developing this solution, ICANN should rely on the
competitive marketplace for the provision of relevant technology and
should mandate only the outcome, not how the Registrar accomplishes the
outcome. ICANN should consider retaining an independent third party
which could, on a confidential basis, gather the critical underlying
data germane to assessing current data verification practices in the
registrar and other relevant industries, as well as from selected
ccTLDs. In addition, ICANN should consider the work of the IETF,
including its work on the IRIS protocol being developed by the CRISP
working group.
4) Specific examination of registrar data collection and protection
practices should be undertaken, including investigating all options for
the identification and viability of possible A) automated and manual
verification processes that can be employed for identifying suspect
domain name registrations containing plainly false or inaccurate data
and for communicating such information to the domain name registrant;
and b) readily available databases that could be used for or to assist
in data verification, taking into account the wide variety of situations
that exist from region to region. The GNSO Council or other Appropriate
body should participate in specific examination of registrar data
collection and protection practices to ensure consideration of policy
implications, including various data protection regulations that may
affect certain jurisdictions in which registrars operate.
5) ICANN should also consider including the last verified date" and
"method of verification" as Whois data elements, as recommended by the
Security and Stability Advisory Committee. See Whois Recommendation of
the Security and Stability Advisory Committee, available at
http://www.icann.org/committees/security/sac003.htm. (“Whois data must
contain a "Last Verified Date" that reflects the last point in time at
which the information was known to contain valid data. It must also
contain a reference to the data verification process.”).
6) With input from the relevant contracted parties and other interested
stakeholders, ICANN should solicit direct input from each registrar
relating to its current level of compliance with existing agreements,
and plans to improve the accuracy of Whois data that it collects. The
plans will be made publicly available except to the extent that they
include proprietary data, and registrars that fail to submit plans by a
date certain would be publicly identified. The plans should state
specific steps for improving WHOIS data accuracy, including:
• Identification and public disclosure of a designated contact point for
receiving and acting upon reports of false Whois data;
o Plans to work with ICANN to train employees and agents regarding the
Whois data accuracy requirements;
o Taking reasonable steps to screen submitted contact data for falsity,
including use of automated screening mechanisms, manual checking,
spot-checking, and other verification techniques for submitted data;
• Steps to correct false data in all registrations that are
substantially identical to that in the initially false registration that
has come to the registrar’s attention;
o Steps to improve the accuracy of contact data submitted to it through
re-sellers or other agents
o Measurements for improving performance of the quality of the
registrar’s Whois data
7) ICANN should require domain name registrants to update and correct
Whois data on an annual basis including, for example, clear instructions
to domain name registrants of this obligation and special email
addresses for expedited and priority handling of such updates.
8) ICANN should consider requiring Registrars to verify at least two of
the following three data elements provided by domain name registrants –
phone, facsimile and email – and ensure that these elements function and
that the Registrar receives a reply from these means of communication.
Where none of the three data elements works, than the domain name should
immediately be placed on hold. If only one of the means of
communication works, then the domain name shall be placed on hold for a
period of 15 days in which the domain name registrant shall correct all
of the WHOIS data elements. If the domain name registrant fails to
correct all of the WHOIS data elements during that time frame, the
domain name registration shall be cancelled.
9) Where a domain name registration is cancelled due to the
non-functionality of WHOIS data elements – phone, facsimile, and email –
the domain name can be reconnected for a fee to be set by the registrar.
Upon reconnection of any domain name in circumstances where the domain
name had been placed on hold or was immediately cancelled, the Registrar
shall verify all data elements before reconnecting the domain name. The
Registrar should ensure that the reconnection charge it imposes is
sufficient to cover the costs of the heightened verification it must
perform in reconnecting a previously cancelled domain.
10) ICANN staff should undertake a review of the current registrar
contractual terms and determine whether they are adequate or need to be
changed in order to encompass improved data accuracy standards and
verification practices as a result of the current PDP.
--
-rwr
"Don't be too timid and squeamish about your actions.
All life is an experiment.
The more experiments you make the better."
- Ralph Waldo Emerson
Got Blog? http://www.blogware.com
My Blogware: http://www.byte.org
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|