ICANN ICANN Email List Archives

[raa-consultation]


<<< Chronological Index >>>    <<< Thread Index >>>

Comments of the Internet Commerce Association

  • To: "raa-consultation@xxxxxxxxx" <raa-consultation@xxxxxxxxx>
  • Subject: Comments of the Internet Commerce Association
  • From: Phil Corwin <pcorwin@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 4 Aug 2008 19:17:57 -0400

BUTERA & ANDREWS
Attorneys at Law
1301 Pennsylvania Avenue, N.W.
Washington, D.C. 20004-1701
202-347-6875
Philip S. Corwin, Partner
pcorwin@xxxxxxxxxxxxxxxxxx<mailto:pcorwin@xxxxxxxxxxxxxxxxxx>


By E-Mail

August 4, 2008

Board of Directors
Internet Corporation for Assigned Names and Numbers (ICANN)
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292-6601

Re: Comment on Draft Proposed Changes to Registrar Accreditation Agreement

Dear Members of the ICANN Board:

These comments are submitted by the Internet Commerce Association (ICA) in 
regard to the Board's June 8th announcement describing 15 draft amendments to 
the Registrar Accreditation Agreement (RAA). Strengthening of the RAA is a 
matter of extreme importance to ICA's membership, composed of individuals and 
companies that both hold and manage domain name portfolios, and many of which 
operate affiliated registrars on their own behalf as well as for the benefit of 
third parties.

ICA is a not-for-profit trade association representing the direct search 
industry. Its membership is composed of individuals and companies that invest 
in domain names (DNs) and develop and monetize the associated websites, as well 
as the companies that serve them. Professional domain name registrants are a 
major source of the fees that support registrars, registries, and ICANN itself. 
ICA is an active international member of ICANN's Commercial and Business Users 
Constituency (CBUC).

Overview

The membership of the ICA and other domain name investors collectively hold 
portfolios that we estimate to have a present market value of at least $10 
billion. Domain name investors must rely on ICANN-accredited registrars to 
acquire these intangible assets through initial registration and subsequent 
renewal, as well as to facilitate transfers to another registrar or an 
acquiring third party, and to securely and accurately record and maintain all 
data associated with a domain name so that a registrant can prove its 
ownership. Secure registrar operations are also required to prevent 
unauthorized transfers or other thefts of valuable domain names.

The scandalous and well-publicized 2007collapse of RegisterFly revealed serious 
inadequacies in the existing RAA and its enforcement by ICANN. Many registrants 
lost valuable domain names due to RegisterFly's failure to undertake timely 
renewals for which it had been paid, as well as abuses perpetrated by 
RegisterFly's management - particularly in regard to domain names that had 
utilized its free proxy service to maintain ownership confidentiality. That 
debacle also revealed serious shortcomings in ICANN's mechanism for timely and 
effective responses to registrant complaints regarding registrar abuses, and in 
its enforcement of the RAA; including ICANN's admission that it had never 
systematically enforced the current RAA's data escrow requirements for 
registrant identifying information.

The ICA commends ICANN for admitting these shortcomings and for its subsequent 
actions to improve communications with and information available to 
registrants, and to enhance their protections. ICANN has already taken an 
important step by requiring all accredited registrars to escrow customer data 
with Iron Mountain or another third party data security and retention service 
meeting similar strict standards. The publication of these proposed RAA 
amendments is another important step toward enhanced registrant protection.

However, regardless of the final language of the RAA amendments adopted by 
ICANN, their ability to protect registrants depends first and foremost upon 
vigorous oversight and enforcement by ICANN. Therefore, we urge ICANN to adopt 
and uniformly implement final RAA amendments at the earliest possible date, and 
we expect to see clear evidence of vigilant enforcement going forward.

Our comments upon the proposed amendments follow.

Enforcement Tools

As noted above, regardless of their individual merits the most critical aspect 
of these proposed RAA amendments is effective enforcement by ICANN. Our 
evaluation of these provisions is based upon their ability to enhance ICANN's 
ability to take effective steps to ensure registrar compliance.

 *   We support the new provision allowing ICANN to conduct registrar site 
visits and audits. However, while we agree that periodic audits are a crucial 
part of ICANN's oversight and enforcement responsibilities, as an entity that 
has been through ICANN review as part of our ordinary course existing business 
responsibilities, we would suggest that thirty (30) days advance notice is more 
appropriate to allow the registrar sufficient time to gather the requisite 
information and make the audit more productive for representatives of ICANN.  
We do recognize that in certain exceptional circumstances ICANN should have the 
flexibility to audit a registrar on a shorter timeframe, but it should be 
reserved for clearly exceptional circumstances.
 *   We support providing ICANN with escalated compliance enforcement tools, 
such as monetary fines and suspension of registry access, for registrars in 
violation of the RAA. The current RAA provides only a "death penalty" option - 
termination of accreditation - and the extreme nature of this sanction tends to 
discourage its use other than in the most egregious cases. Effective 
enforcement of the RAA will best be enhanced by providing ICANN with a wide 
array of sanction mechanisms that can be applied in escalating fashion to curb 
registrar violations before they get out of hand. In particular, we applaud the 
proposed provision that will allow ICANN to recover its direct costs, including 
attorney fees, staff time, and other related expenses associated with ICANN's 
legitimate efforts to enforce registrar compliance and to respond to or 
mitigate the effect of breaches.  However, as treble damages is the usual 
standard for punitive penalties we would suggest that it, rather than a levy of 
five times enforcement costs, should be levied for repeated and willful 
breaches.
 *   We support aligning registrar fees with ICANN budgets, including the 
assessment of interest on late fee payments. However, we would note the 
critical importance of prudent financial management by ICANN, as even in a 
competitive environment the fees assessed upon registrars are likely to be 
passed along to registrants. Notwithstanding our awareness of such pass-through 
costs, we note and are concerned by the fact that registrar fees will decline 
under this proposed revision; the current RAA imposes a base annual fee of 
$4,000 plus $500 for each additional TLD for which the registrar is accredited, 
while the proposed RAA caps a registrar's annual fee at a flat $4,000. While we 
would not object to some reasonable ceiling on the annual fees that can be 
assessed against a given registrar, especially in light of the multitude of new 
TLDs likely to be approved by ICANN in 2009 and thereafter, we have already 
observed that the revised RAA will only be as effective as its enforcement, and 
we fail to see how a reduction in annual revenues from registrars will provide 
ICANN with the resources necessary to conduct vigorous oversight and 
enforcement.
 *   We support imposing liability upon registrars for any self-created 
registrations for the purpose of providing registrar services. As a general 
matter, registrars undertaking such registrations should be held to the same 
standards as other registrants.
 *   We support elimination of the existing automatic 30-day stay of 
accreditation termination that can be invoked by registrars who challenge such 
sanction through the filing of an arbitration or litigation action. The 
RegisterFly crisis illustrated that such as automatic stay can permit a "bad 
actor" to perpetrate abuses for another month at the considerable expense of 
registrants. While granting a stay may be appropriate in certain situations it 
should not be automatic; and where such a stay is granted, subject to 
reasonable and uniform standards, ICANN should have the interim ability to take 
appropriate steps to protect registrants. Therefore, we strongly support the 
proposed RAA revision that permits ICANN to impose an immediate 5-day 
suspension of the RAA in order to provide time to seek more extended specific 
performance or injunctive relief in those instances where the registrar acts in 
a manner that endangers the stability and operation integrity of the Internet 
that the registrar has failed to immediately cure upon receipt of notice, and 
we strongly urge that this power to impose an immediate suspension also be 
provided for instances where the registrant has engaged in conduct of material 
harm to registrants and the public interest. Likewise, we strongly support the 
new provision allowing for immediate termination upon a registrar's bankruptcy 
or insolvency. Finally, we strongly support the new provision that grants the 
arbitration panel all necessary authority to appoint a qualified third party to 
manage a registrar's operations where it has granted a stay of suspension or 
termination -- but we do not believe that this authority should be conditioned 
upon a request by the offending registrar that has seriously breached the RAA. 
That is, the arbitration panel should have independent authority to appoint 
such third party where it deems such action as necessary and appropriate in the 
context of a stay of action to essentially shut down an offending registrar's 
operations.

Registrant Protections

As the ICA is, first and foremost, an advocate for domain name registrants, 
these proposed amendments are of paramount importance. We have evaluated them 
based upon their ability to substantially enhance existing registrant 
protections under the RAA.

 *   We strongly support new language requiring registrars to escrow the 
underlying customer information of registrants who have opted for private or 
proxy registrations - and we strongly oppose permitting registrars to avoid 
this requirement by simply providing prominent notice that they do not escrow 
such critical information. Again, as the RegisterFly situation demonstrated, 
mandatory and strongly enforced data escrow requirements are the only means of 
assuring that a registrant can prove ownership of domain names. Allowing a 
registrar to opt out of this requirement by mere notice will create a classic 
situation of "the exception swallowing the rule". Many domain registrants are 
not sophisticated and will fail to understand that an opt-out notice exposes 
them to loss of their valuable names in the case of a registrar's technical or 
business failure, much less its active malfeasance. Likewise, cybersquatters 
who deliberately register infringing domains, as well as criminals intending to 
utilize their domains for nefarious purposes, will attempt to obscure their 
trail by seeking out registrars who do not escrow customer data where proxy 
services are utilized.
 *   We have serious reservations at this time about requiring registrars to 
include on their website a link to a presently nonexistent "Registrant Rights 
and Responsibilities" document. While we have no objection to the basic concept 
of providing guidance to registrants on such matters, we cannot support its 
implementation in advance of the creation of a proposed draft document by ICANN 
"in consultation with the ICANN community". In this regard, the recently issued 
ICANN information document on Domain Name Monetization raised serious concerns 
among ICA members because it was created without advance notice to or 
consultation with professional registrants and other expert parties, because it 
tended to create misleading impressions about certain monetization techniques, 
and because it implied that ICANN has powers to police business practices that 
go far beyond its proper and limited role as technical manager of the domain 
name system (DNS). While we understand that the Monetization paper is currently 
being revised, and have been assured that ICA will have an opportunity to 
review and comment upon it prior to its republication, its issuance was 
nonetheless a cautionary event. Therefore, we do not believe that the RAA 
should put the cart before the horse, and urge that this matter be left for 
future amendment of the RAA after an acceptable Registrant Rights and 
Responsibilities document has achieved final form. Finally, while the language 
quoted above and taken from the June 18th notice implies that the proposed 
Rights and Responsibilities document will be created in consultation with the 
broad DNS community, the actual language of proposed clause 3.15 states that 
"the content of such webpage is developed in consultation with registrars" 
(emphasis added). In short, the wording of the notice is completely misleading 
and the proposed RAA text does not envision or permit any consultation with 
"the ICANN community", including professional domain name investors and 
developers. This is absolutely unacceptable, and the ICA strongly objects to 
the promulgation of any such document that has not received extensive review by 
and input from the types of individuals and companies that comprise our 
membership.
 *   We support new language requiring resellers to comply with ICANN policies 
and to escrow registrant data where private or proxy registration has been 
chosen. As above, we strongly oppose allowing the reseller to skirt the data 
escrow requirement by merely giving prominent notice of its intent to do so. We 
would also support providing ICANN with additional ability to compel registrars 
to cure breaches by their resellers and to terminate their contractual 
relationship in the event of continued or serial noncompliance. Additionally, 
we have serous reservations about the proposed exception to the clause that 
requires reseller registration agreements to identify their sponsoring 
registrar or, in the alternative, to provide a means (such as a hyperlink to 
the WHOIS lookup service) - we believe that the registrant public has a right 
to obtain clear and conspicuous notice of a reseller's sponsoring registrar 
without having to take additional steps to obtain such information and do not 
see how imposing such a disclosure requirement places an unreasonable burden on 
resellers. We also strongly object to the second condition in the proposed 
provision that requires a reseller utilizing privacy or proxy service data 
escrow to release such data to its sponsoring registrar when the reseller 
breaches its agreement and such breach is harmful to consumers and the public 
interest -- we believe that such a breach should be presumed to cause such harm 
and should trigger an immediate requirement to share the escrowed data with its 
sponsor. Finally, we have serious concerns about the proposed language that 
will provide a registrar with the right to terminate its reseller agreement 
where it "becomes aware" that a reseller is in breach of its obligation under 
the RAA - we believe that a sponsoring registrar has an affirmative duty to 
actively monitor the activities of an associated reseller and that a "becomes 
aware" standard is therefore entirely too lax. We further believe that such 
registrar should be obligated to immediately terminate its sponsorship 
agreement, and to take affirmative steps to safeguards the rights and interests 
of the reseller's customers, pursuant to a clearly defined standard related to 
material breaches that have caused or have the potential to cause immediate 
harm to affected registrants and the public interest.

Promoting a Stable and Competitive Registrar Marketplace

The registrar marketplace has been generally stable and characterized by a high 
degree of competition in pricing and services to the benefit of registrants. We 
have evaluated these proposals based upon their ability to further enhance this 
beneficial environment.

 *   We support requiring registrars to notify ICANN upon a change in ownership 
and to re-certify their compliance with the RAA, including timely disclosure of 
their directors and officers. This will provide ICANN with basic information 
regarding the control of an accredited registrar and will legally bind the new 
owner to a renewed commitment to abiding by the RAA.
 *   We question the need for a new provision regarding mandatory training of 
registrar representatives to ensure understanding of ICANN policies and RAA 
requirements. It seems to us that assuring such understanding should be an 
integral part of ICANN's accreditation process and ongoing oversight and 
enforcement regime, and that what is important is the assurance that ICANN 
policies and the RAA are being followed rather than mandating a particular 
training path to ensure such a result.
 *   While we generally support the new RAA requirement that registries only 
utilize ICANN-accredited registrars as the permissible middleman for the sale 
and renewal of domain names, we question what this registry requirement is 
doing in a contract imposed upon registrars. Further, while we agree that only 
ICANN-accredited registrars should be permitted to provide these services to 
the general public, we can envision a number of scenarios in which some newly 
created Top Level Domains (TLD), proposed pursuant to ICANN's recent decision 
to open the floodgates to applications in 2009, might well only be available to 
a narrow class of registrants associated with a certain corporation, industry, 
political party, or other clearly defined and limited entity. Given the broad 
range of diverse business models that may flow from the introduction of new 
TLDs we believe that ICANN should continue to protect general registrants by 
requiring the use of accredited registrars - and resellers held to the same 
standards - while preserving the flexibility to accommodate new TLD business 
models where appropriate.

Agreement Modernization

It is important that the RAA and its enforcement be rapidly updated in 
appropriate circumstances, and we have evaluated these proposals in that 
context.
*        We support the streamlining of ICANN's obligation to provide notice to 
registrars of applicable new Consensus Policies. Further, we believe that ICANN 
should set a firm date for registrar compliance with new policies rather than 
adhering to an indeterminate "reasonable period of time" standard that may 
delay implementation of important protections.
*        We believe that it is premature for ICANN to delete references in the 
RAA to requirements for Department of Commerce (DOC) approval. This technical 
amendment can be readily implemented at such time when the Joint Project 
Agreement is terminated and DOC oversight over ICANN ends.
*        We support clarification of uniform registrar data retention 
requirements through a new provision requiring the preservation of domain 
registration records for three years following deletion or transfer. However, 
given the Board's recent decision to permit national law exceptions for WHOIS 
compliance by registrars, as well as the likely strong interplay between 
national privacy laws and RAA data retention requirements, we would appreciate 
clarification of ICANN's view on that interrelationship. In particular, in 
regard to both WHOIS and data retention requirements, we believe that there 
must be some limitation on the degree to which a national law can preempt the 
RAA -- lest there be "a race to the bottom" between certain national 
jurisdictions and resultant competitive inequities between registrars, as well 
as the exploitation of offshore "privacy havens" by cybersquatters and online 
criminals.

Conclusion

The ICA appreciates this opportunity to comment upon the proposed RAA revisions 
and amendments. We look forward to their near-term adoption in final form, to 
be followed by vigorous oversight and enforcement conducted by ICANN.

Sincerely,
Philip S. Corwin
Counsel, Internet Commerce Association






Philip S. Corwin
Partner
Butera & Andrews
1301 Pennsylvania Ave., NW
Suite 500
Washington, DC 20004
202-347-6875 (office)

202-347-6876 (fax)

202-255-6172 (cell)

"Luck is the residue of design." -- Branch Rickey


Attachment: ICA-RAA_Amdts_cmnt_ltr-080408 FINAL.doc
Description: ICA-RAA_Amdts_cmnt_ltr-080408 FINAL.doc



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy