Re: [nc-deletes] FW: [council] Concerns Regarding Report ofDeletes Task Force
Thanks for this. Some of the points, especially with regard to the
ramifications of a uniform policy, were, I think, contemplated by the task
force. Other points reveal ambiguities in our drafting that ought to be
easily solved by a rewording. The whole report, however, probably warrants a
thorough review in light of the staff report.
Procedurally, what can we do at this point? My sense is that it will be
easier for the task force to consider the staff report, having been involved
more deeply in these issues, than to ask the NC to deal with it. Is there a
mechanism that would allow us to reconcile the task force report with the
Jordyn Buchanan wrote:
> -----Original Message-----
> From: Louis Touton [mailto:firstname.lastname@example.org]
> Sent: Friday, April 11, 2003 3:00 PM
> To: email@example.com
> Subject: [council] Concerns Regarding Report of Deletes Task Force
> To the GNSO Council:
> The agenda for the Council's next meeting (17 April 2003) includes the
> following item:
> "6. Vote to approve the Deletes Task Force recommendations and
> report for submission to the ICANN Board."
> Because the Deletes Task Force commenced work before the GNSO PDP came into
> effect on 15 December 2002, a Staff Manager has not been assigned and the Task
> Force has not otherwise had significant staff involvement/support to date. As
> part of the overall process of transitioning to the PDP, Dan Halloran and I
> have just reviewed the Deletes Task Force's Final Report, as posted at
> Based on that review, we have concerns regarding some aspects of the report.
> The purpose of this message is to alert the GNSO Council to the staff's
> concerns with the recommendations as currently framed.
> Concern A: The Proposed Mandatory Deletion Policy Does Not Allow for
> Extenuating Circumstances
> In its current form, the report makes two recommendations that require
> registrars to delete domain-name registrations within 45 days after they
> expire. These recommendations appear to apply absolutely, not allowing
> exceptions for various extenuating circumstances under which deleting
> registrations by that deadline could harm innocent registrants or result in
> loss of DNS nameservice for other domains.
> The recommendations are 3.1.1 and 3.1.2:
> "3.1.1 Domain names must be deleted if a paid renewal has not been
> received by the registrar from the registrant or someone acting on
> the registrant's behalf by the end of the Auto-renew Grace Period
> (generally forty-five days after the domain's initial expiration).
> As a mechanism for enforcing this requirement, registries may elect
> to delete names for which an explicit renew command has not been
> received prior to the expiration of the grace period."
> "3.1.2 Domain names must be deleted within 45 days of the expiration
> of the registration agreement between the registrar and registrant,
> unless the agreement is renewed."
> It appears that a registrar has no ability to delay deletions past 45 days in
> extenuating circumstances. Here are a few hypothetical situations intended to
> highlight the serious problems such an unqualified rule could cause:
> Hypothetical #1: Shortly before the 45-day deadline, the registrar discovers
> that its contact data for the registrant has been altered due to hacking or
> some other incident in the registrar's systems. The registrar concludes that,
> as a result of the alteration, a renewal notice was never sent to the proper
> address for the registrant, so that the registrant has never paid a renewal
> fee and has never entered into a renewed registration agreement. Nonetheless,
> the registrar is required by 3.1.1 and 3.1.2 to delete the registration,
> resulting in DNS service to the registrant being shut off. The service can
> only be restored, after some delay, through restoration under the redemption
> grace period.
> Hypothetical #2: The registrant's main office is located in a building that
> has suffered a disaster due to flood/fire/earthquake/war/terrorism/etc. The
> renewal notice was sent to that address, but it appears doubtful that the
> registrant would have been able to complete the renewal process by the
> deadline. Nonetheless, the registrar is required by 3.1.1 and 3.1.2 to delete
> the registration, resulting in DNS service being shut off.
> Hypothetical #3: A registration is the subject of court proceedings over who
> is the proper domain-name holder. The court issues an order requiring that the
> registrar "freeze" the domain registration, to prevent any changes. The
> registrant does not pay the renewal fee, putting the registrar in the position
> of either violating the court order or breaching 3.1.1 and 3.1.2 (and
> therefore its accreditation agreement with ICANN).
> Hypothetical #4: A registrar has submitted a "registrar certificate" to a
> court concerning a domain name that is currently involved in court
> proceedings. In the registrar certificate, the registrar has submitted the
> registration to the court's jurisdiction and has promised not to modify,
> transfer, or delete the registration during the court proceedings. No renewal
> takes place within 45 days after expiration, so that 3.1.1 and 3.1.2 require
> the registrar to act contrary to the registrar certificate.
> Hypothetical #5: A domain name registered through a registrar is used to
> support the host names of nameservers that provide secondary nameservice for
> 20,000 domains held by other customers, which are registered through many
> different registrars. The registration is not renewed. As a result,
> nameservice for the 20,000 other domains must be migrated to other hosts. This
> is not accomplished in 45 days, and as a result 20,000 domains disappear from
> the Internet.
> Hypothetical #6: Shortly after the expiration date of a registration, the
> registrar is informed that the registrant has filed for bankruptcy. The
> registrar's legal advisors have cautioned the registrar to refrain from
> terminating services to the bankrupt registrant without court permission.
> Recommendations 3.1.1 and 3.1.2, however, require the registrar to delete the
> Hypothetical #7: During the 45-day period after expiration, the registrant
> asserts that it has made a renewal payment to the registrar, but the registrar
> has been unable to complete its investigation into the payment dispute before
> the 45-day deadline. The registrar is uncertain whether it must delete the
> registration in order to comply with 3.1.1 and 3.1.2.
> Hypothetical #8: The registrar has a long-standing relationship with a
> registrant; the registrar knows that one of the registrant's domain
> registrations that has expired is for an important and heavily used name, and
> suspects that the registrants' failure to renew was caused by an oversight.
> The registrar is unable to resolve the issue with the registrant within the
> 45-day period. As a result, recommendations 3.1.1 and 3.1.2 require the
> registrar to delete the registration, shutting off nameservice for the domain.
> Based on a plain reading of the recommendations of 3.1.1 and 3.1.2, in many if
> not all of these hypothetical cases the registrar would apparently be required
> to delete names, even though contrary to technical prudence or even other
> legal requirements. While it may make sense to prescribe a uniform time frame
> for registrar deletion of expired names, the hypothetical situations described
> above point to the difficulty of making hard and fast rules without allowing
> for exceptions in extenuating circumstances.
> Concern B: The Recommendations Concerning Mandatory Disclosures
> Inappropriately Restrict Certain Registrar Business Models
> Recommendations 3.1.4 and 3.1.6 seem to prevent registrars from adapting and
> evolving their service offerings over time since they mandate that policies
> and prices be provided "at the time of registration", even though the policies
> and prices may not come into effect until after the registration expires (and
> after the registrant has the opportunity to transfer to another registrar).
> These provisions state:
> "3.1.4 Registrars must provide a summary of their deletion policy,
> as well as an indication of any auto-renewal policy that they may
> have, at the time of registration. This policy should include the
> expected time at which a non-renewed domain name would be deleted
> relative to the domain's expiration date, or a date range not to
> exceed ten days in length."
> "3.1.6 Registrars should provide, both at the time of registration
> and in a conspicuous place on their website, the fee charged for the
> recovery of a domain name during the Redemption Grace Period."
> It is not clear whether registrars would be able to modify their procedures or
> prices at any time after initial registration of a domain name.
> Also, recommendations 3.1.5 and 3.1.6 seem to obligate all registrars to
> operate websites. In some business models currently available to registrars,
> including reseller models and models used in some regions of the world,
> registrars do not operate principally through websites, but use other means to
> communicate with prospective and actual customers. There is no current
> requirement that registrars operate websites, other than for a web-based Whois
> service. These recommendations appear unnecessarily to restrict these
> alternative registrar business models.
> Concern C: Mandatory "Payment" Policies Could Stifle Registrar Business Models
> Recommendation 3.1.1 (and possibly recommendation 3.1.6) appears to require
> that registrars charge all customers for registration and RGP services. Some
> registrars operate business models under which some or all registrants are not
> charged specifically for registration services. In accord with ICANN's
> mission, Registrar Accreditation Agreement §3.7.10 specifically precludes any
> policy that regulates registrar
> prices: "Nothing in this Agreement prescribes or limits the amount Registrar
> may charge Registered Name Holders for registration of Registered Names." By
> requiring that renewals be paid, recommendation 3.1.1 contradicts this
> principle. Implementation of a requirement that a fee be charged for renewals
> would also raise serious concerns under relevant antitrust and competition
> Concern D: Overlap with Whois Recommendations
> On 27 March 2003, the ICANN Board adopted four consensus-policy
> recommendations relating to Whois accuracy and bulk access. One of those
> recommendations states:
> "B. When registrations are deleted on the basis of submission of
> false contact data or non-response to registrar inquiries, the
> redemption grace period -- once implemented -- should be applied.
> However, the redeemed domain name should be placed in registrar hold
> status until the registrant has provided updated WHOIS information
> to the registrar-of-record."
> This recommendation is currently early in the implementation process.
> The Final Report of the Deletes Task Force contains this recommendation on the
> same topic, but proposing a somewhat different policy:
> "3.3.1 The Redemption Grace Period will apply to names deleted due
> to a complaint on WHOIS accuracy. However, prior to allowing the
> redemption in such a case, the registrar must update the
> registration with verified WHOIS data and provide a statement
> indicating that the data has been verified in conjunction with the
> request for the name's redemption. The same rules that apply to
> verification of WHOIS data for regular domain names following a
> complaint will apply to deleted names."
> By proposing overlapping policies so soon after one another, the GNSO would
> significantly complicate the task of implementing the policies.
> Thank you for your attention. Please feel free to contact me if you have any
> Best regards,
> Louis Touton
> General Counsel