[gnso-lockpdp-wg] RE: Lock definition

["Dorrain, Kristine" <kdorrain@xxxxxxxxxxxx>]

I'm trying hard to not just say "this isn't quite right"(without proposing a 
solution) but I can't figure out how.  I'll start by addressing this portion:

A Registrar may not permit changes to the registrant name field or registrant 
address field in WHOIS... after receipt of a request for verification is 
received by the Registrar from the Provider, ... except...to change the 
registrant name field or registrant address field in WHOIS prior to 
commencement of administrative proceedings under the Policy...

Here is the timeline:

Day 1 UDRP Complaint Received
Day 1 Provider requests "verification" (which includes Respondent identity and 
confirmation of Lock)
[optimistically] Day 2 Provider receives from Registrar confirmation of 
Respondent identity and Lock)
Day 2 (or 3) Provider performs administrative compliance check (aka "deficiency 
check") relying on Registrar's response and current Whois data
Days 4-9 Complainant complies with Provider requests and sends Amended 
complaint.
Day 10 Provider commences the case, serving the addresses listed in the Whois 
(as cultivated on Day 1, Day 2, and Day 10), listed in the Complaint, and as 
provided by the Registrar on Day 2.

At what point, does this group feel (I have my own thoughts on this), can the 
Provider stop the roulette wheel and say "I'm going to do my compliance check 
and the complainant will need to live with the identification of the 
Respondent."

Because identification of "who is the Respondent" matters (even in spite of the 
fact that the Panel can 'name' the case however it wants when its appointed):
1. for mutual jurisdiction purposes
2. for service/notice
3. to ensure that each complaint goes against only one Respondent

If it is permitted for details to be updated up until commencement, then the 
Provider can go to commence the case on Day 10, notice a change and now the 
Complaint is mis-captioned/Respondent is mis-identified and the Provider has to 
do its deficiency check all over again and go back to Complainant again (who at 
this time is well past livid).  

The Respondent can always email us correct information for themselves.

So maybe what I'm proposing is something more like:
***************************
A Registrar may not permit transfer to another registrant or registrar after 
receipt of a request for verification is received by the Registrar from the 
Provider, except in limited situations involving an arbitration not conducted 
under the Policy or involving litigation as provided by Policy Paragraphs 8(a) 
or 8(b).  For the purposes of UDRP, the Registrant listed in the Whois record 
at the time of the Lock will be recorded as the Respondent.  Any changes to 
WHOIS information during the pendency of the administrative proceeding under 
the Policy may be permitted or prohibited based on the Registrar's applicable 
policies and contracts, however, it is the responsibility of the Registrant 
(UDRP Rule 2(e) and UDRP Rule 5(b)(ii)) to inform the Provider of any relevant 
updates that may affect Provider notices and obligations to Respondent under 
the UDRP.

Privacy/Proxy services:  [I think we were going to get some data from Volker 
here, but I'll toss this out there for discussion:]
A registrar may opt to reveal underlying data in a privacy/proxy relationship 
to the Provider or in the Whois, or both, if it is aware of such.  This will 
not count as a "transfer" in violation of the above, if it occurs prior to the 
Lock (and the Registrar's reply to the Provider).  If a privacy/proxy 
relationship is revealed or released after the Lock is applied and the Provider 
is notified, the Provider is under no obligation to require Complainant to 
amend its complaint accordingly, but may do so, in its discretion.  It is the 
responsibility of the Registrant (UDRP Rule 2(e) and UDRP Rule 5(b)(ii)) to 
inform the Provider of any relevant updates that may affect Provider notices 
and obligations to Respondent under the UDRP and the Provider shall, in 
accordance with the UDRP, provide Respondent with case information at the 
details it prefers once the Provider is aware of the update (UDRP 5(b)(iii) 
requires Provider to send communications to the preferred email address of 
Respondent, for instance).
****************************
This iteration basically codifies NAF's practice (David R-T, feel free to chime 
in as to if it supports WIPO's practice) with an addition to prevent chasing 
our tails.  We get the email from the Registrar saying "yep, domain is locked, 
carry on."  We pull the Whois, look at the email sent by the Registrar and tell 
the Complainant: "the party named in the complaint is ok or not...fix it if 
not".  Once we're good to go, we commence the case according the UDRP Rule 
2(a)(i) and (ii).   If someone has pulled the rug out from under us by changing 
the Whois again (when we have a look on "day 10"), we have to start over.  
However, once we send the commencement docs out, the Whois can change 100 
times, but unless the Respondent tells us it wants to update contact 
information we're done looking.

Kristine
-----Original Message-----
From: owner-gnso-lockpdp-wg@xxxxxxxxx [mailto:owner-gnso-lockpdp-wg@xxxxxxxxx] 
On Behalf Of Schneller, Matt
Sent: Thursday, January 17, 2013 10:10 AM
To: Gnso-lockpdp-wg@xxxxxxxxx
Subject: [gnso-lockpdp-wg] Lock definition


Hi everyone,

Would a statement like the following work, maybe somewhere in Rule 4?  

A Registrar may not permit changes to the registrant name field or registrant 
address field in WHOIS and may not permit transfer to another registrar after 
receipt of a request for verification is received by the Registrar from the 
Provider, except in limited situations involving a arbitration not conducted 
under the Policy or involving litigation as provided by Policy Paragraphs 8(a) 
or 8(b), or to change the registrant name field or registrant address field in 
WHOIS prior to commencement of administrative proceedings under the Policy [in 
accordance with whatever paragraph of the Rules Volker's proposed amendment 
related to accredited privacy/proxy services ends up in, or maybe Volker's rule 
could just go here].  Any other changes to WHOIS information during the 
pendency of the administrative proceeding under the Policy may be permitted or 
prohibited based on the Registrar's applicable policies and contracts.

That would be clear about the registrar's minimum requirements to meet UDRP, 
and be clear that anything else is up to policies imposed by the registrar 
instead of being an unwritten inference as it is now.  This would allow 
registrars to continue to have widely varied practices in accordance with their 
different business models, as we saw reflected in the initial surveys.  

Matt