Comments of the Internet Commerce Association
BUTERA & ANDREWS Attorneys at Law 1301 Pennsylvania Avenue, N.W. Washington, D.C. 20004-1701 202-347-6875 Philip S. Corwin, Partner pcorwin@xxxxxxxxxxxxxxxxxx<mailto:pcorwin@xxxxxxxxxxxxxxxxxx> By E-Mail August 4, 2008 Board of Directors Internet Corporation for Assigned Names and Numbers (ICANN) 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292-6601 Re: Comment on Draft Proposed Changes to Registrar Accreditation Agreement Dear Members of the ICANN Board: These comments are submitted by the Internet Commerce Association (ICA) in regard to the Board's June 8th announcement describing 15 draft amendments to the Registrar Accreditation Agreement (RAA). Strengthening of the RAA is a matter of extreme importance to ICA's membership, composed of individuals and companies that both hold and manage domain name portfolios, and many of which operate affiliated registrars on their own behalf as well as for the benefit of third parties. ICA is a not-for-profit trade association representing the direct search industry. Its membership is composed of individuals and companies that invest in domain names (DNs) and develop and monetize the associated websites, as well as the companies that serve them. Professional domain name registrants are a major source of the fees that support registrars, registries, and ICANN itself. ICA is an active international member of ICANN's Commercial and Business Users Constituency (CBUC). Overview The membership of the ICA and other domain name investors collectively hold portfolios that we estimate to have a present market value of at least $10 billion. Domain name investors must rely on ICANN-accredited registrars to acquire these intangible assets through initial registration and subsequent renewal, as well as to facilitate transfers to another registrar or an acquiring third party, and to securely and accurately record and maintain all data associated with a domain name so that a registrant can prove its ownership. Secure registrar operations are also required to prevent unauthorized transfers or other thefts of valuable domain names. The scandalous and well-publicized 2007collapse of RegisterFly revealed serious inadequacies in the existing RAA and its enforcement by ICANN. Many registrants lost valuable domain names due to RegisterFly's failure to undertake timely renewals for which it had been paid, as well as abuses perpetrated by RegisterFly's management - particularly in regard to domain names that had utilized its free proxy service to maintain ownership confidentiality. That debacle also revealed serious shortcomings in ICANN's mechanism for timely and effective responses to registrant complaints regarding registrar abuses, and in its enforcement of the RAA; including ICANN's admission that it had never systematically enforced the current RAA's data escrow requirements for registrant identifying information. The ICA commends ICANN for admitting these shortcomings and for its subsequent actions to improve communications with and information available to registrants, and to enhance their protections. ICANN has already taken an important step by requiring all accredited registrars to escrow customer data with Iron Mountain or another third party data security and retention service meeting similar strict standards. The publication of these proposed RAA amendments is another important step toward enhanced registrant protection. However, regardless of the final language of the RAA amendments adopted by ICANN, their ability to protect registrants depends first and foremost upon vigorous oversight and enforcement by ICANN. Therefore, we urge ICANN to adopt and uniformly implement final RAA amendments at the earliest possible date, and we expect to see clear evidence of vigilant enforcement going forward. Our comments upon the proposed amendments follow. Enforcement Tools As noted above, regardless of their individual merits the most critical aspect of these proposed RAA amendments is effective enforcement by ICANN. Our evaluation of these provisions is based upon their ability to enhance ICANN's ability to take effective steps to ensure registrar compliance. * We support the new provision allowing ICANN to conduct registrar site visits and audits. However, while we agree that periodic audits are a crucial part of ICANN's oversight and enforcement responsibilities, as an entity that has been through ICANN review as part of our ordinary course existing business responsibilities, we would suggest that thirty (30) days advance notice is more appropriate to allow the registrar sufficient time to gather the requisite information and make the audit more productive for representatives of ICANN. We do recognize that in certain exceptional circumstances ICANN should have the flexibility to audit a registrar on a shorter timeframe, but it should be reserved for clearly exceptional circumstances. * We support providing ICANN with escalated compliance enforcement tools, such as monetary fines and suspension of registry access, for registrars in violation of the RAA. The current RAA provides only a "death penalty" option - termination of accreditation - and the extreme nature of this sanction tends to discourage its use other than in the most egregious cases. Effective enforcement of the RAA will best be enhanced by providing ICANN with a wide array of sanction mechanisms that can be applied in escalating fashion to curb registrar violations before they get out of hand. In particular, we applaud the proposed provision that will allow ICANN to recover its direct costs, including attorney fees, staff time, and other related expenses associated with ICANN's legitimate efforts to enforce registrar compliance and to respond to or mitigate the effect of breaches. However, as treble damages is the usual standard for punitive penalties we would suggest that it, rather than a levy of five times enforcement costs, should be levied for repeated and willful breaches. * We support aligning registrar fees with ICANN budgets, including the assessment of interest on late fee payments. However, we would note the critical importance of prudent financial management by ICANN, as even in a competitive environment the fees assessed upon registrars are likely to be passed along to registrants. Notwithstanding our awareness of such pass-through costs, we note and are concerned by the fact that registrar fees will decline under this proposed revision; the current RAA imposes a base annual fee of $4,000 plus $500 for each additional TLD for which the registrar is accredited, while the proposed RAA caps a registrar's annual fee at a flat $4,000. While we would not object to some reasonable ceiling on the annual fees that can be assessed against a given registrar, especially in light of the multitude of new TLDs likely to be approved by ICANN in 2009 and thereafter, we have already observed that the revised RAA will only be as effective as its enforcement, and we fail to see how a reduction in annual revenues from registrars will provide ICANN with the resources necessary to conduct vigorous oversight and enforcement. * We support imposing liability upon registrars for any self-created registrations for the purpose of providing registrar services. As a general matter, registrars undertaking such registrations should be held to the same standards as other registrants. * We support elimination of the existing automatic 30-day stay of accreditation termination that can be invoked by registrars who challenge such sanction through the filing of an arbitration or litigation action. The RegisterFly crisis illustrated that such as automatic stay can permit a "bad actor" to perpetrate abuses for another month at the considerable expense of registrants. While granting a stay may be appropriate in certain situations it should not be automatic; and where such a stay is granted, subject to reasonable and uniform standards, ICANN should have the interim ability to take appropriate steps to protect registrants. Therefore, we strongly support the proposed RAA revision that permits ICANN to impose an immediate 5-day suspension of the RAA in order to provide time to seek more extended specific performance or injunctive relief in those instances where the registrar acts in a manner that endangers the stability and operation integrity of the Internet that the registrar has failed to immediately cure upon receipt of notice, and we strongly urge that this power to impose an immediate suspension also be provided for instances where the registrant has engaged in conduct of material harm to registrants and the public interest. Likewise, we strongly support the new provision allowing for immediate termination upon a registrar's bankruptcy or insolvency. Finally, we strongly support the new provision that grants the arbitration panel all necessary authority to appoint a qualified third party to manage a registrar's operations where it has granted a stay of suspension or termination -- but we do not believe that this authority should be conditioned upon a request by the offending registrar that has seriously breached the RAA. That is, the arbitration panel should have independent authority to appoint such third party where it deems such action as necessary and appropriate in the context of a stay of action to essentially shut down an offending registrar's operations. Registrant Protections As the ICA is, first and foremost, an advocate for domain name registrants, these proposed amendments are of paramount importance. We have evaluated them based upon their ability to substantially enhance existing registrant protections under the RAA. * We strongly support new language requiring registrars to escrow the underlying customer information of registrants who have opted for private or proxy registrations - and we strongly oppose permitting registrars to avoid this requirement by simply providing prominent notice that they do not escrow such critical information. Again, as the RegisterFly situation demonstrated, mandatory and strongly enforced data escrow requirements are the only means of assuring that a registrant can prove ownership of domain names. Allowing a registrar to opt out of this requirement by mere notice will create a classic situation of "the exception swallowing the rule". Many domain registrants are not sophisticated and will fail to understand that an opt-out notice exposes them to loss of their valuable names in the case of a registrar's technical or business failure, much less its active malfeasance. Likewise, cybersquatters who deliberately register infringing domains, as well as criminals intending to utilize their domains for nefarious purposes, will attempt to obscure their trail by seeking out registrars who do not escrow customer data where proxy services are utilized. * We have serious reservations at this time about requiring registrars to include on their website a link to a presently nonexistent "Registrant Rights and Responsibilities" document. While we have no objection to the basic concept of providing guidance to registrants on such matters, we cannot support its implementation in advance of the creation of a proposed draft document by ICANN "in consultation with the ICANN community". In this regard, the recently issued ICANN information document on Domain Name Monetization raised serious concerns among ICA members because it was created without advance notice to or consultation with professional registrants and other expert parties, because it tended to create misleading impressions about certain monetization techniques, and because it implied that ICANN has powers to police business practices that go far beyond its proper and limited role as technical manager of the domain name system (DNS). While we understand that the Monetization paper is currently being revised, and have been assured that ICA will have an opportunity to review and comment upon it prior to its republication, its issuance was nonetheless a cautionary event. Therefore, we do not believe that the RAA should put the cart before the horse, and urge that this matter be left for future amendment of the RAA after an acceptable Registrant Rights and Responsibilities document has achieved final form. Finally, while the language quoted above and taken from the June 18th notice implies that the proposed Rights and Responsibilities document will be created in consultation with the broad DNS community, the actual language of proposed clause 3.15 states that "the content of such webpage is developed in consultation with registrars" (emphasis added). In short, the wording of the notice is completely misleading and the proposed RAA text does not envision or permit any consultation with "the ICANN community", including professional domain name investors and developers. This is absolutely unacceptable, and the ICA strongly objects to the promulgation of any such document that has not received extensive review by and input from the types of individuals and companies that comprise our membership. * We support new language requiring resellers to comply with ICANN policies and to escrow registrant data where private or proxy registration has been chosen. As above, we strongly oppose allowing the reseller to skirt the data escrow requirement by merely giving prominent notice of its intent to do so. We would also support providing ICANN with additional ability to compel registrars to cure breaches by their resellers and to terminate their contractual relationship in the event of continued or serial noncompliance. Additionally, we have serous reservations about the proposed exception to the clause that requires reseller registration agreements to identify their sponsoring registrar or, in the alternative, to provide a means (such as a hyperlink to the WHOIS lookup service) - we believe that the registrant public has a right to obtain clear and conspicuous notice of a reseller's sponsoring registrar without having to take additional steps to obtain such information and do not see how imposing such a disclosure requirement places an unreasonable burden on resellers. We also strongly object to the second condition in the proposed provision that requires a reseller utilizing privacy or proxy service data escrow to release such data to its sponsoring registrar when the reseller breaches its agreement and such breach is harmful to consumers and the public interest -- we believe that such a breach should be presumed to cause such harm and should trigger an immediate requirement to share the escrowed data with its sponsor. Finally, we have serious concerns about the proposed language that will provide a registrar with the right to terminate its reseller agreement where it "becomes aware" that a reseller is in breach of its obligation under the RAA - we believe that a sponsoring registrar has an affirmative duty to actively monitor the activities of an associated reseller and that a "becomes aware" standard is therefore entirely too lax. We further believe that such registrar should be obligated to immediately terminate its sponsorship agreement, and to take affirmative steps to safeguards the rights and interests of the reseller's customers, pursuant to a clearly defined standard related to material breaches that have caused or have the potential to cause immediate harm to affected registrants and the public interest. Promoting a Stable and Competitive Registrar Marketplace The registrar marketplace has been generally stable and characterized by a high degree of competition in pricing and services to the benefit of registrants. We have evaluated these proposals based upon their ability to further enhance this beneficial environment. * We support requiring registrars to notify ICANN upon a change in ownership and to re-certify their compliance with the RAA, including timely disclosure of their directors and officers. This will provide ICANN with basic information regarding the control of an accredited registrar and will legally bind the new owner to a renewed commitment to abiding by the RAA. * We question the need for a new provision regarding mandatory training of registrar representatives to ensure understanding of ICANN policies and RAA requirements. It seems to us that assuring such understanding should be an integral part of ICANN's accreditation process and ongoing oversight and enforcement regime, and that what is important is the assurance that ICANN policies and the RAA are being followed rather than mandating a particular training path to ensure such a result. * While we generally support the new RAA requirement that registries only utilize ICANN-accredited registrars as the permissible middleman for the sale and renewal of domain names, we question what this registry requirement is doing in a contract imposed upon registrars. Further, while we agree that only ICANN-accredited registrars should be permitted to provide these services to the general public, we can envision a number of scenarios in which some newly created Top Level Domains (TLD), proposed pursuant to ICANN's recent decision to open the floodgates to applications in 2009, might well only be available to a narrow class of registrants associated with a certain corporation, industry, political party, or other clearly defined and limited entity. Given the broad range of diverse business models that may flow from the introduction of new TLDs we believe that ICANN should continue to protect general registrants by requiring the use of accredited registrars - and resellers held to the same standards - while preserving the flexibility to accommodate new TLD business models where appropriate. Agreement Modernization It is important that the RAA and its enforcement be rapidly updated in appropriate circumstances, and we have evaluated these proposals in that context. * We support the streamlining of ICANN's obligation to provide notice to registrars of applicable new Consensus Policies. Further, we believe that ICANN should set a firm date for registrar compliance with new policies rather than adhering to an indeterminate "reasonable period of time" standard that may delay implementation of important protections. * We believe that it is premature for ICANN to delete references in the RAA to requirements for Department of Commerce (DOC) approval. This technical amendment can be readily implemented at such time when the Joint Project Agreement is terminated and DOC oversight over ICANN ends. * We support clarification of uniform registrar data retention requirements through a new provision requiring the preservation of domain registration records for three years following deletion or transfer. However, given the Board's recent decision to permit national law exceptions for WHOIS compliance by registrars, as well as the likely strong interplay between national privacy laws and RAA data retention requirements, we would appreciate clarification of ICANN's view on that interrelationship. In particular, in regard to both WHOIS and data retention requirements, we believe that there must be some limitation on the degree to which a national law can preempt the RAA -- lest there be "a race to the bottom" between certain national jurisdictions and resultant competitive inequities between registrars, as well as the exploitation of offshore "privacy havens" by cybersquatters and online criminals. Conclusion The ICA appreciates this opportunity to comment upon the proposed RAA revisions and amendments. We look forward to their near-term adoption in final form, to be followed by vigorous oversight and enforcement conducted by ICANN. Sincerely, Philip S. Corwin Counsel, Internet Commerce Association Philip S. Corwin Partner Butera & Andrews 1301 Pennsylvania Ave., NW Suite 500 Washington, DC 20004 202-347-6875 (office) 202-347-6876 (fax) 202-255-6172 (cell) "Luck is the residue of design." -- Branch Rickey Attachment:
ICA-RAA_Amdts_cmnt_ltr-080408 FINAL.doc |