Summary and analysis of public comments for the Inter-Registrar Transfer Policy Part B Policy Development Process Initial Report

[Marika Konings <marika.konings@xxxxxxxxx>]

Disclaimer: This summary is not a full and complete recitation of the relevant 
comments received. It is an attempt to capture in broad terms the nature and 
scope of the comments. This summary has been prepared in an effort to highlight 
key elements of these submissions in an abbreviated format, not to replace 
them. Every effort has been made to avoid mischaracterizations and to present 
fairly the views provided. Any failure to do so is unintentional. The comments 
may be viewed in their entirety at 
http://forum.icann.org/lists/irtp-b-initial-report/.

Summary and analysis of public comments for the Inter-Registrar Transfer Policy 
Part B Policy Development Process Initial Report

Comment period ended: 8 August 2010

Summary published: 12 August 2010

Prepared by: Marika Konings, Policy Director

I.              BACKGROUND

The Inter-Registrar Transfer Policy 
<http://www.icann.org/en/transfers/policy-en.htm> (IRTP) aims to provide a 
straightforward procedure for domain name holders to transfer their names from 
one ICANN-accredited registrar to another. The policy is an existing GNSO 
consensus policy (for more information about consensus policies, please see 
http://www.icann.org/en/general/consensus-policies.htm) that was implemented in 
late 2004 and is now being reviewed by the GNSO Council. In order to facilitate 
this review, the Council has sub-divided the issues and initiated a Policy 
Development Process (PDP) on those issues grouped together in part B on 24 June 
2009. An IRTP Part B Working Group was chartered to review and provide 
recommendations on the following issues:

a)    Whether a process for urgent return/resolution of a domain name should be 
developed, as discussed within the Security and Stability Advisory Committee 
(SSAC) hijacking report 
(http://www.icann.org/announcements/hijacking-report-12jul05.pdf [PDF, 400K]); 
see also (http://www.icann.org/correspondence/cole-to-tonkin-14mar05.htm);
b)    Whether additional provisions on undoing inappropriate transfers are 
needed, especially with regard to disputes between a Registrant and Admin 
Contact (AC). The policy is clear that the Registrant can overrule the AC, but 
how this is implemented is currently at the discretion of the registrar;
c)    Whether special provisions are needed for a change of registrant when it 
occurs near the time of a change of registrar. The policy does not currently 
deal with change of registrant, which often figures in hijacking cases;
d)    Whether standards or best practices should be implemented regarding use 
of a Registrar Lock status (e.g. when it may/may not, should/should not be 
applied);
e)    Whether, and if so, how best to clarify denial reason #7: A domain name 
was already in 'lock status' provided that the Registrar provides a readily 
accessible and reasonable means for the Registered Name Holder to remove the 
lock status.

The IRTP Part B PDP Working Group published its Initial Report on 29 May 2010 
and a public comment forum was opened as prescribed by the ICANN by-laws.

II.             GENERAL COMMENTS and CONTRIBUTIONS

Seventeen (17) community submissions from thirteen (13) different parties have 
been made to the public comment forum. The contributors are listed below in 
alphabetical order (with relevant initials noted in parentheses):

Andrew Allemann (AA)
Steve Crocker (SC)
Internet Commerce Association by Phil Corwin (ICA)
George Kirikos (GK) – five submissions
Donna Mahony (DM)
Brian Null (BN)
Oversee.net by Mason Cole (ON)
Eric Shannon (ES)
Peter Stevenson (PS)
Registrar Stakeholder Group by Clarke Walton (RrSG)
Registries Stakeholder Group by David Maher (RySG)
Jeffrey Williams (JW)
Roy White (RW)

III.           SUMMARY & ANALYSIS

Three submissions (BN, DM, GK) requested an extension of the deadline for 
submission of public comments, which was subsequently extended by the IRTP Part 
B PDP WG for two weeks. Despite four other submission, one submission of GK 
notes that he ‘will passively resist by not participating in a process that 
only leads to predetermined outcomes’, noting that he ‘may or may not support 
aspects of the current topic or proposal’.

The other submissions provided input on the content of the Initial Report with 
a particular focus on the proposed Expedited Transfer Reversal Policy. A 
summary of these comments has been provided below.

General Comments

JW points out the importance of a registrant request and/or approval before a 
domain name registration is transferred.

RW notes that he does not support the changes proposed in the report. Without 
going into further detail, he considers that ‘these changes are inherently 
dangerous to anyone who might at one time or another actually sell a domain 
name/website’.

The RrSG notes that the WG seems to have spend a substantial amount of time on 
developing the ETRP and recommends that the WG going forward ‘focus more time 
on consideration of the other IRTP B issues’.

Charter Question A / Expedited Transfer Reversal Policy

PS acknowledges that domain name hijacking is problem that should be addressed 
but considers the proposed ETRP ‘only a bandaid’. He notes that his main 
concern is that the current proposal ‘does not require any due process’ as it 
does not require the original registrant to demonstrate that the transfer was 
not authorized. Furthermore, he observes that the current proposal does not 
include any information on how to dispute an ETRP and suggests that ‘a signed 
Domain Name Sale agreement, or evidence of payment of a purchase price into the 
original registrant’s bank account’ should provide sufficient evidence to 
dispute an ETRP. He also recommends that items such as indemnification and how 
to address potential abuse of the procedure are further fleshed out.

AA encourages the WG to undertake further research to ‘scope out the size of 
the problem’ and request disclosure from registrars on the number of domain 
names that are hijacked each month. If such disclosure finds that hijacking is 
‘a large enough problem’, he recommends that the WG consider the following 
issues in relation to the ETRP and IRTP in general:

-       Potential impact on the secondary domain name market;
-       Security efforts should focus on problem and not become overly broad 
e.g. lock after change of email address;
-       Consider limiting the number of transfers that can take place in a 
certain period as domains are sometimes transferred from one reputable to 
another reputable registrar before it is then transferred to a less reputable 
registrar;
-       30 days should be maximum time during which an ETRP can be initiated;
-       There should be sufficient time for the new registrant to respond to an 
ETRP claim.

Several submissions, including those from GK, ICA, ON and RySG, take issue with 
the proposed 6-month time frame to submit a claim under the ERTP noting that it 
would ‘create uncertainty in the secondary market’ as a transfer can be 
contested up to six months following an initial transfer which often happens 
after transfer of ownership of a domain name registration (GK), ‘a period of 
uncertainty that is far too long’ (ICA), ‘such a window of opportunity (…) 
would introduce instability in the transfer process, and in Internet usability 
in general’ (ON), and, ‘a more appropriate time period would be 7 days’ (RySG).

GK notes that in the current proposal there are no safeguards that would 
prevent ‘seller remorse’. He proposes that if the ETRP would go ahead, there 
should be a ‘secure and predictable procedure for the irrevocable transfer of a 
domain name to a legitimate buyer’. Under such an Irrevocable Transfer 
Procedure (ITP), ‘the transfer can’t be reversed by the ETRP, because the ETRP 
would not apply to transfers done using the ITP’. Under the ITP, additional 
authentication could be carried out by the registrar for a premium to determine 
that it concerns a legitimate transfer request. In his view, the best approach 
to address domain name hijacking is to ‘raise the level of security at all 
registrars, e.g. two-factor authentication, executive lock, verified WHOIS, 
having a WHOIS history archived as the registry level’. He also calls for 
further data on the incidence of domain name hijacking. In his submissions, GK 
provides several examples of the potential undesired effects the ETRP in its 
current form could have on the secondary market. Furthermore, he highlights the 
importance of registrant education and implementation of recommendations that 
were made by the Security and Stability Advisory Committee in relation to 
preventing hijacking several years ago. In addition, GK provided a copy of all 
the emails he contributed to the IRTP Part B WG during his membership, which 
can also be reviewed here: http://forum.icann.org/lists/gnso-irtp-b-jun09/.

ES also argues that the WG should focus on tightening up ‘security procedures 
to prevent thefts from happening in the first place’, instead of pursuing the 
ETRP which would create ‘an imbalance of power between buyer and seller’.

The Chair of the Security and Stability Advisory Committee (SC) congratulates 
the WG ‘on its progress towards defining a process and specifying standard 
requirements for the urgent return/resolution of a domain name registration’ 
and notes that the proposed policy ‘is consistent with the principles outlined 
in section 4.2. of SSAC Report SAC007, Domain Name Hijacking Report’.

The RrSG opposes the ETRP noting that it is ‘overly complex, lacks focus and is 
probably unworkable in its current form’, at the same time pointing out that 
‘the existing Transfer Dispute Resolution Policy (“TDRP”) is a lengthy process 
that often does not serve the best interests of registrants’.

ICA objects to the proposed ETRP noting that ‘it could be extremely disruptive 
to the secondary domain marketplace to the detriment of both sellers and 
purchasers’, pointing out the potential for abuse and lack of due process and 
an appeal mechanism. ICA notes that ‘absent a far shorter window for a 
reversal’s initiation, effective sanctions of abusive ETRP users, and clearly 
delineated due process rights for purchasers, this proposal should not move 
forward’.

The RySG considers resolution of these types of disputes at the registrar level 
the most effective, but notes that ‘to the extend there is community support 
for the proposed ETRP (…), the RySG is agreeable to supporting the 
implementation of this policy’.

Charter Question B

ICA does not support ‘changing current practice and adopting a rule that only a 
registrant, and not its administrative contact, can initiate a domain name 
transfer that does not modify contact information’.

The RySG notes that requiring ‘thick’ WHOIS could have as a potential side 
effect that registrant contact information is ‘more readily available for 
individuals with nefarious intent to obtain access to the information as well’. 
The RySG is of the view that if a confirmation of the transfer by using the FOA 
would be ‘implemented consistently among losing registrars, [it] could help 
reduce the number of instances when a transfer dispute arises because a 
transfer has been requested by the administrative contact without the knowledge 
or consent of the registrant’. The RySG furthermore recommends that ‘registrars 
implement a consistent policy regarding the proof required to undo a domain 
name transfer’.

Charter Question C

In relation to the 60-day lock applied by some registrars following a change of 
registrant, GK raises the question ‘whether some registrars use a creative 
interpretation of ‘opt-in’ to a process which registrants can’t opt-out of’. In 
this regard, GK also questions the interpretation of the term ‘voluntarily’ by 
ICANN as it is being used in the transfer policy in denial reason #6 (‘Express 
written objection to the transfer from the Transfer Contact. (e.g. – email, 
fax, paper document or other processes by which the Transfer Contact has 
expressly and voluntarily objected through opt-in means)’. He notes that it is 
also important to ‘be careful about how one defines a registrant, because the 
“label” one attached to a certain registrant might change, but it’s not 
considered a change of registrant’.

The RrSG recommends that in relation to charter question b as well as c, a 
first step should be for the WG to develop a definition of the term “change of 
registrant” as ‘it is an important precursor to settling disputes between 
Registrant and Admin Contact, as well as understanding what might need to 
happen when contact information is changed just before a transfer request’. The 
RrSG also recommends the WG to further explore ‘the existing processes in place 
for trying to prevent hijacking attempts’ as these could be serve as best 
practices to be recommended for adoption by registrars.

ICA and the RySG support the WG recommendation in relation to this issue.

Charter Question D

GK is of the opinion that ‘the “ad hoc” locks that are violating of existing 
transfers policy need to be eliminated’. In his view ‘registrars should be 
proactive about security, rather than misusing the locks’. In his view, there 
would be no need for a 60-day lock after a registrant change if there would be 
‘properly authenticated registrant changes’.

ICA has the view that any changes in relation to locking of a domain name 
subject to UDRP proceedings should be considered as part of a policy 
development process on review of the UDRP.

The RySG is of the view that the use of Registrar Lock Status ‘should be left 
up to the individual registrars’.

Charter Question E

In relation to charter question d and e, the RrSG ‘supports the right of 
registrars to employ locks as a security measure as long as the process for 
their removal remains consistent with ICANN policy’.

ICA is of the opinion that a clarification could be helpful but wishes ‘to 
review comments received from registrars on the question of whether 
administrative considerations, including determination that the RNH request is 
bona fide and not fraudulent, allow for compliance within a five day period’.

The RySG is supportive of a modification, but proposes a modification to 
‘reflect current terminology’.

IV.           NEXT STEPS

The Inter-Registrar Transfer Policy Part B Working Group is expected to 
consider all the relevant comments as part of their deliberations and efforts 
to finalize the report for submission to the GNSO Council.