[gnso-rap-dt] FW: ICANN Compliance: (partial) response to questions posed by the RAP WG

[Marika Konings <marika.konings@xxxxxxxxx>]

Dear All,

For your information, please find below the response from ICANN Compliance 
concerning the Whois availability and accuracy questions raised by Greg.

William McKelligott will be participating in today's call in case there are any 
further questions.

With best regards,

Marika

------ Forwarded Message
From: William McKelligott <William.McKelligott@xxxxxxxxx>
Date: Sun, 13 Dec 2009 16:08:05 -0800
To: Marika Konings <marika.konings@xxxxxxxxx>, Greg Aaron <gaaron@xxxxxxxxxxxx>
Cc: Stacy Burnette <stacy.burnette@xxxxxxxxx>, David Giza <David.Giza@xxxxxxxxx>
Subject: ICANN Compliance: (partial) response to questions posed by the RAP WG

Marika and Greg,

As requested.  Per Dave's email, we will provide additional responses to 
questions posed by the WG by 8 January 2010.

Please contact me if you have any questions or if Compliance can be of further 
assistance.

Best,

William

________________________________
Q1.  What are the ICANN compliance reports published in the last three years 
that discuss WHOIS availability and accuracy reporting?  I am aware of the 
following; are there any others?
* 2007 "ICANN's Whois Data Accuracy and Availability Program": 
http://www.icann.org/en/whois/whois-data-accuracy-program-27apr07.pdf
* October 2007 Contractual Compliance Semi-Annual Report: 
http://www.icann.org/en/compliance/reports/contractual-compliance-audit-report-18oct07.pdf
* July 2008 Contractual Compliance Semi-Annual Report: 
http://icann.org/en/compliance/reports/contractual-compliance-audit-report-29jul08-en.pdf
* February 2009 Contractual Compliance Semi-Annual Report: 
http://icann.org/en/compliance/reports/contractual-compliance-report-27feb09-en.pdf

I have been unable to find the September 2009 Semi-Annual Report.  Was one 
published this autumn?

RESPONSE: The above reports are all of the reports published in the last three 
years regarding Whois availability and Whois accuracy.  The 2009 Contractual 
Compliance Semi-Annual Report will be published on or about 31 December 2009 
and it will include statistics regarding the WDPRS.

Q2.  ICANN has a system to monitor and enforce registrar compliance with port 
43 Whois service requirements; the 2007 report said it would  include both 
automated WHOIS server testing and manual reviews of registrar WHOIS output on 
a regular basis.  Can you provide any observations and data related to this 
monitoring, and is it described in any already-published documents?  
Specifically, can you tell us how many registrars ICANN found were not 
providing port 43 and/or Web WHOIS access?  Has ICANN encountered notable 
downtimes or lapses of registrar port 43 availability, or any other issues of 
note?

RESPONSE: Section 3.3 of the RAA, "Public Access to Data on Registered Names" 
defines the terms and conditions under which Registrars must provide a Port 43 
and interactive web-based Whois service available for public query.  The 
timeframes mentioned in the RAA single out the frequency in which Whois data 
fields must be updated (daily).  The RAA, however, is different from the 
registry operator agreements in that it doesn't specify any service level 
agreement (or performance metrics) of the continued availability of the Whois 
service provided by registrars.

ICANN has developed a Whois server audit tool which monitors access to 
registrars' Whois servers over a Port 43 connection.  The script developed for 
this task retrieves data for 4 registered domain names for each accredited 
registrar.  These domains are selected from the zone file which is obtained by 
ICANN periodically. The purpose of the audit is to flag Whois servers that are 
down for an amount of time that is suspect and probably not just a 
manifestation of periodic server maintenance or scheduled update.  What is the 
"reasonable amount of time" for a server to be down? Probably no more than an 
hour or so per day, although these are ICANN internal, 'soft metrics',  not 
agreed-upon timeframes with registrars.  The script records the results and 
flags registrars that prevent access to data on registered names.  Transient 
network problems are less of a concern, so ICANN focuses on long-term behavior, 
i.e., registrars which ICANN is unable to communicate with for several days in 
a row.

Once ICANN identifies the registrar(s), ICANN Compliance conducts Port 43 
queries from alternate IP addresses to ensure that the communication error was 
not due to a problem with  ICANN's server.  If the problem is verified, ICANN 
reaches out to the registrar.  The same occurs when ICANN obtains complaints 
from the community that experience either trouble locating the interactive 
web-based search tool for Whois queries for a registrar or are unable to obtain 
any results from these queries.  The RAA requires that registrars provide 
access to data on registered names but also recognizes that, in some instances, 
the data can later be used for the wrong purpose... This may be one of the 
reasons why registrars commonly block specific IP addresses from resolving 
queries on their Whois server and place them on a black list.  There is no set 
definition on the number of queries that would be 'reasonable' before a 
specific IP address is blocked and potentially blacklisted.  After reaching out 
to registrars to resolve access issues, they frequently create 'white lists' of 
IP addresses that are brought to their attention to allow them to access Whois 
data.  ICANN Compliance regularly follows up with the complainant to see if the 
problem persists and, fortunately, this appears to be an effective (informal) 
mechanism to resolve these problems.

ICANN also reaches out to registrars that provide access to data on registered 
names but provide 'thin', not 'think', Whois data.  The former does not provide 
details on the registered name holder and additional contacts, which is 
required by the RAA.

Aside from metrics on informal outreach to resolve blocked Whois servers and 
incomplete, or 'thin', Whois data with registrars, which have been more than 
two dozen in the past 6-8 months, Compliance could provide bi-weekly statistics 
to the WG from here on out to on the number of registrars that showed a pattern 
of restricting access to their Whois server over a Port 43 connection.

These statistics have not been published before.  Details to follow.

Q4:  In the last three years, how many notices of breach of the Registrar 
Accreditation Agreement has ICANN sent to registrars for failure to adhere to 
WHOIS-related obligations?  (Including failure to provide Web-based or port 43 
access, or related to WHOIS data inaccuracies.)

ICANN sent eleven (11) escalated compliance notices (e.g. notices of breach, 
termination or non-renewal) to registrars for failure to comply with Whois 
provisions of the Registrar Accreditation Agreement. This information is 
published on the Contractual Compliance website at 
http://www.icann.org/en/compliance/.  For your convenience, please see the 
links below for detailed information regarding the escalated compliance notices 
sent.

Notices of Breach, Termination and Non-Renewal
19 November 2009: ICANN Notice of Non-Renewal of RAA 
<http://www.icann.org/correspondence/burnette-to-dicker-19nov09-en.pdf>  
(Domain Jingles, Inc.)
9 October 2009: ICANN Notice of Non-Renewal of RAA 
<http://www.icann.org/correspondence/burnette-to-bahlitzanakis-09oct09-en.pdf>  
(BP Holdings Group, Inc. dba IS.COM)
8 October 2009: ICANN Sends Notice of Breach to Registrar 
<http://www.icann.org/correspondence/burnette-to-bahlitzanakis-08oct09-en.pdf>  
(CodyCorp)
11 September 2009: ICANN Sends Notice of Termination to Registrar 
<http://www.icann.org/correspondence/burnette-to-sundin-11sep09-en.pdf>  (Red 
Register, Inc.)
30 July 2009: ICANN Notice of Non-Renewal of RAA 
<http://www.icann.org/correspondence/burnette-to-friedman-30jul09-en.pdf>  
(South America Domains Ltd. dba namefrog.com)
9 April 2009: ICANN Sends Notice of Termination to Registrar 
<http://www.icann.org/correspondence/burnette-to-valdes-09apr09-en.pdf>  
(Parava Networks, Inc. dba 10-Domains.com)
8 April 2009: ICANN Sends Notice of Termination to Registrar 
<http://www.icann.org/correspondence/burnette-to-bordes-08apr09-en.pdf>  
(DropLimited.com, Inc.)
27 February 2009: ICANN Sends Notice of Breach to Registrar 
<http://www.icann.org/correspondence/burnette-to-valdes-27feb09-en.pdf>  
(Parava Networks, Inc.)
4 February 2009: ICANN Sends Notice of Breach to Registrar 
<http://www.icann.org/correspondence/burnette-to-bordes-04feb09-en.pdf>  
(DropLimited.com, Inc.)
30 September 2008: ICANN Sends Notice of Breach to Registrar 
<http://www.icann.org/correspondence/burnette-to-hu-30sep08-en.pdf>  (Beijing 
Innovative Linkage Technology)
30 September 2008: ICANN Sends Notice of Breach to Registrar 
<http://www.icann.org/correspondence/burnette-to-legenhausen-30sep08-en.pdf>  
(CSL Computer Service Langenbach GmbH)




------ End of Forwarded Message