Re: [gnso-irtp-b-jun09] 60 day lock following registrant change

["Michele Neylon :: Blacknight" <michele@xxxxxxxxxxxxx>]

On 7 Jul 2010, at 14:32, George Kirikos wrote:

> 
> Hi Michael (and the rest of the group),
> 
> On Wed, Jul 7, 2010 at 8:00 AM, Michael Collins <mc@xxxxxxxxxxxxxxxxx> wrote:
>> appreciation for your participation. However, it is difficult for the group
>> to make progress on our mission if we spend much time discussing situations
>> where you are arguing more than one PDP issue at once.
> 
> There *is* an interaction between various issues, so one can't simply
> treat them as separate. For example, just to pull an unrelated
> example, why would I care about new TLD pricing (e.g. when they tried
> to eliminate price caps on biz/info/org, and continue to try to do
> that in DAGv4)? I don't plan to register any new TLD domains, as
> they're garbage.

How can something that doesn't exist be "garbage"? In any case that's your 
opinion - nothing else



> I do care, though, because there's the "equal
> treatment" clauses in the .com agreement, so if something happens in
> .shop, it suddenly has an impact on me in .com.

Where are you getting that from?

It's not a given that any new contract stipulation is going to have an impact 
on existing contracts. Sure - it will probably have an impact if they're 
renewed / reviewed, but assuming it's going to happen and it actually happening 
are two very different things



> Or, to pick another
> issue, how so many things regarding abuse policies, etc., interact
> with WHOIS policies.
> 
>> The group's report states; "The WG agrees that there should be a mechanism
>> to dispute an ETRP but has not reached agreement on how such a mechanism
>> might work." Please continue to encourage the WG to include a dispute
>> provision and even help to design it. However, we should discuss item C
>> without using an incomplete ETRP as the primary basis for your position. If
>> you remove it from your example, the effect of a 60 lock do not seem so
>> onerous. One could, as GoDaddy suggests, transfer the domain to a preferred
>> registrar before a registrant change.
> 
> (1) I didn't just read and rely upon the report, I read *all* public
> discussions and transcripts related to the workgroup (unfortunately
> for the public, much discussion on the ETRP was closed off in private
> sub-groups). When you have folks saying stuff like:
> 
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00285.html
> 
> "In short, I think we should consider going forward with an alternate
> version that doesn't include a means to dispute the ETRP.  I say this
> with full acknowledgment to the problems that Michael, Kevin, Barbara
> and others have identified, and the efforts of the Working Group to
> address them.  But the "ETRP Dispute" contains some fundamental flaws
> that could derail our entire proposal."
> 
> or
> 
> http://gnso.icann.org/meetings/transcript-irtp-b-27apr10-en.pdf
> 
> "Good points Mikey and Marika. I would agree with one qualifier is
> that I think that when initial reports are released they do tend to
> take on a certain degree of inertia. And while they do change between
> the initial and the final I think that they probably are 80% of the
> recommendations are contained in one (unintelligible) other. (page 5)"
> 
> and combine that with the enormous lethargy that I've seen in this
> group to date, it raises alarm bells.
> 
> (2) The 60-day lock *is* onerous, on its own. And not just to me, but
> to others (see the links I've posted in prior messages). On special
> request, one can avoid it, but one shouldn't *have* to beg for that
> special request -- it should be (and my opinion is) a fundamental
> right. The registrar should be doing the proper checks *before* the
> registrant change takes place. This was one of the 4 questions I asked
> at the bottom of:
> 
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00349.html
> 
> (i.e. see (a) there) I'll repeat it here. Why is the 60 day lock
> required, if the registrar is properly authenticating registrant
> changes (as they should already be doing!)?
> 
> (3) The "best practice" of transferring to a preferred registrar
> *before* the registrar change is thwarted by the ETRP, i.e. a direct
> interaction between the policies. At least under the status quo, I can
> "route around the damage" of the 60-day lock by making a smart choice
> as how to effect the change of registrant. I wouldn't be able to route
> around the damage anymore.
> 
>> If the group moves away from creating an ETRP dispute mechanism that it
>> agrees is needed, then I support your argument of the combined effects of
>> these decisions. For now, I would prefer you help create an acceptable
>> dispute provision. It is not an easy task!
> 
> Why invest hundreds or thousands of hours in a bad idea, trying to
> "polish the turd" so to speak? One shouldn't become emotionally
> attached to the ETRP, and instead focus on the *real* issue, which is:
> 
> REAL ISSUE: How do we effect a secure change of registrant/registrar?
> 
> That's the fundamental issue. See the bottom of my prior post at:
> 
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00357.html
> 
> where I wrote ******IMPORTANT BELOW*****. Isn't it hilarious that the
> WG would spend time tryign to answer "how do we make sure that the
> ETRP is of a proper form, and authorized" when whatever it came up
> with could just be applied directly to the *fundamental issue*, i.e.
> making sure that registrant changes and registrar transfers are of the
> proper form and authorized?? I'm sitting here dumbfounded as I type
> this ---- what is everyone else in the workgroup thinking???!!!!???
> Why take a circuitous route and develop the world's most secure
> process for authorizing and authenticating an ETRP request, when
> instead one could just focus on the actual problem directly?
> 
>> You bring up one point that causes me to rethink our decision about item C.
>> What is to prevent a registrar from using a lock longer than 60 days? A 60
>> day lock does not seem onerous to me, but a 360 day lock might be. I doubt
>> that a 50-year lock would fly with compliance, but I am not sure of that. In
>> light of this concern, should we reconsider prohibiting a lock when there is
>> a registrant change, specifying an appropriate lock period or even requiring
>> a 60-day lock for all registrars?
> 
> I'm glad to see you're coming around. Hopefully others begin to feel
> uncomfortable with the ramifications of ICANN's current
> interpretation, because it would lead to bad places.
> 
> **** IMPORTANT BELOW **** COULD BE PUT INTO NEW THREAD******
> I believe another route to attack ICANN's current interpretation is
> via the word "voluntarily" in the transfer policy, i.e. it says:
> 
> "Express written objection to the transfer from the Transfer Contact.
> (e.g. - email, fax, paper document or other processes by which the
> Transfer Contact has expressly and ****voluntarily***** objected
> through opt-in means)"
> 
> (emphasis added for "voluntarily")
> 
> There are various definitions of "voluntarily" or "voluntary", but I
> think the most apt one is #7 at:
> 
> http://www.merriam-webster.com/dictionary/voluntarily
> http://www.merriam-webster.com/dictionary/voluntary
> 
> "acting or done of one's own free will without valuable consideration
> or legal obligation"
> 
> I believe that destroys GoDaddy and ICANN's interpretation, because
> one simply *cannot* opt-in via a *binding legal contract* to something
> that is *voluntary*. I ask that ICANN's compliance take another look
> at this. If something is truly voluntary, the "express written
> objection" can be revoked at *any time* and is thus not permanent or
> binding in any way legally (perhaps I should start a new thread on
> this, just this focused legal language for ICANN's consideration?).


I have to disagree with the above.

I've bought domains in the aftermarket and moved them into my own account with 
GoDaddy. Each and every time I'm given the option about their 60 day lock. It 
clearly states that if I do X then Y will happen. It also clearly states that 
if I don't want to do that I can use another method to get around it


I am not being forced to agree to it. If I don't want to agree to it I can and 
the GoDaddy lock won't come into effect


> **** IMPORTANT ABOVE **** COULD BE PUT INTO NEW THREAD******

If you think something warrants its own thread please start one


> 
> When I'm reading the contracts/policies, etc. I'm always looking to
> see what the loopholes are, as I expect that someone will try to
> exploit them (that's why price caps were so important, because
> otherwise it would have led to .tv style tiered pricing; simply
> removing all references to prices created a loophole). In this case,
> ICANN suggesting that registrants could "opt-out" of a fundamental
> right (the fundamental right being the right to transfer to one's
> registrar of choice at any time past the first 60 days measured from
> creation date) would create a brand new loophole that more malevolent
> registrars could exploit and abuse (i.e. far worse than what GD is
> currently doing), thereby hurting registrants.
> 
> The funny thing is, on request GD will waive the 60-day lock, and
> folks like myself have never been denied that request. Even the guy I
> wrote about last month who was whining on Twitter about
> threecrowpress.com was able to get his transfer done:
> 
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00331.html
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00326.html
> 
> So, GoDaddy can be reasonable (even though I might appear to be
> "picking on them" sometimes, they're big enough to take it, I'm sure;
> it's not like I have any power over them; they're much larger
> financially). So the question for GoDaddy, or anyone else is the same
> as I asked yesterday at the bottom of:
> 
> http://forum.icann.org/lists/gnso-irtp-b-jun09/msg00349.html
> 
> (a) If we have properly authenticated registrant changes (i.e. like
> Registrar Y), do we need the 60 day lock after a registrant change? If
> so, what purpose does it serve? (besides holding the name hostage, and
> perhaps allowing registrars to make an extra renewal fee margin 1/6th
> of the time)
> 
> (and all the rest) Those should be simple, straightforward
> questions.....the silence is deafening. In even more direct terms, if
> "special" folks have been able to get the 60-day lock waived at
> GoDaddy, why isn't *everyone* special? Here are 2 answers that I would
> *expect* that they (or other registrars) might reply with (and I'm
> sure James or Tim will jump in to correct me, but might not feel brave
> enough to simply answer directly):
> 
> (i) "It would cost too much time/money! It would cut into margins to
> "do security right" for *everyone*, or it would raise prices." This
> would be a useful answer, as it least it would lead to avenues of
> discussion like: What are the actual costs? Can some folks opt-in to
> pay those higher costs directly (i.e. like my irrevocable transfer
> policy proposal)? Should ICANN have minimum standards/expectations of
> registrars? Should business models be supported that "cut corners" (or
> is that the root of hijacking to begin with?)? What can
> ICANN/registries/registrars do to lower actual costs for everyone?
> etc.
> 
> (ii) "We don't believe fraud was involved in your registrant change so
> we let the name go." Recall from the transfer policy:
> 
> http://www.icann.org/en/transfers/policy-12jul04.htm
> 
> the first reason for a denial is "evidence of fraud." Deconstructing
> this answer, what it would really reveal is a "60 day hold" is in
> reality being used as a weak test for fraud. This goes back around to
> (i), though, i.e. what test did you use because I was "special", to
> know fraud wasn't involved, and that it was a legitimate transfer, and
> why can't you do the same for everyone" --- money!
> 
> (iii) No one has yet raised the "voluntary" issue before (see above),
> and we don't want ICANN to quash our current interpretation of the
> "opt-in" procedure.
> 
> Anyhow, I hope some of the above gets the mental juices flowing.....
> 
> Sincerely,
> 
> George Kirikos
> 416-588-0269
> http://www.leap.com/

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.mobi/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845