Re: [gnso-irtp-b-jun09] 60 day lock following registrant change

[George Kirikos <icann@xxxxxxxx>]

Hi Michael (and the rest of the group),

On Wed, Jul 7, 2010 at 8:00 AM, Michael Collins <mc@xxxxxxxxxxxxxxxxx> wrote:
> appreciation for your participation. However, it is difficult for the group
> to make progress on our mission if we spend much time discussing situations
> where you are arguing more than one PDP issue at once.

There *is* an interaction between various issues, so one can't simply
treat them as separate. For example, just to pull an unrelated
example, why would I care about new TLD pricing (e.g. when they tried
to eliminate price caps on biz/info/org, and continue to try to do
that in DAGv4)? I don't plan to register any new TLD domains, as
they're garbage. I do care, though, because there's the "equal
treatment" clauses in the .com agreement, so if something happens in
.shop, it suddenly has an impact on me in .com. Or, to pick another
issue, how so many things regarding abuse policies, etc., interact
with WHOIS policies.

> The group's report states; "The WG agrees that there should be a mechanism
> to dispute an ETRP but has not reached agreement on how such a mechanism
> might work." Please continue to encourage the WG to include a dispute
> provision and even help to design it. However, we should discuss item C
> without using an incomplete ETRP as the primary basis for your position. If
> you remove it from your example, the effect of a 60 lock do not seem so
> onerous. One could, as GoDaddy suggests, transfer the domain to a preferred
> registrar before a registrant change.

(1) I didn't just read and rely upon the report, I read *all* public
discussions and transcripts related to the workgroup (unfortunately
for the public, much discussion on the ETRP was closed off in private
sub-groups). When you have folks saying stuff like:

http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00285.html

"In short, I think we should consider going forward with an alternate
version that doesn't include a means to dispute the ETRP.  I say this
with full acknowledgment to the problems that Michael, Kevin, Barbara
and others have identified, and the efforts of the Working Group to
address them.  But the "ETRP Dispute" contains some fundamental flaws
that could derail our entire proposal."

or

http://gnso.icann.org/meetings/transcript-irtp-b-27apr10-en.pdf

"Good points Mikey and Marika. I would agree with one qualifier is
that I think that when initial reports are released they do tend to
take on a certain degree of inertia. And while they do change between
the initial and the final I think that they probably are 80% of the
recommendations are contained in one (unintelligible) other. (page 5)"

and combine that with the enormous lethargy that I've seen in this
group to date, it raises alarm bells.

(2) The 60-day lock *is* onerous, on its own. And not just to me, but
to others (see the links I've posted in prior messages). On special
request, one can avoid it, but one shouldn't *have* to beg for that
special request -- it should be (and my opinion is) a fundamental
right. The registrar should be doing the proper checks *before* the
registrant change takes place. This was one of the 4 questions I asked
at the bottom of:

http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00349.html

(i.e. see (a) there) I'll repeat it here. Why is the 60 day lock
required, if the registrar is properly authenticating registrant
changes (as they should already be doing!)?

(3) The "best practice" of transferring to a preferred registrar
*before* the registrar change is thwarted by the ETRP, i.e. a direct
interaction between the policies. At least under the status quo, I can
"route around the damage" of the 60-day lock by making a smart choice
as how to effect the change of registrant. I wouldn't be able to route
around the damage anymore.

> If the group moves away from creating an ETRP dispute mechanism that it
> agrees is needed, then I support your argument of the combined effects of
> these decisions. For now, I would prefer you help create an acceptable
> dispute provision. It is not an easy task!

Why invest hundreds or thousands of hours in a bad idea, trying to
"polish the turd" so to speak? One shouldn't become emotionally
attached to the ETRP, and instead focus on the *real* issue, which is:

REAL ISSUE: How do we effect a secure change of registrant/registrar?

That's the fundamental issue. See the bottom of my prior post at:

http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00357.html

where I wrote ******IMPORTANT BELOW*****. Isn't it hilarious that the
WG would spend time tryign to answer "how do we make sure that the
ETRP is of a proper form, and authorized" when whatever it came up
with could just be applied directly to the *fundamental issue*, i.e.
making sure that registrant changes and registrar transfers are of the
proper form and authorized?? I'm sitting here dumbfounded as I type
this ---- what is everyone else in the workgroup thinking???!!!!???
Why take a circuitous route and develop the world's most secure
process for authorizing and authenticating an ETRP request, when
instead one could just focus on the actual problem directly?

> You bring up one point that causes me to rethink our decision about item C.
> What is to prevent a registrar from using a lock longer than 60 days? A 60
> day lock does not seem onerous to me, but a 360 day lock might be. I doubt
> that a 50-year lock would fly with compliance, but I am not sure of that. In
> light of this concern, should we reconsider prohibiting a lock when there is
> a registrant change, specifying an appropriate lock period or even requiring
> a 60-day lock for all registrars?

I'm glad to see you're coming around. Hopefully others begin to feel
uncomfortable with the ramifications of ICANN's current
interpretation, because it would lead to bad places.

**** IMPORTANT BELOW **** COULD BE PUT INTO NEW THREAD******
I believe another route to attack ICANN's current interpretation is
via the word "voluntarily" in the transfer policy, i.e. it says:

"Express written objection to the transfer from the Transfer Contact.
(e.g. - email, fax, paper document or other processes by which the
Transfer Contact has expressly and ****voluntarily***** objected
through opt-in means)"

(emphasis added for "voluntarily")

There are various definitions of "voluntarily" or "voluntary", but I
think the most apt one is #7 at:

http://www.merriam-webster.com/dictionary/voluntarily
http://www.merriam-webster.com/dictionary/voluntary

"acting or done of one's own free will without valuable consideration
or legal obligation"

I believe that destroys GoDaddy and ICANN's interpretation, because
one simply *cannot* opt-in via a *binding legal contract* to something
that is *voluntary*. I ask that ICANN's compliance take another look
at this. If something is truly voluntary, the "express written
objection" can be revoked at *any time* and is thus not permanent or
binding in any way legally (perhaps I should start a new thread on
this, just this focused legal language for ICANN's consideration?).
**** IMPORTANT ABOVE **** COULD BE PUT INTO NEW THREAD******

When I'm reading the contracts/policies, etc. I'm always looking to
see what the loopholes are, as I expect that someone will try to
exploit them (that's why price caps were so important, because
otherwise it would have led to .tv style tiered pricing; simply
removing all references to prices created a loophole). In this case,
ICANN suggesting that registrants could "opt-out" of a fundamental
right (the fundamental right being the right to transfer to one's
registrar of choice at any time past the first 60 days measured from
creation date) would create a brand new loophole that more malevolent
registrars could exploit and abuse (i.e. far worse than what GD is
currently doing), thereby hurting registrants.

The funny thing is, on request GD will waive the 60-day lock, and
folks like myself have never been denied that request. Even the guy I
wrote about last month who was whining on Twitter about
threecrowpress.com was able to get his transfer done:

http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00331.html
http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00326.html

So, GoDaddy can be reasonable (even though I might appear to be
"picking on them" sometimes, they're big enough to take it, I'm sure;
it's not like I have any power over them; they're much larger
financially). So the question for GoDaddy, or anyone else is the same
as I asked yesterday at the bottom of:

http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00349.html

(a) If we have properly authenticated registrant changes (i.e. like
Registrar Y), do we need the 60 day lock after a registrant change? If
so, what purpose does it serve? (besides holding the name hostage, and
perhaps allowing registrars to make an extra renewal fee margin 1/6th
of the time)

(and all the rest) Those should be simple, straightforward
questions.....the silence is deafening. In even more direct terms, if
"special" folks have been able to get the 60-day lock waived at
GoDaddy, why isn't *everyone* special? Here are 2 answers that I would
*expect* that they (or other registrars) might reply with (and I'm
sure James or Tim will jump in to correct me, but might not feel brave
enough to simply answer directly):

(i) "It would cost too much time/money! It would cut into margins to
"do security right" for *everyone*, or it would raise prices." This
would be a useful answer, as it least it would lead to avenues of
discussion like: What are the actual costs? Can some folks opt-in to
pay those higher costs directly (i.e. like my irrevocable transfer
policy proposal)? Should ICANN have minimum standards/expectations of
registrars? Should business models be supported that "cut corners" (or
is that the root of hijacking to begin with?)? What can
ICANN/registries/registrars do to lower actual costs for everyone?
etc.

(ii) "We don't believe fraud was involved in your registrant change so
we let the name go." Recall from the transfer policy:

http://www.icann.org/en/transfers/policy-12jul04.htm

the first reason for a denial is "evidence of fraud." Deconstructing
this answer, what it would really reveal is a "60 day hold" is in
reality being used as a weak test for fraud. This goes back around to
(i), though, i.e. what test did you use because I was "special", to
know fraud wasn't involved, and that it was a legitimate transfer, and
why can't you do the same for everyone" --- money!

(iii) No one has yet raised the "voluntary" issue before (see above),
and we don't want ICANN to quash our current interpretation of the
"opt-in" procedure.

Anyhow, I hope some of the above gets the mental juices flowing.....

Sincerely,

George Kirikos
416-588-0269
http://www.leap.com/