RE: [nc-whois] Summary: Comments on Accuracy.

["Cade,Marilyn S - LGA" <mcade@att.com>]

Ken,  can you propose a different time period? I understand your point, but a recommendation would be helpful. I've cc'd Denise Michel, who has joined us several times and might be a good "test" for individual registrants. Kristy, and Thomas can also augment that input.

As far as corporate registrants, I can ask my "team" if you want, but I'd rather ask the  forlks who participated on our open calls... 

From: Ken Stubbs [mailto:kstubbs@digitel.net]
Sent: Sunday, November 17, 2002 5:56 PM
To: Steve Metalitz; 'Thomas Roessler'; Kristy McKee
Cc: nc-whois@dnso.org
Subject: Re: [nc-whois] Summary: Comments on Accuracy.


Steve & fellow TF members..

i do have a concern regarding one issue and that is the 15 day time period
for rtegistrar inquiries steve mentions in his note below ....

it would seem to me that this period may be too short and the logic i would
propose for extending the time period is quite similar to the rational used
for creation of the redemption grace period .. here is a direct quote from
the icann position paper  ( see
http://www.icann.org/registrars/redemption-proposal-14feb02.htm ) ...

"Probably the most common type of unintentional deletion is caused by
registrant mistake. Registrants sometimes inadvertently fail to renew
registrations due to a clerical mistake or failure to receive a renewal
notice (usually as a result of failing to keep registration contact
information up-to-date.) If a registrant moves or changes Internet service
providers, the registrant might not receive a notice from its registrar
informing it that a renewal payment is due. Also, some registrants may
accidentally overlook a renewal notice or mistake it for a solicitation or
spam."

substitute "whois data accuracy inquiry" for the words "renewal notice" in
the above paragraph.......
it would seem that the same logic used in the preceeding paragraph could
apply to correspondence from the registrar notifying the registrant that
their whois data accuracy is in question..  if we are willing to provide
registrants the benefit of a doubt in the redemption grace process that it
would seem to me that the same reasoning would extend to these registrar
inquiries as well..

ken stubbs




----- Original Message -----
From: "Steve Metalitz" <metalitz@iipa.com>
To: "'Thomas Roessler'" <roessler-mobile@does-not-exist.net>; "Kristy McKee"
<k@widgital.com>
Cc: <nc-whois@dnso.org>
Sent: Sunday, November 17, 2002 4:49 PM
Subject: RE: [nc-whois] Summary: Comments on Accuracy.


Thanks to Thomas for preparing these useful summaries.  To further assist
the Task Force, I attach a summary (in reverse chronological order) of all
substantive comments archived on the comments site.  I emphasize that this
document is NOT intended to form  part of the final report but is simply
circulated for the convenience of Task Force members.  I second Thomas's
recommendation that that the actual text of comments also be reviewed.

A number of the comments have injected some new issues onto the agenda with
regard to Whois data accuracy.  Let me try to put some of these new issues
in a context which I hope will prove useful for Task Force members.  What
follows focuses mainly on the com/net/org space although some of it is
applicable to the other open gTLDs.

Roughly half of the 3000 respondents to the Task Force survey last year
reported that they had encountered some problem with respect to inaccurate
Whois data.  Presumably the other half had not and perhaps they would not
consider Whois data accuracy a major concern.  But I do not recall any
respondents who thought that less should be done than is being done today to
try to collect and maintain accurate Whois data.

The current environment, under the RAA's that have been in effect for about
three years now, includes some of the following features relevant to Whois
data accuracy:

· Registrants are contractually obligated to submit accurate and
complete Whois data and to keep it current.
· Registrars are empowered to treat any "willful provision of
inaccurate or unreliable information" as a material breach that can lead to
cancellation of the domain name registration.
· Another, separate basis for cancellation because of material breach
is the registrant's failure to respond for over 15 calendar days to
Registrar inquiries about the accuracy of contact details.
· For the past six months, a complaint mechanism has been in place on
the internic.net site for reports of inaccurate Whois data.  This mechanism
is intended to trigger Registrar inquiries to registrants about the accuracy
of contact details.

The Task Force proceeded on the assumption that these features of the
current environment, if more rigorously enforced, would lead to some
improvement in the overall quality of Whois data.   (Obviously there is room
for dispute about how much improvement would result.)

In the comments on the Interim Report, we are now seeing for the first time
in this process some strong advocacy AGAINST these long-standing features of
the current environment.  For example, some are questioning the conclusion
that if a registrar is presented with contact data that on its face is
"inaccurate or unreliable," it has the authority (and in appropriate
circumstances should exercise it) to cancel the domain name registration.
Other comments attack the provision of the current RAA that allows
cancellation of registrations if the registrant does not respond to a
registrar inquiry within 15 days, asserting that the time period should be
longer.  Other commenters worry about abuse of the internic.net complaint
system and call for restricting the ability of third parties to invoke it.

What if these recommendations were followed?  If the RAA were changed so
that even if obviously false contact data were submitted, the registrar
would be required to make an inquiry and give the registrant a chance to
submit different data, clearly some registrations that could be cancelled
under today's rules would remain viable, at least for some period of time.
If the time period within which a registrant would need to respond to a
registrar inquiry were extended from 15 days to 30 or 45 days, as some
commenters advocate, then inaccurate data would remain in the Whois database
that much longer.  If some parties were deterred or discouraged from using
the internic.net complaint system, then fewer instances of inaccurate Whois
data would be brought to the attention of registrars, and thus opportunities
to improve data quality would be lost.  In short, all these recommendations
for change to the current agreements would have the effect of increasing the
amount of inaccurate or unreliable data in Whois.  They would do nothing to
address the problem identified by half the respondents to our survey, and
which the Task Force's reports up to now have identified as a serious
concern.

One key issue is whether, despite this impact, these proposed changes would
have countervailing benefits.   I am not sure what the countervailing
benefit would be of allowing registrants to submit blatantly false data in
the first place and giving all such registrants another chance to correct it
(or of eliminating the contractual obligation to submit and maintain
accurate data, which amounts to the same thing), but maybe someone can
suggest one.  With regard to extending the 15-day period, it is certainly
true that some legitimate registrants could have lost their domains for
failure to respond to inquiries in 15 days under circumstances in which they
would have responded in 30 or 45 days, but it would be useful if the
registrars could supply some data indicating the number of registrations
that have been cancelled on this ground in which the reply from the
registrant would have been satisfactory but simply arrived too late.   (We
should also consider to what extent any adverse effects would be ameliorated
if the consequence of failure to respond were not cancellation of the domain
name but placement on indefinite hold, as several commenters have suggested
and as I believe many Task Force members would support.)

Finally, with regard to abuse of the internic.net complaint mechanism, there
is at least some experience over the past six months with this mechanism.
Perhaps we should ask ICANN staff to report to the Task Force on it.  Dan
Halloran made a presentation on this topic to the registrars in Shanghai.  I
was present and I append my notes below but it would probably be more
appropriate (and no doubt more accurate than my notes!) to ask Dan if he can
provide us with any report on how this process has been working and whether
there is evidence of abuse.   (I was surprised to learn that many of the
"complaints" are actually coming from frustrated domain name registrants who
had been trying unsuccessfully to get registrars to change or update their
Whois data and had decided in seeming desperation to try this route of
reporting their own existing data as false!).

I am continuing to review the specific comments but I wanted to highlight
the fact that we are now getting suggestions that will not strengthen
enforcement of the existing obligations but will in fact weaken what those
obligations are.  We need to think long and hard before we accept any
proposal that will have the effect of increasing, not decreasing, the amount
of inaccurate Whois data in the system.

Steve Metalitz

NOTES re internic.net complaint mechanism:

I attended part of the Registrar Constituency meeting in Shanghai on Monday,
October 28, during which Dan Halloran, the registrar liaison on ICANN's
staff, gave a brief presentation on the operation of the Whois data complain
mechanism established under the Registrar Advisory of last May (i.e., the
complaint form on the Internic.net site).

Dan reported that just under 2500 complaints had been received,
about half of them in the first two weeks after the complaint form was made
available to the public.  All have been individually reviewed or given at
least a "quick look" by ICANN staff.  Most seem to have been motivated by
receipt of spam from an e-mail address for which the Whois data
corresponding to the domain name was clearly false.  A surprising number of
complaints were from domain name registrants who had been trying
unsuccessfully to get registrars to change or update their Whois data and
had decided to try this route.  Relatively few appeared to be from
intellectual property owners.

Dan said that ICANN had not released any analysis of the complaints
but that they were distributed across registrars in proportions "close to
market share."  It came out in the discussion that about 4-500 of the
complaints involved registrations with Verisign Registrar, which has the
largest market share of registrations.

Verisign is taking the position (and did so in the meeting) that it
is under no contractual or legal obligation to "close out the ticket" on a
complaint, i.e., to advise ICANN of the action taken in response to a
complaint of false Whois data.  Verisign asserted that this would need to be
done "by hand" and they could not justify the expense of doing so.  Most of
the other registrars present seem to be making such reports, but others may
be following Verisign's lead, so it is apparently impossible to tell how
many cases are being resolved by the submission of new contact data, and how
many are resulting in cancellation of the domain name.  There was some
discussion of whether this aspect of the process should be automated.

Two other concerns were mentioned by registrars in the meeting. A
French registrar said that under French law, they would be unable to process
any complaint unless the identity of the complainant were disclosed.  Dan
Halloran mentioned that as part of its screening process, ICANN pings the
e-mail address given by the complainant, and complaints which contain an
invalid e-mail address are not forwarded to registrars.  This apparently
satisfied this registrar.

Second, one registrar worried about abuse of the complaint process,
stating that it had received complaints that were "on their face frivolous"
and that had been filed by "people with legal axes to grind" against the
registrar or registrant.  This registrar said that "an acceptable definition
of  'inaccurate'" was needed in order for the complaint system to work as
intended.


-----Original Message-----
From: Thomas Roessler [mailto:roessler-mobile@does-not-exist.net]
Sent: Sunday, November 17, 2002 1:45 PM
To: Kristy McKee
Cc: nc-whois@dnso.org
Subject: Re: [nc-whois] Summary: Comments on Accuracy.


On 2002-11-17 08:57:44 -0600, Kristy McKee wrote:

> Thomas, are all of the submission included in this summary or are
> some of the submissions included?

I hope that all submissions relevant to accuracy are included.

--
Thomas Roessler (mobile) <roessler-mobile@does-not-exist.net>