RE: [gnso-rap-dt] RAPWG / Monday 28 September -- action items

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

Rod and Group:

Agree with your second point, particularly the bit about it being
non-trivial.  Also, it should be noted that there is a practical limit
to what can be gleaned from inferential data sources, so that data would
likely involve a high MOE. Additionally, I imagine that registries and
registrars are unlikely to share sensitive internal statistics on abuse
patterns in a public arena like ICANN.

Additionally, I am not clear if our charter requires / requests that
this group conduct the research, or alternatively if our remit is to
make recommendations and design parameters under which this research
should be gathered prior to any successive PDPs.

So, like you, I don't see a quick or easy way to resolve these
questions.  Either the WG takes on this task itself (long delay), or it
is positioned as a recommendation to ICANN or third-party (expensive,
and also delayed).

Thoughts?

J.



-------- Original Message --------
Subject: Re: [gnso-rap-dt] RAPWG / Monday 28 September -- action items
From: Rod Rasmussen <rod.rasmussen@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, September 30, 2009 9:07 am
To: Greg Aaron <gaaron@xxxxxxxxxxxx>
Cc: <gnso-rap-dt@xxxxxxxxx>

Two thoughts.

1) Another question for the larger group:


* What are the advantages and disadvantages of uniformity?
  –to law enforcement, first responders, and victims of domain name
registration abuses?


2) Hate to have to point this out, but I feel we really can't make any
definitive statements about whether or not uniformity matters without
correlating abusive activity at specific registrars to the various
differences in registration agreements.  Even correlation is not proof,
but it's a lot stronger than just guesswork/supposition.  If I put on my
very tattered old statistician's hat, I'd also say we'd have to do some
sort of regression analysis to remove other factors like a registrar's
incident response posture, ease of registration, pricing, and country of
domicile to really "prove" anything.  :-(  The next question is data -
where do we find registrar specific statistics on the various potential
"abuse" types we've discussed?  For cybersquatting we could look at the
body of data on UDRP decisions.  For spam, I know Spamhaus and SURBL
keep some registrar specific stats - not sure on "econometric" quality
though.  Phishing and malware sites though are tougher - we don't keep
registrar stats uniformly, but could probably come up with something. 
Other security companies may have some data here too, but I imagine it
may be skewed a bit depending on what they're looking at or working on
at any given time.


Having tried to pull similar information together in the past for
various exercises, this is a NON-TRIVIAL task!  So the question is, how
far do we proceed without data to back-up various posits on this
question?  If we need data, we'll need a plan to collect it, and
volunteers to provide it.


Best,


Rod

 
On Sep 29, 2009, at 10:14 AM, Greg Aaron wrote:

      Thanks for a good meeting yesterday, team!
 
Most of the discussion centered around uniformity of contracts. Kudos
again to Barry and the sub-team.  Here are some points for immediate and
longer-term follow-up. 
 
Long-term follow-up: As we discussed, Berry’s matrix was designed to
establish whether or not there is uniformity in contracts, and so far
nothing beyond that.  It is not meant to be exhaustive, and it is a
draft that will receive further tweaks.  When it is published in the
initial report, we will need to include a description of methodology,
and state explicitly what the matrix means and does not mean.  For
example it should be stated clearly that it's an evaluation done using
publicly available online agreements, and that the matrix may be missing
items that might be incorporated by reference, were placed in other
registrar-registrant agreements or terms of service, were simply not
located in the time available, etc.  James also noted that at some
point, registrars may need to validate their info.
 
Short-term action item: So, we see that there is no uniformity.  The
next question is: what does it mean?  The group’s next task is to
understand if registration abuses are occurring that might be curtailed
or better addressed if there was more uniformity.
 
Short-term action: 
Uniformity sub-group to put the below on wiki and flesh it out with
text.  All RAPWG members are also invited to add material and additional
questions.  Conclusions will be drafts to be run past the entire WG.
 
<quote>
Questions to the Larger Group
* What are the advantages and disadvantages of uniformity?
  –to Registrars 
  -to Abusers / Bad Actors / Criminals
  –to Registries
  -to Registrants
* Will it or can it apply across all jurisdictions?
* What market conditions could or will occur with uniformity changes?
* What are the side-effects or possible unintended consequences to
uniformity?
* If uniformity is the desired state how will the changes be monitored &
enforced?
* What are impacts to liability and changes to indemnification to uphold
ICANN abuse provisions?
 
U of C Sub-team Draft Conclusions
* Increased consistency across contracts creates a level playing field
amongst registrars
* If policies are consistent, then responsibility to enforce
consistently falls upon ICANN
* Lowest common denominator (minimum requirement) approach with abuse
provisions is best and allows entities to not be constrained by
exceeding the minimum
* A better understanding of cost projections for implementation are
required before formal recommendation"
</quote>
 
 
 All best,
--Greg Aaron