RE: [registrars] Fw: WHOIS & Transfers reports

["Bhavin Turakhia" <bhavin.t@directi.com>]

Hi Brian,

Actually I would rather hear about this from Ross directly. You claim
that the new transfers proposal has the problem of slamming and
excessive fraudulent transfers.

However TUCOWS has followed an auto-ACK policy for quite some time. And
maybe Ross can shed some light on numbers, as to how many fraudulent
transfers and slamming issues have been faced by them, despite having
given a chance to their customer to NACK the transfer.

I believe, the new proposal provides decent methods for addressing
fraudulent transfers. I do not forsee significant slamming or fraud. And
if that were the case, then Ross would probably be more concerned than
you or me, because they would KNOW the issues that exist :)

bhavin

> ----- Original Message -----
> From: "Cute, Brian" <bcute@networksolutions.com>
> Sent: Wednesday, February 26, 2003 7:07 PM
> Subject: WHOIS & Transfers reports
> 
> 
> > Dear Bruce and Ken,
> >
> > I am writing you on behalf of Network Solutions with regard to the 
> > GNSO Council's recent approval of task force reports on Transfers
> and
> > WHOIS.  As our registrar representatives on the Council, I write to 
> > you to underscore Network Solutions' continuing concern 
> regarding the 
> > likely negative impact of the implementation of these Reports on 
> > registrants and registrars alike.  Specifically, the 
> growing awareness 
> > within the
> Registrar
> > community of the privacy implications raised by these Reports has 
> > given us pause to again carefully consider whether the 
> implementation 
> > of either Report at this time is desirable.  We believe that 
> > implementation of
> either
> > report would be premature, at best.
> >
> > Network Solutions participated in the development of each 
> report in an 
> > effort to improve the recommendations contained therein.  
> We believe 
> > that the reports have been improved, but have become increasingly 
> > convinced that implementation of them could 1) create significant 
> > privacy concerns for registrants; 2) subject consumers to future 
> > unauthorized
> domain
> > name transfers and unwanted marketing solicitations;  and 3) create 
> > unworkable obligations and significant potential liability for 
> > registrars.
> >
> > Specifically, the Transfers Report seeks to
> > significantly restructure the transfer process in response 
> to concerns 
> > raised almost two years ago about the efficiency and reliability of 
> > the transfer process.  During that period, however, broad 
> improvements 
> > in the efficiency of transfers have rendered the issues 
> addressed by 
> > the
> Transfers
> > Report all but moot.  At Network Solutions, for example, transfer 
> > success rates have dramatically improved since the Transfers Task 
> > Force initiated its work.  Today, almost 90 percent of attempts to 
> > transfer domain names from Network Solutions are successful and we 
> > expect that ratio to continue to rise as our processes are 
> improved.  
> > As a result, we believe that implementation of the Transfers Report 
> > would have a limited impact on the efficiency of transfers.
> >
> > In contrast, the proposed transfer procedures would 
> unavoidably have 
> > the affect of increasing the rate of unauthorized 
> transfers.  Rising 
> > incidences of slamming make the inherent risk of
> imposing
> > the proposed transfer scheme contained in the Transfers 
> Report greater
> than
> > ever for registrants.  Although the Transfers Report attempts to 
> > provide
> as
> > many safeguards as possible for registrants, the proposed process 
> > requires registry transfers to be initiated before the 
> registrant has 
> > verified the transfer.  We continue to believe that this 
> system will 
> > encourage
> slamming,
> > as unscrupulous actors will simply migrate to the gaining 
> registrars 
> > with the weakest systems of checks and balances.
> >
> > Finally, shifting responsibility for transfer verification
> > to gaining registrars creates an unreasonable burden for 
> registrars, 
> > as it is virtually impossible for registrars to efficiently and 
> > reliably verify the identity of registrants.  Compounding this 
> > structural flaw, the Transfers Report would have registrars verify 
> > transfer requests through
> the
> > collection of registrant personal data.  In addition to raising 
> > privacy concerns for registrants, collection of personal 
> data subjects 
> > registrars
> to
> > potential liability for the collection, handling and 
> storage of this 
> > personal data.  As just about everyone in the industry knows, 
> > registrars' obligations under various privacy laws have not been 
> > adequately addressed
> in
> > EITHER the Transfers or the WHOIS Reports process.
> >
> > It is also premature to implement the WHOIS Report at this time.  
> > While we support the goal of maintaining accurate WHOIS data, the 
> > WHOIS Report seeks to impose registrant identity verification 
> > obligations that require registrars to obtain personal data from 
> > registrants.  As
> noted
> > above, it is impossible for registrars to efficiently and reliably 
> > verify the identity of registrants.  Requiring registrars 
> to collect 
> > additional personal data -- data that will not be published 
> along with 
> > WHOIS data -- raises significant privacy concerns.  Since the WHOIS 
> > Task Force's
> original
> > mandate did not require an examination of privacy considerations, 
> > these concerns must be addressed before any determination 
> concerning 
> > the WHOIS Report implementation can be made.
> >
> > Finally, although the GNSO Council seems to have proposed that the 
> > WHOIS task force report not be implemented until the Council has 
> > completed its examination of the privacy implications of 
> WHOIS, this 
> > condition is not clear and any further implementation of the WHOIS 
> > report should specifically be delayed until the Council's privacy 
> > study is completed.  This is important because even the proposed 
> > modifications to Registrars' bulk WHOIS access agreements, in the 
> > final analysis, will neither eliminate prospective misuse of 
> > registrant data nor protect consumers from unwelcome marketing 
> > solicitations.  Incremental attempts to restrict third party use of 
> > bulk WHOIS data do not address the fundamental point (and growing 
> > consensus among registrars) that only the elimination
> of
> > third party bulk WHOIS access obligations will protect 
> registrars and 
> > consumers alike from misuse of registrant data.
> >
> > In light of the all of the above, I wanted to let you know our 
> > continued strong view that it would be premature for the Board to 
> > approve and implement either Report until the privacy 
> concerns cited 
> > above are fully addressed and understood.
> >
> >
> > Sincerely,
> > Brian Cute
> >
> >
> 
>