[comments-whois] Whois Final report

[Don Brown <donbrown_l@inetconcepts.net>]

We disagree with the TF's findings with respect to the accuracy of the
WhoIs database and respectfully submit our point of view for
consideration:

1. Cancellation of Registration Due to Outdated Information
It is too harsh and will draw criticism, to cancel a domain name
registration because the information becomes dated. For instance, in
cases where the Registrant has moved, there is no practical and
reasonable way for a Registrar to update this information.

WRT the proposed Redemption Grace Period, the community seems to
recognize the importance of Registrants and the importance of saving
their domain names, even when expiration/deletion of the domain is
caused by the Registrant's own negligence. How is this situation any
different?

A domain name should not be canceled when a Registrar cannot contact
the Registrant or where the Registrant does not respond.

2. Registrar's Requirements for Accuracy
ICANN explained, in their advisory
<http://www.icann.org/announcements/advisory-10may02.htm>, the
Registrars' requirements to be (1) "reasonable and commercially
practicable" verification at the time of registration; "OR,"
"reasonable and commercially practicable" periodic re-verification.
(paraphrased in part and emphasis added) The TF recommends sanctions
for non-compliance but does not define exactly what constitutes
non-compliance nor, more importantly, what constitutes compliance.

If there is any concern about keeping the cost of a domain name
registration at a reasonable level for consumers, then there should be
equal concern about what is "practical and reasonable" to expect,
under the circumstances.

 a. New Registrations
 All Registrars require certain fields of information for a new
 registration and some of those fields can be, and usually are, edited
 for reasonable data. Many of the other important fields cannot be
 reasonably and practically edited. For instance, there is nothing to
 stop me from entering a phony name, address and telephone number.
 Fortunately, there is no "Big Brother" and there are privacy issues,
 so access to commercial databases aren't abundant or all
 encompassing, either. The Registrars could subscribe to a USPS
 package to validate the street address and zip code, but, of course,
 there is nothing to prevent me for entering a valid address in
 another city, either.

 Is it practical and reasonable to require the Registrars to telephone
 every new Registrant? If there is no answer, then what? What if there
 was a typo in the phone number? Do they then need to attempt to
 contact the Technical contact? What if all contacts are the same? How
 many attempts should be made?

 How about e-mail confirmation? What's to prevent a reply saying the
 information is valid, when in fact it is not.

 b. Periodic Re-verification
 This includes all of the same challenges of a new Registration, plus
 some additional ones. What if the Registrant has moved, invalidating
 all of the information. Frankly, I doubt that keeping this
 information up to date looms very high on the priority list of many,
 if any, Registrant.

I've identified some of the things that can be done to ensure good
data is present when a domain is initially registered. The problem is
that none of them are inexpensive and most all of them can be
defeated. If the accuracy concern pertains to the criminal element,
then it would be good to remember that the majority of Registrants are
not criminals and, further, I'd suggest that a criminal would consider
the challenge of entering invalid data to be significantly less than
robbing a bank.

The TF makes absolutely no recommendation about how the Registrars are
expected to ensure valid registration data. I don't either, because I
just don't think it is possible, under the circumstances. Further,
given the circumstances, I think that most Registrars are already
"reasonably and commercially practically" complying with the
requirements explained by ICANN in the advisory referenced above.

Recommending sanctions for non-compliance is particularly
inappropriate when the TF didn't define what constitutes
"non-compliance." Indeed, the TF did not propose any solution,
practical or otherwise, to the core issues of the accuracy dilemma.
Instead, the TF swept the dirt under the rug and shifted their burden
squarely to the economic shoulders of the Registrars.

Under the circumstances, holding the Registrars responsible for the
accuracy of WhoIs is, in and of itself, impractical, unreasonable and
unfair.

Thank You,


----
Don Brown - Dallas, Texas USA     Internet Concepts, Inc.
donbrown@inetconcepts.net          http://www.inetconcepts.net
PGP Key ID: 04C99A55                (972) 788-2364  Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate
----