Re: [gnso-rap-dt] RAPWG / Monday 28 September -- action items

[Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>]

Two thoughts.

1) Another question for the larger group:

* What are the advantages and disadvantages of uniformity?
  –to law enforcement, first responders, and victims of domain name  
registration abuses?
2) Hate to have to point this out, but I feel we really can't make any  
definitive statements about whether or not uniformity matters without  
correlating abusive activity at specific registrars to the various  
differences in registration agreements.  Even correlation is not  
proof, but it's a lot stronger than just guesswork/supposition.  If I  
put on my very tattered old statistician's hat, I'd also say we'd have  
to do some sort of regression analysis to remove other factors like a  
registrar's incident response posture, ease of registration, pricing,  
and country of domicile to really "prove" anything.  :-(  The next  
question is data - where do we find registrar specific statistics on  
the various potential "abuse" types we've discussed?  For  
cybersquatting we could look at the body of data on UDRP decisions.   
For spam, I know Spamhaus and SURBL keep some registrar specific stats  
- not sure on "econometric" quality though.  Phishing and malware  
sites though are tougher - we don't keep registrar stats uniformly,  
but could probably come up with something.  Other security companies  
may have some data here too, but I imagine it may be skewed a bit  
depending on what they're looking at or working on at any given time.
Having tried to pull similar information together in the past for  
various exercises, this is a NON-TRIVIAL task!  So the question is,  
how far do we proceed without data to back-up various posits on this  
question?  If we need data, we'll need a plan to collect it, and  
volunteers to provide it.
Best,

Rod


On Sep 29, 2009, at 10:14 AM, Greg Aaron wrote:

> Thanks for a good meeting yesterday, team!
>
> Most of the discussion centered around uniformity of contracts.  
> Kudos again to Barry and the sub-team.  Here are some points for  
> immediate and longer-term follow-up.
> Long-term follow-up: As we discussed, Berry’s matrix was designed to  
> establish whether or not there is uniformity in contracts, and so  
> far nothing beyond that.  It is not meant to be exhaustive, and it  
> is a draft that will receive further tweaks.  When it is published  
> in the initial report, we will need to include a description of  
> methodology, and state explicitly what the matrix means and does not  
> mean.  For example it should be stated clearly that it's an  
> evaluation done using publicly available online agreements, and that  
> the matrix may be missing items that might be incorporated by  
> reference, were placed in other registrar-registrant agreements or  
> terms of service, were simply not located in the time available,  
> etc.  James also noted that at some point, registrars may need to  
> validate their info.
> Short-term action item: So, we see that there is no uniformity.  The  
> next question is: what does it mean?  The group’s next task is to  
> understand if registration abuses are occurring that might be  
> curtailed or better addressed if there was more uniformity.
> Short-term action:
> Uniformity sub-group to put the below on wiki and flesh it out with  
> text.  All RAPWG members are also invited to add material and  
> additional questions.  Conclusions will be drafts to be run past the  
> entire WG.
> <quote>
> Questions to the Larger Group
> * What are the advantages and disadvantages of uniformity?
>   –to Registrars
>   -to Abusers / Bad Actors / Criminals
>   –to Registries
>   -to Registrants
> * Will it or can it apply across all jurisdictions?
> * What market conditions could or will occur with uniformity changes?
> * What are the side-effects or possible unintended consequences to  
> uniformity?
> * If uniformity is the desired state how will the changes be  
> monitored & enforced?
> * What are impacts to liability and changes to indemnification to  
> uphold ICANN abuse provisions?
> U of C Sub-team Draft Conclusions
> * Increased consistency across contracts creates a level playing  
> field amongst registrars
> * If policies are consistent, then responsibility to enforce  
> consistently falls upon ICANN
> * Lowest common denominator (minimum requirement) approach with  
> abuse provisions is best and allows entities to not be constrained  
> by exceeding the minimum
> * A better understanding of cost projections for implementation are  
> required before formal recommendation"
> </quote>
>
>
> All best,
> --Greg Aaron