WHOIS
Task Force Transcript
November
13, 2002
OPERATOR: AT&T teleconference. This Marilyn Cades conference call. The conference ID is BMC 7221. This is AT&T teleconference operator, this conference call is being recorded.
MARILYN CADE: Thank you. OK. So, I'm hoping that as people join, they will announce themselves. We'll do a roll call, again, in a few minutes just to make sure we've captured everyone. Can I just see if I can from memory recap here? We had present at the Shanghai outreach meeting on Sunday, Steve (ph) and Thomas (ph) ...
STEVE (ph): No, I was not there.
CADE: Sorry, Steve (ph). You weren't there. You're quite right. We had your team.
STEVE (ph): Ross (ph) was there, I think.
CADE: Laurent (ph) was there and Jay Scott (ph) was there as well. And Ellen (ph) was not there. We have Chen (ph) you were there.
CHEN (ph): Yes.
CADE: And Thomas (ph) was there. And Tony (ph) was there, but we don't Tony (ph) just yet. The reason we had this outreach meeting was really driven largely by the fact that we were getting a number of significantly detailed expressions of concern about some of the recommendations in our interim report. And Tony (ph) and I felt that we should take this opportunity to since the registrars and registries were there take this opportunity to (INAUDIBLE).
And Karen (ph) you I'm you were in attendance with us most of that time if not all of it, is that right?
KAREN (ph): That's right.
CADE: That's right. I thought you were. Who just joined us?
KRISTY(ph): Good morning, this is Kristy (ph).
CADE: Hi, Kristy (ph). And who else just joined us? So I have Karen (ph), Kristy (ph), Steve (ph), Hakakour (ph), Thomas (ph), Ken (ph). Anyone else? OK.
Anyway, we held the meeting, and I might just, Thomas start with you and we could just go, you Ken (ph) and Karen (ph) talk a little bit about the your perception of the dialogue with the registrars and registries. By the way, there approximately 34 people in the room at the time that we were conducting this particular outreach session, pretty fair representation from the Who Is (ph) task force itself. So I would and we had the ICAN (ph) staff there.
The one we kicked it off by asking the ICAN (ph) staff to explain the General Council's memo and response to questions. And that was one of the significant things we were able to accomplish is to have an opportunity to hear from Louie (ph). And Dan (ph) was in attendance as well. So I would say we probably had about 26 to 27 representatives across the registry/registrar. And I actually have the list and sent out an e-mail to them if anybody is particularly in them.
But Thomas (ph) could I start with you? And the go to Karen (ph) and Ken (ph) for some feedback on that particular session.
THOMAS (ph): Hello?
CADE: Hi.
THOMAS (ph): I just listened to the conference technology telling me that I'm in talk mode again. This always takes some seconds. OK. So unless I missed something important during the last half-minute, I may just try to walk through the partially unreadable notes I took in Shanghai.
CADE: That would be good Thomas (ph). Thanks.
THOMAS (ph): I'll skip over the part on policy making and the two tone making and go into the issues we were told about registrars. And I have a couple of bullet points there.
We have I think we have been hearing about verification about the correction of bad Who Is (ph) data and possible sanctions in that connection. There were issues about standardization of output and data elements. There was discussion about the cost of or there was a question from the registrar side, what is the cost of implementing some of the recommendations versus the general cost of not implementing them.
There were some remarks on privacy issues. There were remarks on cross registrar searchability for other fields. And specifically concerning verification on data correction projects and recommendations. There was a concern that registrars or for the mentor (ph) ICAN (ph) current format to make may be flooded (ph) by abuses. (INAUDIBLE) thereby tying up a lot of human or technical resources at the registrar or at ICAN (ph). So there was a sketch (ph) this should somehow be tied to something.
Anyway, to some information about the complaint on something like that. Anyway, for the individual issues, we're taking a look about verification.
OPERATOR: Pardon me, Ms. Cade.
CADE: Yes.
OPERATOR: This is the AT&T teleconference Operator. Ms. Cade I've tried several times to get Mr. Harris (ph) for your conference call. I did leave word one of the numbers. The other number I did get a lady and she said he's not available to call tomorrow.
CADE: That's fine.
OPERATOR: OK. And if you should need assistance please press sign then zero.
CADE: Thank you.
OPERATOR: Thanks for using AT&T.
THOMAS (ph): That was really nice Marilyn.
CADE: Sorry.
THOMAS (ph): I'm sorry. I just had to law the part about thanks for using AT&T. It's really nice, wasn't it.
CADE: That was very nice. I ...
THOMAS (ph): OK. Data verification. I think one of the key points that was made by registrars was the (INAUDIBLE) of point of time of registration should be viewed as one possible to achieve the goal more security (ph). Plus (ph) the data, some of the comments we heard were from Regression (ph) that the task force should clearly define the requirements it had in mind, because otherwise, registrars have to base their analysis on some kind of worse case scenario for the businesses there. It would be better to have something more specific.
To access (ph) we heard from, I think Mr. Kahura (ph), said it would be relatively easy to defeat a pre validation system by just using addresses or names or contact information in remote and non developed corners of the world where validation systems would most likely fail. We got one comment talking about the data would be better if they were more private. And pointed to the query base (ph) Who Is (ph), (INAUDIBLE) access important as an important sources for marketing information.
In addition to that, there was an important comment I think which noted that verification at the point of time of renewal may be a bad thing because so many names are frequently renewed at last minute. And delaying a renewal because of time consuming, debt, or verification have to take preference (ph) because they can't be verified which leads to a loss of a domain name. This was reported as not being practical.
One last remark which, I'm not who came I'm not sure from which came either from registrar or from someone from the registry side was that is correcting Who Is (ph) data is in any case, the registrants responsibility. OK. So it could have come from anyone. I had two asterisks (INAUDIBLE). I'm sorry (INAUDIBLE).
I have some other notes on the question how to handle the correction process once there has been a modification of that data? In that case, we were told that 13 days may be a problem. In fact, we may be suggesting a (INAUDIBLE) which can be used to get someone else's domain name.
And the scenario (ph) people were telling us about or something like this. Imagine some registrant has a domain name and someone else desires to get that domain name. There's no way to get it through the DREP (ph). But there may be some inadvertently bad information in the Who Is (ph). In that, case, the third party who desires to get the domain name may start that (INAUDIBLE) notification process possibly at an uncomfortable point of time like Christmas holiday or something like when people are unlikely to respond very quickly.
Hopes the data is incorrect. This is the case. (INAUDIBLE) later. The domain name has gone. It becomes a streamlined process of finally getting the domain name, of course, but using WLS (ph) but that's just a side effect. Actually, I think that several people in the room told us how to work around this. Instead of deleting domain names when that information isn't fixed (ph) immediately (ph) the domain name should be put on hold for an extended period of time which will make recovering the domain name, the correct information that's provided late, much easier. And which would at the same time remove some of the abuse (ph) incentives (ph) in order to just get someone else's domain name. I assume this is something we should really think about.
Well I think that's the most important points about this particular thing. I have written some notes from question what there was a question about some individual user in the survey. There were some remarks about code (ph) estimates. But I don't have any more precise notes about that. We heard something about (INAUDIBLE) for whatever reason.
Finally, there were some comments from one registrar who said that basically said that machine readable Who Is (ph) data and the query (ph) based Who Is (ph) would make, I'll use his words, by enabling that processing (ph) of such queries and by really making some of kind of indirect park (ph) some query based tool it's much simpler. So this was, at least by this one registrar, perceived as something which may be dangerous to registrant privacy. And maybe fostering (ph) selling (ph). I strongly argued this (ph) service should be left as non standardized and difficult (ph) to (ph) use (ph) as possible.
If I recall this correctly. I think that's basically all I have in readable or complete form.
CADE: OK.
THOMAS (ph): I think there were some more points on centralizing access or centralizing databases but I don't recall them very precisely.
CADE: I have a couple of notes on that. Can I go to did anyone else join us?
LAURENT (ph): Yes, Marilyn, it's Laurent (ph). But I have another call at the same time, so I can't promise I will follow I will be able to follow everything.
CADE: OK. What we're doing right now is just doing a quick debrief from people who attended the registrar/registry session, Laurent (ph).
LAURENT (ph): Yes.
CADE: I'm going to go to Thomas has just concluded. Do you want to go next? Or do you want to have Karen (ph) go next and then follow her?
LAURENT (ph): Yes, then I can listen to Karen (ph) and then follow.
CADE: Sure. Karen (ph).
KAREN (ph): I thought Thomas (ph) covered it pretty well and thoroughly. I just wanted to make a general comment that I thought the session was productivity in that the registrars really commented or gave us sort of practical suggestions on the theories that we've put forth. So I just thought some of the suggestions were very helpful.
THOMAS (ph): Yes.
CADE: Laurent (ph).
LAURENT (ph): Yes, well I think that they made some well they raised practical questions. They asked some more practical important (ph) raised the question of the impact of the proposals and how to (INAUDIBLE) the cost for example, their activities well impact on their activities.
I think they were interesting comments. But I mean they sent they asked this question and I would have been happy as well to have some feedback from them on systems they could have proposed. And maybe more input from them. I think there were more questions as comments. Maybe a lot of criticism as well. But that's my own feeling personal.
CADE: And Ken (ph). Do we still have Ken (ph)? Let me make a couple of comments because I have been meeting and hearing from registrars in follow ups that meet as well. And I believe this is a topic of much discussion within the registrar constituency, so I'm hoping Ken (ph) will come back on. The there are significant concerns within the registrar constituency about the ability to actually do some of the things that are in the interim report.
And they that's where I think a number of the questions came from that Laurent (ph) mentioned. They are struggling themselves with the status on standards in some areas and other kinds of activities that may be a part of any ability to address certain aspects of searchability (ph) or uniformity, et cetera.
But they also, depending on where they do business in terms of a country, had differing experiences with the government representatives in relation to Who Is (ph). And other interactions that they may where they may be engaged in interacting with government for one reason or another. I've only gotten, I'd say something like between eight, nine comments on that last item. And it seems to me from my conversation with the registrars that we're at the very and with the GAC (ph) members that we're at the very beginning of the issues and questions that they government representatives who are not necessarily the same people the registrars are interacting with, by the way. So the GAC (ph) members may have one set of concerns. The interaction on the part of a registrar with a government representative in the country that they're a resident in, may be around a very different topic.
And a number of the registrars that I talked to had attended the FTC hosted meeting for law enforcement dialogue with registrars here in Washington. But they had a fairly unclear understanding of what the next steps were in relation to that FTC outreach meeting. And see this is as a work item that is going to continue to evolve.
So high concerns about cost. Some concern, as well, about the concept of re-centralizing the Who Is (ph) database and putting all of the data in the hands of a single entity that might or might not be delivering them the kind of neutral services that they would need in order to fulfill their responsibilities. Some folks who are actually questioning why they should still have to provide Who Is (ph)? If it's expensive? And it's controversial. Some questioning of that. I didn't see a widespread questioning, but I did hear some questioning of it.
Cost recovery is a really big concern. And the registrars that I spoke to are concerned that the small registrars are at a significant disadvantage. And I agree, Thomas (ph) with your your comment about the recommendation that whole versus deleting provides a mechanism to generate responsive behavior on the part of the registrant. I just want to say one more word that I think we got we did get some good guidance on the role of the registrant and the importance of engaging the registrant in the data provision and correction.
And something of a feeling that the registrars that they don't necessarily have the muscle needed to force data accuracy. Strong objection to the sanctions program. In some cases, a misunderstanding of when the sanctions program would kick in. That it would only be after there was a documented history of abuse. That was one thing. The other thing frankly is, I think there's skepticism about how a sanctions program could be enforced.
Anything else? I think that pretty much covers the and I'm is Ken (ph) back on?
KEN (ph): Yes. I'm sorry. I had to go off for a couple of minutes.
CADE: Great. Ken (ph), I just wanted to give you a chance. I went ahead and gave kind of my background statement. I just wanted to give you a chance to comment as well. Because I believe that registrars is a topic of discussion within your constituency independently.
KEN (ph): Yes, we've had some discussions regarding the Who Is (ph). And I think they're a little concerned about a couple of areas, number one implementation, number two the sanctions program. I think that I feel that they think that it might be a little too heavy handed at this point in time. The proposal, I think, took them off guard. And so when you see something like that, then they tend to go back to what they felt was the original calling for the task force which was to identify to issues, as opposed to composing solutions. And I don't think that they feel like they've been as consulted as much as they need to be from a practical concern.
I think the other concern that I tried to impose let me them know that this is an issue that can't be ignored because if it continues to be ignored, what will happen is that legislative bodies will impose solutions on them. So hopefully, they will try to get more involved. I think even though there has been outreaches, I still don't think they have been as effective. Although, I think Mike Pilage (ph) is trying very hard to get them more involved and to the point where he's made proposals to stimulate more involvement on their part.
So I feel at this point in time, that the registrars, they're preparing a ballot which is going to be going out to the members, which I'll give you the issues. There are I'm actually more than happy to send this out to you guys, but with respect to the task force, they registrars are being given the opportunity of voting on a ballot that says in effect because of the potential negative impact that the proposed task force report will have on registrars and registrants is set fourth in the following document. The undersigned registrar supports the comments contained in the document. This is the comments that have Mike Pilage (ph) has indicated has been put together by five or six of the registrars who were asked to work on in it.
And they're given the opportunity of supporting the statement, opposing it or abstaining it. Also, there's one additional part here. And that is an effort to have the concerns of a growing number of registrars adequately represented on the well now this is a transfers task force issue. But I'll send a copy of Mike Pilage's (ph) latest iteration.
We are constantly having problems in the registrar constituency almost exclusively due to the fact that these guys are so involved right now with their own operations. And with a lot of issues that are going on between them that they it's hard for them to stay focused on the long-term when it comes to Who Is (ph). So I encourage the task force to continue to put out this stuff, because the only way we can get the involvement on the part of the registrars is to how do I say it politely, you've got to hit them over the head with it before they get pretentious (ph).
So I hope I'm giving you some sort of an outline of the overall tone. I don't know whether Tim is on the call. I'm sure he would have some additional thoughts on this. But ...
CADE: I is Tim (ph) on the call? I didn't hear him earlier, or Phyllis (ph). I can totally reinforce from the private conversations or individual conversations, Ken (ph), that I've had with registrars, the expressions that you've made.
I think there's a realism here and that is that most of the registrars are small to mid size businesses. And that means that they are focused very much on the day-to-day operation. And it's very hard for them to devote resources to policy. That being said, I think they also are beginning to a group of them are beginning to become very aware of the policy implications besides sort of the big guys, and that's progress .
At the same time, I'm concerned about the could you my understanding was that Mike Pilage (ph) had two resolutions that he was preparing proposing to ballot on Who Is (ph) or is it just one on Who Is (ph)?
KEN (ph): The it's my understanding there's only one at this point in time. But I'd have to go back. There's been so much on this list in the last few days, but most of it's process as opposed to the registrations, you know.
CADE: Yes. Ken (ph) ...
KEN (ph): It's very I'm telling you and then is not meant as any way any sort of disparagement in terms of the registrars constituency. But we are dealing with such a broad group of people as Marilyn pointed out. It is very hard to keep them focused. And unfortunately in too may cases, it almost becomes crisis management. And its' somewhat sad, but it's true. You can post something out there and it will sit out there for 10 days with no comments at all. And then all of a sudden when the day before a vote, suddenly it gets a little bit of interest and then all of a sudden people come out of the woodwork.
And I think it's something that it's something the registrars are going to have to work on even that much harder. I proposed six months ago that the registrars spend a full day at one of the ICAN (ph) meetings doing nothing except dealing with the issues like Who Is (ph) and escrow and so forth. And it's they're just they got so focused on this transfers thing that they forgot that there's other effected parties. And now with the issues on spam coming to the top, Who Is (ph) is as closely tied into that as it is with abuses of intellectual property issues and so forth. And I think the registrars have got to realize, that if they don't do something pretty soon, something's going to get done for them and it won't be what they want.
CADE: Yes. If you could, you know, if you could forward the resolution that would be great. The list is, you know, you have the individual e-mail addresses, I think Ken (ph).
KEN (ph): Sure.
CADE: Yes. The one comment I would make timing (ph) is, I think it's a little unfortunate but maybe necessary given the registrar process to, in terms of timing, to vote on the interim report because the interim report was presented to take feedback.
KEN (ph): I know. The problem, I think is, that they are there is a lot of issues within the constituency now as to whether or not opinions that are being voiced and put out by members, let's say of the executive committee of the registrars represent a consensus amongst the registry I mean amongst the members of the constituency.
CADE: Yes.
KEN (ph): So maybe let's put it this way. Maybe in the business constituency you have a more effective way of developing a consensus or input, but in the registrars it's a bit more difficult.
CADE: Yes, I appreciate that. I just I don't know if anyone wants to comment for Ken (ph). Ken (ph) what's the timeline on the ballot? Do you know when the vote will be? Have I lost him? Hello?
That's here's the dilemma that I think we face and particularly in relation to this vote. The constituencies are asked for feedback and we need to document that. And so a vote unless it's detailed in comments, is not, you know, not going to be particularly helpful in terms of the material that we will be able to provide. But let me go to my conversation with Bruce Tonkin (ph) while we wait for Ken (ph) to return.
THOMAS (ph): Marilyn are you just turning to further (ph) process (ph)? In that case, I may have some more remarks about Shanghai I'd like to make.
CADE: I'm going to describe what Bruce's (ph) directions to the task force are.
THOMAS (ph): OK.
CADE: But do you want to make other comments before I do that.
THOMAS (ph): Yes, I would like to if I may.
CADE: Happy.
THOMAS (ph): Some things from conversations, I had which may or may not be known to some of the members of the task force. First of all, Net Names (ph) is preparing something like a slipper (ph) with (ph) service (ph) which is supposed to encompass as much Who Is (ph) information as possible. And will be offered as a mainframe base through some database operating company in the United States. I think it maybe network with other database. I'm not entirely sure about this. This may be something to look at.
And the second point which came out during a conversation with European registrars it seems like for instance the Bark (ph) access (ph) provisions, as it stands now are something some registrars believe they cannot fulfill given the current regulatory environment. This is something we should also look at in more detail. And actually, what (INAUDIBLE) puts that. (INAUDIBLE) flat rate is this issue with registrar constituency as well.
CADE: Yes.
THOMAS (ph): OK. These two points I think should be all.
CADE: Fine. That last point is very consistent with what I was hearing. And from conversations with a couple of the larger CCTLVS (ph) as well. Is Ken (ph) back? No. Any other questions or comments before I go to my conversation with Bruce (ph)?
STEVE (ph): Yes, Marilyn, this is Steve (ph).
CADE: Yes, Steve (ph).
STEVE (ph): I appreciate having this has been a very good report for me since I wasn't able to be at the meeting on Sunday in Shanghai. It strikes me that our challenge is here is going to be try to take all of these comments and come up with something that we can use in the next iteration here. Because so many of them are, as you would expect from a group that is as diverse as Ken (ph) was talking about, they're internally self contradictory. There are people complaining that we didn't give enough detail or define things specifically enough. And others saying that our mandate should only be to identify issues, not to make specific proposals. And there are other contradictions within this what we're getting here.
As I see this ballot on the registrars mailing list, at least they're trying to vote on one statement listing some concerns about the proposal. And I don't know how many of them we can take on board and how many of them we can't, but at least that would help to unify their position.
Because I think what people described here in the last 45 minutes they're it's just very self contradictory. And there's no way that we could possibly satisfy all of those concerns. That's just my impression of what people have told us this morning.
CADE: I don't think it's quite that bad, but I'll come back to that in just a minute. Let me share Bruce's (ph) guidance to us, as the Names Council (ph) chair. Bruce's (ph) recommendation to us is to divide our work and take the low hanging fruit and put forward recommendations addressing the low hanging fruit which I'll describe in just a minute what he was suggesting for feedback from the group.
And to propose then to the Names Council (ph) those next steps for dealing with the non low hanging fruit, including how to asking the question of to more effectively ensure that the registrars and registries where they are effected are able to I don't mean to say take this more seriously, that's really not the point. But that they are able to contribute more actively in a staged approach which would be his suggestion. So divide the work into prior the what we can get what we can recommend by the end of the year. And then stage two, and then stage three and then stage four. And describe what we would recommend in each of those areas which might be worth it. That isn't just by the task force, but some other initiatives as well. The GAC (ph) the joint GAC (ph) task force workshop. Examining further the concept that Thomas (ph) mentioned, which I would see happening in the workshop about bulk access provisions, private restrictions, some of those interest things.
And also, hearing in more I don't want to call this more detail, but getting a firmer handle on what the state of the standards evolution is so that we can make a recommendation to either just the Names Council (ph) should sit back and observe it. Should ask for periodic reports from participants in the process who are working in the ITS (ph) standards or something that nature. There's not a discussion that we have to take on the monitoring and the work. We could just propose a monitoring by the ICAN (ph) staff and the Names Council (ph) with the period update.
So let me describe what he calls called the low hanging fruit in our discussion. If I sort of number our recommendations, one, two, three, four. One being accuracy. Two being uniformity. Three being searchability (ph). Four being protection. Then I would pull out one and four and subdivide one and four into two broad areas for one, maybe three broad areas for four. The broad areas in one would be what can be accomplished now to improve enforcement awareness and working within the existing contractual agreements and obligations. That would be 1A. And that should be treated as a priority with an effort to get something not only finally recommended but to (INAUDIBLE) timeline for trying to get implement make the recommendation and push towards implementation.
One B, would address such areas that include the sanctions and other things that are not presently possible under the existing contracts or covered by the existing contracts. And a more mid term work effort of probably a couple of more months need would be undertaken to try to further refine that, fix it, moderate it, modify it, elaborate on it, whatever term I might use there. So short term, long-term in one.
Go to four, four really has three areas, again A,B,C. C being bulk access. And A being resale. And B being the concept of what examining what can be done to limit unauthorized access or misuse of the data which may be a longer term project while A&B may be a shorter term project. So make a recommendation on resale. Make a recommendation on bulk access. And make some kind of recommendation on what mechanisms, if any exist, to limit the purposeful misuse.
THOMAS (ph): For clarification, are you talking about purposeful misuse or just bulk access or of the entire Who Is (ph) system?
CADE: The entire Who Is (ph) system. So if a registrar, for instance, is lending their list or providing access to someone who is then reselling the list and the registrar knows it, that may not be bulk access.
UNIDENTIFIED PARTICIPANT: Why would that not be bulk access?
CADE: Pardon me?
UNIDENTIFIED PARTICIPANT: Why would that not be bulk access?
CADE: Because it isn't being provided as bulk access. The registrar is ...
STEVE (ph): It's being provided one registration at a time?
CADE: It's provided through port access.
STEVE (ph): That I don't think that's really addressed by our interim report.
CADE: Pardon me.
STEVE (ph): I don't think that's really addressed by our interim report.
CADE: I think the misuse of the access is. I'm not sure I would agree with you. Maybe I'm just clumsy in how I'm describing this, but this has to do with what the registrars themselves may be allowing in terms of data mining of the Who Is (ph).
THOMAS (ph): So you're talking about access even in bulk, which is not being made available under the contractual bulk (ph) access regime (ph), right?
CADE: I have no idea if this is really going on. I've been told that that is that there are registrars who do allow access or lend their list and not but not under the bulk access agreement, Steve (ph).
STEVE (ph): Well OK, that's we may have a vague (ph) different terminology here.
CADE: I think you might prefer to have it treated under bulk access. But bulk access means something very specific, as you know, under the original agreement.
STEVE (ph): Right. Well I thought your structure under one was very helpful to try to figure out which are the things that could be accomplished under the existing agreements. And which are the things that can't (ph) and to put those on somewhat different time tracks. Is that the same do you have the same approach in four? And or is four different? Is four all deal with things that request changes to the contract?
CADE: Yes, I think we need to do I just wanted to divide the topics in four. And then I think we ought to do the same thing in four, what can be dealt with under the existing agreements and what would require modification. Let me go to two and three.
Two and three are really longer term issues. So I would say one and four have short term and mid term work items making recommendations. Two and three are much more troubled if I can use that terminology. In terms of, there are people who believe strongly that increasing searchability (ph) will increase data profiling and lead to other particularly bad outcomes. That unless there's a limitation of access so if I can again, divide the issue of the data is accurate. There's a robust set of elements there.
But then there's the question of who has access to those elements? And how are they able to generate them in any kind for form? And are there data profiling and therefore privacy locations (ph) that are exacerbated by increased searchability (ph)? That's one question that I think we've heard a little bit about it. I heard a lot more about it from government people while I was with them. So I did spend a fair amount of time with GAC (ph) members there for a variety of reasons trying to convince them they don't have to be more involved in the Internet.
I'm going to have to start wearing garlic and carrying crosses.
THOMAS (ph): Is this a new point on the virus (ph) vaccination front?
CADE: Yes. But the both I think uniformity, consistency and searchability (ph) fall into that the task force thinking further about what needs to be done, what can be done. What is what we could we have some recommendations, but we need to look, I think, harder at our recommendations. And again, looking at them on what can be done within the existing agreements, what can't be done. And what's even feasible to do in the mid time to a longer time.
And I would say like those two in particular, I think we're going to hear we did hear a fair amount about from registrars that there could be significant cost associated with redesigning the Who Is (ph) database. If there is going to be a standard introduced there's an interest in doing once based on a standard as opposed to doing it in dribs and drabs, burying cost and having to go through update again, et cetera, et cetera.
KEN (ph): Marilyn?
CADE: Yes.
KEN (ph): Yes, while we're on this area, let me reiterate the fact that I think registrars are very concerned about making sure that if they're going to be the development of standards and procedures as they move forward. That they need to make sure that these that there is a good solid, hard consultation with registrars. I'm going to use as an example in the Who Is (ph) group here what happened last week with UK.com.
I don't know whether everyone in here is familiar with what happened. I believe it may it might have even been Thomas (ph) who brought it to light, but there was a problem with the quality of the data in the Who Is (ph). And somebody filed a complaint and Verisign registrar was notified. Verisign then attempted to contact to get the data rectified within the time period that ICAN (ph) had specified and did not receive a response from the UK.com people. As a result, Verisign took the domain down and 70,000 users lost their third level domains in UK.com because Verisign and had pressured applied to them in the past on the 15 day rule. And they tried to so we just need to make sure that when we move forward in developing solutions to a lot of these issues that the solutions are practical. And that we don't constantly end up having to make exceptions or creating a rule that has to be excepted (ph) every other week in order to the keep the world happy, you know.
And these are the kinds of things that legislative solutions are crafted from. And I don't think any of us really want to go there.
CADE: Ken (ph) can I ask you a question about UK.com.
KEN (ph): Sure.
CADE: So the Who Is (ph) administrative contact data or all data must have been incorrect. And so Verisign was unable to contact anyone.
KEN (ph): Right. And Verisign made all attempts within the 15 day period. And as a result of what had happened before, the registrar in effect shut the domain down. I believe they deleted the domain as a matter of fact. And everyone who used UK.com and the third level of which there were tens of thousands of users, at the third level evidently, lost the ability to have a presence on the Internet as a result of these.
So I think Verisign expressed a significant concern after the fact because ICAN (ph) came in a criticized them for it. And unfortunately, it was one of those circumstances where enforcement, they did what they were supposed to do. And believe me, I'm not taking their position. But on face, everything I've heard so far, Verisign acted properly. And it was a shame that UK.com didn't have accurate data.
But those kind of issues could get pretty scary.
STEVE (ph): Well according to this is Steve (ph). According to what Tom (ph) has posted, and Ken (ph) you may have other information, Verisign made no attempt to contact UK.com by phone, post or mail. And but then simply and then in 10 days rather than 15 days.
CADE: So the only thing they did was send e-mails as far as I knew.
STEVE (ph): Well we don't know, I mean, from this .
CADE: Right.
STEVE (ph): There may be some factual issues. But I'm a little worried that this is going to become a bit of urban folklore about ...
KEN (ph): Well the only thing I would be concerned about is exactly what obligations do registrars have in the circumstances like this? Are they obligated to? And if so, is the procedure set out? And I'm not trying to make excuses. But if every time somebody files a complaint on something like, a registrar has to get on the phone and try to get this thing resolved, it could get to be an incredibly costly ...
STEVE (ph): But that's the current contract, Ken (ph).
KEN (ph): Yes.
STEVE (ph): This is one of the things where the registrars are complaining about things that are in the current contract. And they're blaming the task force for these recommendations, but in fact they've all ready signed up for these.
CADE: Ken (ph), I think Thomas (ph) has a comment.
KEN (ph): Well I didn't hear this in a form of a blame on the task force, but rather a concern expressed about the fact that maybe the time parameters aren't necessarily practical in every circumstance. And what was more expressed along the line that as we move forward, we want to make sure that if we're going to modify or change any of the procedures in the future, then we need to make sure that we have active hard involvement on the part of the people who are going to be put in a position where they have to implement. That's all that.
STEVE (ph): (INAUDIBLE) with that.
THOMAS (ph): I've got a question concerning the definition of lower hanging fruits.
CADE: Yes. I'll this is being recorded. I need a new name. Got it. I'm sorry go ahead.
THOMAS (ph): On the question of what's lower hanging fruit, concerning the (INAUDIBLE) Marilyn you said that we should focus on things which are being done which are within their existing contractual language. I'm wondering, because I think we have some indications (ph) let me restart the sentence. I think we have some indications that there may be some convergence (ph) about what should happen about the (INAUDIBLE) changes to those procedures.
These changes will have to be implemented as a change of contractual language. Would it be considered low hanging fruit if we would (INAUDIBLE) that ICAN (ph) offers registrars a choice between variance (ph) at this place where registrars can either stick with the existing agreement. Or sum up to something which tries to address some of the concerns we have from various sides in this stuff. Will this be lower hanging fruits?
CADE: The re-negotiation of registrar contracts registrars have contracts that have that have a five year time span, right Ken (ph)?
KEN (ph): Yes.
CADE: And so there's the contract and then there's also the accreditation, Tom (ph), agreement.
The any contractual changes that any policy recommendations that require a contract change do require consensus. And it is very possible that registrars would be interested in renegotiating the contracts that they offered from ICAN (ph). But I would say I think it unlikely I'm skeptical that for an interim period, probably through the end of the year well into the first quarter, I think it unlikely that ICAN (ph) would be in a position to undertake a significant re-negotiation of the registrar contacts by themselves just based on resources available. But I'm that's just an observation.
But the idea that registrars are offered a new contract would be a relatively, I think, extensive negotiation with registrars that would cover many other topics besides (INAUDIBLE).
THOMAS (ph): OK.
CADE: I think.
THOMAS (ph): So maybe I'm just confusing contractual language and RAA (ph) language. Things about which I someone needs (ph) to question.
For instance, I think I haven't heard any arguments against the registrar propositions (ph) and deletion of domain names are (ph) being replaced by extended hold if that data isn't corrected. So I'm wondering if there's any way for us to recommend that registrars can fulfill their obligation either by sticking to the current policy which they delete the name. Or by putting it on to extended hold. They're giving them more options. Would that be wouldn't that be implementable (ph) somehow?
CADE: I would make I would propose something slightly different Thomas (ph) and that is that recommendation I would propose that the task force consider a substitution for deletion. And consider recommending sort of time frames. And the reason I say that is that as a registrant, I think that one of the things that is difficult for registrants to deal with is lack of certainty.
And given the recommendation we got, and if the rest of the task force agreed that this was a better solution than deletions, I believe it's the kind of things that we could easily demonstrate. I think we could demonstrate consensus for it because I believe (INAUDIBLE) would support something like this. Registrars it's difficult for registrars to delete a name and then have to go through the process of, you know, hold is definitely, I think, a better solution stem (ph) as long as there's some certainty to it. And they have some protection for doing it. But it is an existing tool to them today. It just isn't presently deployed in this particular to deal with this particular problem.
STEVE (ph): Isn't this also an issue that could be addressed in the deletes policy development process? That I don't know exactly where that stands.
CADE: The you're talking about the taking the next steps Steve (ph). What would the timeframe be, et cetera, et cetera. Right.
STEVE (ph): Right.
CADE: Yes. So lets just say that hypothetically this task force recommended that there be a substitution of register hold for deletion. And we believe a period of time should be established. We could obviously ask that the deletions task force under take the rest of the work on that particular item.
STEVE (ph): Well I'm not that clear on how much of the delete work is being done in the task force and how much is being done in a policy development process.
All I know is that this issue is kind of on the table in that process too. So it may be better way I mean there may be a way to ...
KEN (ph): You know, what I'm hearing from your guys is somewhat similar to some of the clash in philosophies we have in the registrar constituencies. There are some registrars who advocate for allowing the market to deal with irresponsible behavior on the part of the a registrar. And frankly, I don't believe in that because I feel that if we allow a registrar to act irresponsibly on the theory that they won't be in business if he screws up too many of his customers for too long, I think we all get painted with a bad brush there.
So I think from a practical standpoint we need to make it very clear that there are certain issues that need to be dealt with in an almost administrative manner. And actually have to be imposed on the registrars whether they like it or not. And in order to protect the public, there are certain disclosures. You know, it's always been one of my biggest concerns is that when a registrant registers a name or any solicitation involving a registration of a domain name or any action on a domain name there should be a requirement in there that the ICAN (ph) accredited registrar be disclosed. I get hammered on a regular basis from resellers. And I think there's a significant problem with the reseller system. And if we don't do something about making sure that the consumer is adequately protected all we do is create more confusion. Some of it falls back to the Who Is (ph) but some of it falls back to what I consider to be an obligation we all have to make this process as full proof as possible to protect the people who use it.
And those are either somewhere down the line they're all our customers or clients one way or the other. Or they're users like Marilyns group, you know.
CADE: Yes, Ken I wasn't really hearing, and I want to query on that particular point, I wasn't hearing much of a difference on the solution. What I thought I was hearing from Steve (ph) was the idea that the definition of the timeframe, et cetera, et cetera would be a work item referred to the deletions group. Not the question of making a recommendation register hold as a because that relates to that would relate to Who Is (ph). That wouldn't that recommendation would not be appropriate to refer to the deletions task force.
KEN (ph): OK. I'm sorry. I wasn't trying to be getting on a soapbox.
CADE: But I want to make sure that Steve (ph) and I are in sync. That was ...
STEVE (ph): I'm not sure whether that's right or not, Marilyn, because in the paper that was the basis for, you know, that people were asked to comment on the issue of deletion following, you know, on the basis of false contact data in Who Is (ph) is addressed there, and we commented on it.
So I don't I'm not making any statements about who's jurisdiction it's within or who's turf it's within. All I'm saying is that it may be dealt with there. And that, you know, that may be a more efficient way to deal with it that would be fine. I don't think it's up to us I don't know whether it's up to use to refer it to them or whether they've all ready got it.
CADE: They don't.
STEVE (ph): That's my point.
CADE: They don't all ready have it Steve (ph). Tony (ph) and I are appointed as liaisons to that group to go through the work items where there would be, I don't want to call it overlap, but congruence or dependence is probably the better phrase. I've suggested that we need to do that after this task force has another week under its belt on what we where we see those items line. But I just again, hypothetically would see if this that this task force, having the expertise on Who Is (ph), if they recommend if we were to recommend the use of register hold registrar hold, I would think that the question of what is the period of time, making sure that there's consistency.
So since the task force is going to be looking at standard time the deletions task force is going to be looking at standard the need for standard timeframes for deletion of names. And where and they're input both from transfers and from Who Is (ph) on where it may be applicable to provide that as a tool to the registrar. But I don't want to beat that particular horse any further than we have. I was going to I'm going to invite Jordan (ph) to come and speak to the task force at some point. But they have not they're just having their first meeting and trying to get organized electing a chair. So until they have their first meeting, they won't even have gone through what they agree what their robust work items are going to be or what their timeframe is. They're on a very short timeframe because they're going to try and follow the new policy process, although it's all ready clear that that timeframe is much too short.
Let me go back to the question of long hanging fruit and hear from other people. Because if we if you accept the proposal that I've laid out that was given to me by the Names Council (ph) chair and that I will tell you that I find merit in, we would do recommendations around 1A and 1B and around four however down (ph). And then we would do by that I mean, we would make specific policy recommendations. And we would then recommend next steps or more work on two and three documenting the work we all ready have. And assessing what can be done or what else needs to be done.
We would then also recommend or document the two or three outreach efforts the one with the GAC (ph) and the CCTOBs. And address how we recommend the learning and awareness issues related that the GAC (ph) is concerned about which is it is not only about privacy. That is sometimes how it's presented. But it's very much about the misuse of data. So it's spam. It's whether the data's being misused. Whether it's being used in ways that registrants would not agree with, whether there's improper resale not under the bulk licensing agreement.
But Steve (ph), for instance, there's an incident where a number of people have had their IP addresses so in a list that I'm aware of. And it's clearly a data mined list. It may be from the ripe (ph) and errand (ph) databases rather than from Who Is (ph). But it's in that space that's the some of the government people are concerned about misuses of the data and what can be done is anything under the existing and whether it's even within the scope of the registrars or registries to deal with it or it's not.
There's also some interest on the part of the OECD and WIPO on doing some further things that might encourage CCLTBs to become more aware of what steps they may take to become more automated if they are not all ready automated, et cetera.
THOMAS (ph): So just to come back t o the actual work items, before I get if I understand you correctly, so the most precise suggestions are going to be 1A and 4A, right?
CADE: Would it be just on 4A? Wouldn't it be on all of four? Bulk access being different than resell or misuse of the data?
THOMAS (ph): What do you mean when you say about as the entire four, all three public resale? What can be done to limit unauthorized access and bulk access problems?
CADE: Right. And I was making that A, B, C.
THOMAS (ph): Yes. So you think we can get to something on all of these, OK. And 1B sanctions program or something like that except (ph) for (ph) Jersey (ph) would be one of the mid to long-term items, right?
CADE: Right.
THOMAS (ph): OK.
STEVE (ph): Yes, I think the division you had for one Marilyn is -may again, I would say, might be very useful for four also.
CADE: Right. Dividing it in ...
STEVE (ph): Yes, what can be done under the current contract. And then in a slightly longer term, maybe not too long, what changes need to be made? What changes would we recommend be made.
CADE: Right. Have any of you had a chance to look at Louie's (ph) document in an detail in relation to Who Is (ph)?
STEVE (ph): You mean his document about that he sent out before just before the Shanghai meeting? Or is there another document?
CADE: Yes.
UNIDENTIFIED PARTICIPANT: I don't even remember it's been so long.
STEVE (ph): Yes, I well I did at the time. And as I have asked him a couple of times, he didn't make this distinction between things that ...
CADE: Right.
STEVE (ph): That dealt with implementation of the existing contracts and things that would require changes. I think he has made the very valid point that to change the contract you're going to need a lot of buy in. I don't know whether you need I mean without getting into the consensus or not where you obviously need a lot of buy in from the other parties of the contract.
It's a I think it makes sense to look first at things that could be done under the existing contract, but he didn't make that distinction, I don't think in his paper.
CADE: You know, the I had the benefit on the transfers task for of having both Jeff Neman (ph) and Ross Rader (ph) and Dan (ph) available. Who Ross (ph) and Jeff (ph) are very, very knowledgeable about what's in the registrar contract and the registry contract. And Dan (ph) is available as a resource there in a way that he's not unfortunately on Who Is (ph).
So I have asked what, and I talked to Louie (ph) about this last night, on what help we can get to walk through the appendix to and sort out which of these are implementable (ph) and which are not.
THOMAS (ph): I have some problem understanding one point.
CADE: OK.
THOMAS (ph): What do we mean by implementable (ph) under the current contract. This is just supposed to be confirmation? Please enforce this regulation, please enforce that regulation. Or is this about adding policy under the contractual language?
CADE: Well for instance ...
STEVE (ph): Well can I give an example?
CADE: Yes, do.
STEVE (ph): I'll just look at our recommendation 1.0.A.4.C.
THOMAS (ph): Please give an executive summary of what's in there.
STEVE (ph): OK. I will. ICAN (ph) has all ready said that accepting under the existing contract, it's told the registrars that accepting unverified corrective data from a registrant that is all ready deliberately provided incorrect data may not be appropriate. And our recommendation is that they tell the registrars it is not appropriate to accept unverified, quote corrected, unquote data from a registrant that has all ready deliberately provided incorrect data.
Now I don't know whether that's a policy question or not, but it's clearly something that's within the scope of the existing contract or at least ICAN (ph) thinks it is. And that's the kind of now, then we have to look at whether in light of the comments we've gotten from the registrars we'd want to modify our any of our recommendations, that's a separate question. But I think this is in the low hanging fruit category because what's in there does not require a change to the contract.
CADE: Steve (ph) we can I ask a question about this? But Thomas (ph) you wanted to say something first?
THOMAS (ph): No, no. Go ahead.
CADE: The registrars that spoke were fairly articulate about the fact that they don't presently keep, they didn't use this term, I'm going to use it, blacklist of someone who's previously provided incorrect data. That's not something they do.
STEVE (ph): This isn't about a blacklist. This is about someone that has provided incorrect data or it appears that it was done deliberately. The complaint comes in ...
UNIDENTIFIED PARTICIPANT: Kind of like UK.com?
STEVE (ph): Well I don't know whether what the circumstances of that were. Sometimes a human being actually has to look at these things. I know the registrars don't like that, but as we heard from dot-CA it does not kill you to do it.
THOMAS (ph): It does not kill them.
STEVE (ph): So well and they are larger than 90 percent of the registrars.
CADE: I'm sorry. We heard ...
STEVE (ph): Let's not get on ...
CADE: No, I'm trying to understand what you said, we heard from who? Sorry.
STEVE (ph): Dot-CA.
CADE: Dot-CA.
UNIDENTIFIED PARTICIPANT: The Canadian registry when they came on and told us about their manual process a couple, gosh about a month ago.
STEVE (ph): Right.
CADE: OK. I just wanted to be sure I captured who you had said, sorry.
STEVE (ph): But getting back to this recommendation. This is when someone has submitted incorrect data under circumstances that it appears to have been deliberate. They a complaint comes in about it. The registrar asks, you know, contacts the registrant and says please correct your data. And then new data comes in. The question is should that be accepted as without verification? Or should some verification be required?
CADE: I got you. OK.
STEVE (ph): Probably the issue that was raised, for example, in the OECD (ph) paper ...
THOMAS (ph): So you're now talking about future registration from the same registrant, right?
STEVE (ph): No. I'm talking about the same registration.
THOMAS (ph): OK. Thank you.
UNIDENTIFIED PARTICIPANT: Just to maintain that registration.
STEVE (ph): That's right. So the question is should they should ICAN (ph) instruct the registrars under the existing contract that were they to remain in compliance with the existing contract they should they would require some sort of verification of that data. Now if we agreed to go forward from that recommendation, I think one thing we're hearing from the registrars is well there's undefined terms I there about deliberately providing incorrect data and what kind of verification. And I think those are very legitimate points and we would we ought to see what we could do to specify them or at least have a process for specifying.
But I think this falls in the category of low hanging fruit as Marilyn described it because it would not require a change in the contract.
CADE: There's a work item over in the transfers task force that Christine Russo (ph) has done for us that I will ask her to provide to this group. And it was a look at the variety of different kinds of identification that might be widely available such as, you know, some countries don't have the counterpart of drivers license. They have something with pictures only of something else.
But she's done a pretty exhaustive list that I'll get sent over to this group.
UNIDENTIFIED PARTICIPANT: That was my question. That's so cool.
CADE: And one of the things that, of course, we found is that there countries that have a citizen ID card or something of that nature as well. I can name four and another one soon to have that. Hopefully not this country.
Sorry, Thomas (ph).
THOMAS (ph): I have OK, I think that this specific category of low hanging fruit basically isn't contract change or policy but really is the task force giving a particular interpretation of existing contractual language which may not be entirely clear. So the next question is what about those parts of the RAA, where the RAA felt safe that certain provisions may be replaced by a policy adopted by ICAN (ph). This is all ready in the long-term category? Do we consider this a thing for the mid term? Or do we even believe that we can get a formal consensus making process which would be necessary in this case?
CADE: Do you have an example in mind?
THOMAS (ph): The bulk access provisions.
CADE: Pardon me?
THOMAS (ph): The bulk access provisions. There's an explicit sentence in the agreement, not in the agreement, I'm sorry. In the RAA which says that the bulk access provision can be removed or changed either by the DOC noting that there is sufficient competition. Or by a containment (ph) policy as defined somewhere in the RAA.
CADE: Well let's talk a little bit about bulk access and then move in a different direction. So what's the view of those of you on the call about our ability to well our bulk access recommendation is and is the chair of that group on the call still?
THOMAS (ph): Karen (ph)?
KAREN (ph): I'm still here.
CADE: OK. Karen (ph) the bulk access recommendations what do you think your working group basically what you asked the question, I'm just looking to see we don't actually have a we have a question about whether bulk access about whether we should completely restrict bulk access for any marketing purposes, right?
THOMAS (ph): We have I think we all ready have a question which asks can we identify a so called legitimate users and restrict bulk access to them but something different may be different than non marketing users.
Actually, Marilyn you're right now getting into the direction of asking can we get to consensus? The question I was trying to ask is, how should I put it? OK. No, forget it, the question was bad. OK. The question is the real question is most likely really can we achieve something like consensus hear. And I think in order to do that we would have to thoroughly read the GTLD constituent registry constituencies comments. They have a lot of concerns about the feasibility of the recommendations we have been making.
CADE: The GTLD registry?
THOMAS (ph): Yes, the comments posted by Karen (ph). Yes, some interesting stuff in there.
CADE: Yes. Karen (ph), can you comment on that?
KAREN (ph): Well I was going to say to the consensus point, I would think that that would be, I would think, sort of a mid to long-term goal rather than something we would be able to do now.