Re: [ALAC] [At-Large] Fwd: A million domains taken down by email checks
Just to correct a few misapprehensions: First, as Michele said, it is suspensions - not cancellations. Very different things. Next - this reads as it it is only the LEAs that want data. Having sat on Whois WGs since 2009, I can confirm that ALAC, and the business constituency, particularly the IP community have been very keen to have Whois data accuracy improved. In Australia, both our corporate regulator and our competition/consumer regulator use Whois as well and also press for accurate data. And yes, ALAC has been calling for Whois accuracy for ages - just check our statements. We certainly called for better registrant information. The Rights and Responsibilities document that came out of the 2013 RAA was, in the ALAC view, a start but could be greatly improved by using less jargon and more detail. And it is also a matter of education of registrants - that domain names are not allocated to them for life and that they do have responsibilities - which is why the Registrants Rights and Responsibilities document should be improved, and drawn to the attention of all registrants. As to resellers, Michele has also pointed to the 2013 provisions that mean registrars are far more responsible for their resellers - and ask him (and others) how they do that. And finally, I’d also like to know more about the 800,000 number. How many were canceled (as opposed to suspended), and why the suspensions/cancellations. And why is the blame being sheeted home to LEAs? I am slightly amused (bemused) that Fadi thinks ALAC and the registrars should better engage. Someone should tell him that members of ALAC have been engaged with the GNSO WGs on the issue for AGES - and will continue to do so. I agree with Alan - let’s first get a better handle on what actually happened before any statement is made. Holly On 4 Jul 2014, at 7:18 pm, Christopher Wilkinson <cw@christopherwilkinson.eu> wrote: > Dear Rinalia Abdul Rahim: > > On 04 Jul 2014, at 04:14, Alan Greenberg <alan.greenberg@mcgill.ca> wrote: > >> ... a bit of discussion would raise other questions as well. > Thankyou for drawing this to our attention. A quick review of some of the available links indeed leads me to ask more questions than to make substantive comments or recommendations at this stage: > 1. What was the At Large participation in the preparation of the 2013 RAA? What was the final ALAC position? > Were missions of designated At Large participants to each of the relevant ICANN/GNSO meetings funded by ICANN? Were they in a position to report back to the At Large community? > Why does the implementation of the 2013 RAA place a disproportionate burden on the individual registrants? The 15 day limit is clearly too short. The sanction of deleting the domain is optional, although it appears that the Registrars are deleting them all, anyway. Why? > > > There should be a much more articulated procedure, including a longer delay, requirements for reminders and acknowledgement of receipt, proactive visits to the relevant website, actual physical addresses could be checked, etc. People go on holiday. Some e-mail addresses are monitored only intermittently e.g. an NGO without permanent secretariat etc. Some 'proxies' may well be even more inefficient than are the individual registrants! > > > The balance of costs, prices and funding between Registrars, Registries and ICANN, in this area probably needs to be reviewed. (Since Registrars are evidently sufficiently profitable to be able to pay the exhorbitant ICANN fees for - sometimes multiple - new gTLDs, then they could reasonably be required at least to invest more in the appropriate care and maintenance of their existing portfolios.) > > > If and when there is an agreed policy that actually works, how exactly do the Registrars ensure that their 'Resellers' (who do not have contracts with ICANN) effectively respect the RAA? > What is the actual breakdown of the reported '800k.' deletions? > Private individual users; SMEs, NGOs, Speculators and Cybersquatters? > > > Personally, I would not mind if bulk registrations for speculative purposes with incorrect Whois data were to be deleted, en bloc. These are expropriated names which should be available, at the basic registration price, to individual registrants who wish to use them. > > What has been done about 'educating' the registrants in their new obligations under the 2013 RAA? (Although as a sample of one registrant, responsible for one gTLD domain, - not statistically significant ;-)) - nonetheless, I have seen nothing of that. My other domains are ccTLD. > ) > Actually, the vade-mecum on the ICANN website is rather cute: the idea of millions of Registrants buzzing off to ICANN, spontaneously, to read all about updating their Whois data ... well, you get the point. > > Is it possible to resolve the current issue without reference to the EWG report and its eventual implementation? > > In that context, in the light of recent history, the proposed centralised database would obviously have to be outside US jurisdiction. Also, as long as the 'Legal Contact' data is 'outside the gate' - to use EWG parlance – the problem of incorrect data will persist for privacy reasons and a fortiori for misuse. > > How does any of all of the above apply in non-English languages and in the IDNs? > More generally, these issues derive from a long history of cumulatively lax implementation of Whois accuracy by ICANN and gTLD Registries and Registrars. The backlog is considerable. > That situation has been aggravated by continued breach of privacy laws – at least in the EU – through the open publication of gTLD registration data. Thus the interests of Law Enforcement and the trademark industry are, in practice, at loggerheads. > Regards to you all > Christopher Wilkinson > > > On 04 Jul 2014, at 04:14, Alan Greenberg <alan.greenberg@mcgill.ca> wrote: > >> The registrars are asking for data from law enforcement, and rightfully so. >> >> However, before I would charge off and recommend that the ALAC takes a position, I would like to see some data from registrars. >> >> 800,000 is a large number. But it is also just 0.5% of all gTLD registrations. In the past when the ALAC has raised issues related to similar problems (such as loss of registrations after accidental expiration), one of the replies from registrars has been that the number is only a tiny fraction of the registrations that are not lost. In my mind, the issue was not the percentage but the absolute number of people suffering problems, and it still is in this case. >> >> When we were looking at expiration issues, and how to alert a registrant that a name had expired, the PDP WG came to the conclusion that the best way to wake up a registrant who is either ignoring e-mails, or has e-mails directed to an invalid or dead e-mail box, it to take down the domain. Not working does catch people's attention! Yes, it is a harsh way to do this, but very effective. The first reports that we are getting from Contractual Compliance is that with these new measures in place, complaints are way down, as much as 50% for some expiration-related complaints. >> >> So I would want to understand something about where this 800,000 number comes from, and how it is broken down. Examples of questions that come to mind and should be explored are: >> - how many of those 800,000 result in the registrant correcting the data and the domain goes live again >> - how many are not due to bad registrant contact information, but bad contact information for the a privacy/proxy service or web hosting company >> >> I'm sure a bit of discussion would raise other questions as well. >> >> So I am all for the ALAC making a statement, But the content of that statement should be based on a better understanding of what is going on here. >> >> Alan >> >> Postscript: One of the issues that came up during the expiration renewal PDP was that many registrations use the domain in question for the contact e-mail. For example, the domain example.com might had a contact e-mail address of webmaster@example.com. If the domain stops working for any reason, the contact address is by definition useless. Registrant need to be educated to NOT use the domain being registered for its own contact address. The PDP recommended that registrars warn registrants about this. Perhaps it is being done, but I have not seen it. >> >> At 03/07/2014 06:36 AM, Rinalia Abdul Rahim wrote: >> >>> Dear ALAC, >>> >>> In reference to Joly MacFie's mail to the At-Large (see forwarded), the >>> topic was also raised by Registrars during their meeting with the ICANN >>> Board in London. >>> >>> Fadi posed a question to the Registrars on whether they have engaged with >>> the At-Large on the matter. Fadi then raised the issue to the At-Large >>> during his ATLASII Fayre speech. >>> >>> It would be important that the At-Large articulates its position on the >>> issue (possibly via an ALAC statement) as it is being presented as a >>> problem for Internet users. >>> >>> Best regards, >>> >>> Rinalia >>> ---------- Forwarded message ---------- >>> From: "Joly MacFie" <<https://atlarge-lists.icann.org/mailman/listinfo/alac>joly at punkcast.com> >>> Date: Jun 26, 2014 1:00 AM >>> Subject: [At-Large] A million domains taken down by email checks >>> To: "At-Large Worldwide" <<https://atlarge-lists.icann.org/mailman/listinfo/alac>at-large at atlarge-lists.icann.org> >>> Cc: >>> >>> Fwd over from the NCSG list. I underdtand that this would have been >>>> discussed in today's EWG and privacy sessions. Any comments? >>>> >>>> >>>> <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks >>>> >>>> A million domains taken down by email checks >>>> < >>>> <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks>http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks >>>>> >>>> Kevin Murphy <<http://domainincite.com/about>http://domainincite.com/about>, June 24, 2014, 14:34:25 >>>> (UTC), Domain Registrars >>>> <<http://domainincite.com/category/domain-registrars>http://domainincite.com/category/domain-registrars> >>>> >>>> *Over 800,000 domain names have been suspended since the beginning of the >>>> year as a result of Whois email verification rules in the new ICANN >>>> Registrar Accreditation Agreement.* >>>> >>>> That’s according to the Registrars Stakeholder Group, which collected >>>> suspension data from registrars representing about 75% of all registered >>>> gTLD domain names. >>>> >>>> The actual number of suspended domains could be closer to a million. >>>> >>>> The 2013 RAA requires registrars to verify the email addresses listed in >>>> their customers’ Whois records. If they don’t receive the verification, >>>> they have to suspend the domain. >>>> >>>> The RrSG told the ICANN board in March that these checks were doing more >>>> harm than good >>>> < >>>> <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good >>>>> >>>> and today Tucows CEO Elliot Noss presented, as promised, data to back up >>>> the claim. >>>> >>>> “There have been over 800,000 domains suspended,” Noss said. “We have >>>> stories of healthcare sites that have gone down, community groups whose >>>> sites have gone down.” >>>> >>>> “I think we can safely say millions of internet users,” he said. “Those are >>>> real people just trying to use the internet. They are our great >>>> unrepresented core constituency.” >>>> >>>> The RrSG wants to see contrasting data from law enforcement agencies and >>>> governments which pushed hard for Whois verification showing that the >>>> RAA requirement has had a demonstrable benefit. >>>> >>>> Registrars asked at the Singapore meeting in March that law enforcement >>>> agencies (LEA) be put on notice that they can’t ask for more Whois controls >>>> until they’ve provided such data and ICANN CEO Fadi Chehade said >>>> < >>>> <http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good>http://domainincite.com/16375-are-whois-email-checks-doing-more-harm-than-good >>>>> >>>> “It shall be done by London.” >>>> >>>> Noss implied that the majority of the 800,000 suspended names belong to >>>> innocent registrants, such as those who had simply changed email addresses >>>> since registering their names. >>>> >>>> “What was a lovely political win that we said time and time again in >>>> discussion after discussion was impractical and would provide no benefit, >>>> has demonstrably has created harm,” Noss said. >>>> >>>> He was received with cautious support by ICANN board members. >>>> >>>> Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains >>>> are owned by bad guys, and he noted that LEA don’t appear to gather data in >>>> the way that the registrars are demanding. >>>> >>>> “We were subjected, all of us, to heavy-duty pressure from the law >>>> enforcement community over a long period of time. We finally said, ‘Okay, >>>> we hear you and we’ll help you get this stuff implemented,’”, he added. >>>> “That creates an obligation as far as I’m concerned on their part.” >>>> >>>> “We’re in a at least from a moral position in a strong position to say, >>>> ‘You must help us understand this. Otherwise, you’re not doing your part of >>>> the job’”, he said. >>>> >>>> Chehade also seemed to support the registrars’ position that LEA needs to >>>> justify its demands and offered to take their data and concerns to the LEA >>>> and the Governmental Advisory Committee. >>>> >>>> “They put restrictions on us that are causing harm, according to these >>>> numbers,” he said. “Let’s take this back at them and say, hey, you ask for >>>> all these things, this is what happened.” >>>> >>>> “If you can’t tell me what good this has done, be aware not to come back >>>> and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s >>>> use the great findings you seem to have a found and well-package them in a >>>> case and I will be your advocate.” >>>> >>>> Director Mike Silber also spoke in support of the RrSG’s position. >>>> >>>> “My view is if what you are saying is correct, the LEA’s have blown their >>>> credibility,” he said. “They’re going to have to do a lot of work before we >>>> impose similar disproportional requirements on actors that are not proven >>>> to be bad actors.” >>>> >>>> So what does this all mean for registrants? >>>> >>>> I don’t think there’s any ongoing process right now to get the Whois >>>> verification requirements overturned that would require a renegotiation >>>> of the RAA but it does seem to mean demands from governments and police >>>> are going to have to be much more substantiated in future. >>>> >>>> Noss attempted to link the problem to the recommendations of the Whois >>>> Expert Working Group (EWG), which propose a completely revamped, >>>> centralized Whois system with much more verification >>>> <<http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck>http://domainincite.com/16855-whois-killer-is-a-recipe-for-a-clusterfuck> >>>> and not much to benefit registrants. >>>> >>>> To paraphrase: if email verification causes so much harm, what harms could >>>> be caused by the EWG proposal? >>>> >>>> The EWG was not stuffed with LEA or governments, however, so it couldn’t >>>> really be characterized as another set of unreasonable demands from the >>>> same entities. >>>> >>>> >>>> -- >>>> --------------------------------------------------------------- >>>> Joly MacFie 218 565 9365 Skype:punkcast >>>> WWWhatsup NYC - <http://wwwhatsup.com>http://wwwhatsup.com >>>> http://pinstand.com - <http://punkcast.com>http://punkcast.com >>>> VP (Admin) - ISOC-NY - <http://isoc-ny.org>http://isoc-ny.org >>>> -------------------------------------------------------------- >>>> - >>>> _______________________________________________ >>>> At-Large mailing list >>>> <https://atlarge-lists.icann.org/mailman/listinfo/alac>At-Large at atlarge-lists.icann.org >>>> https://atlarge-lists.icann.org/mailman/listinfo/at-large >>>> >>>> At-Large Official Site: <http://atlarge.icann.org>http://atlarge.icann.org >> _______________________________________________ >> At-Large mailing list >> At-Large@atlarge-lists.icann.org >> https://atlarge-lists.icann.org/mailman/listinfo/at-large >> >> At-Large Official Site: http://atlarge.icann.org >> > > _______________________________________________ > At-Large mailing list > At-Large@atlarge-lists.icann.org > https://atlarge-lists.icann.org/mailman/listinfo/at-large > > At-Large Official Site: http://atlarge.icann.org
I was actually surprised to hear Fadi's comments about this at the Fayre. I was both dismayed at the stance he took (I recall him saying the incident diminished the standing of "law enforcement") and his choice of venues (one of too many speeches delivered at a social event when many of the participants were winding down after a day of exhaustion). Had the issue been raised at a time where genuine interaction and thoughtfulness were called for, I suspect Fadi may not have received the anticipated response, as this incident clearly indicates how out of touch ICANN is with the rest of the world,. *Inside the ICANN bubble:* * "We are appalled that 800,000 domains were taken down for having non-responsive contact info" * *The rest of the world:* *"Did you just say that 800,000 domains have non-responsive contact info?"* The methods of verification and the speed of takedown could be tweaked to ensure that good actors with minor access problems (such as mail going into spam filters, increasing time to respond, forget to change after moving, etc) would not be adversely affected. But the end objective is absolutely welcomed from the non-registrant end-user point of view. So I personally have zero ethical qualms about the suspensions, noting that the issue has already been inflated for dramatic effect. A claim of 800,000 domains becomes a million in the headlines. And then there was this gem: *"We have stories of healthcare sites that have gone down,"*, chimes Elliot Noss in the CircleID article <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks> . I don't know about the rest of you ... but given the sensitivity of information at healthcare sites regarding privacy and accuracy, that category of site is amongst those *most* in need of accurate contact info IMO. So if such sites have non-functional contact info, frankly, I couldn't suspend them fast enough until things are fixed. This attempt at media manipulation backfires. The salient point is that a contact address is just that, a way to make contact. If it won't work from the registrant's own registrar or registry -- a body with which whom the registrant has a contractual and financial relationship -- it certainly won't work if someone from the public has a question, complaint, or warrant to serve. If policy indicates that contact info must be accurate and current, then that is what needs to be enforced. When the interests of ICANN and contracted parties are hurt by inaction of registrants -- notably non-payment -- enforcement such as suspension is immediate, automated and non-controversial. (Indeed, it was even once gamed by some contracted parties, which is what led to the PEDNR <http://icannwiki.com/index.php/PEDNR> debate.) But here, the inaction indicates harm to the public interest while enforcement threatens financial loss to ICANN and contracted parties, so all hell breaks loose and Fadi lectures us at the Fayre. This isn't just a matter of law enforcement, and I am puzzled why that community is being singled out for recrimination. Sure, some chunk of those 800,000 are bad actors in the sense of intending to have unusable contact info. But how many of the others have bad contact info because the domains themselves are neglected and unused, squatted or speculated names that their registrants have just locked away and forgotten? How does that serve the interest of end users to have so many extant but useless domains? So, by all means, let's engage in a proper dialogue -- not one initiated, almost in passing, at a social event more than halfway into the ICANN meeting. We may all look at this incident and see within it a deep problem, but the problems At-Large identifies may be far different from those seen by the registrars. Be careful what you wish for. While registrars complaining loudly may score power points inside the bubble (at the expense of public-interest advocacy), outside it just reinforces ICANN's detachment from the rest of the Internet-using world. If news broke that there were 800,000 cars on the road with unusable contact info related to their license plates, public reaction would be loud and ugly no matter what proportion of those cars belonged to criminals. I look forward to any debate going forward on the issue in At-Large's Regulatory Issues Working Group, which is where I believe any future ALAC stance must be discussed and first formulated. - Evan
participants (2)
-
Evan Leibovitch -
Holly Raiche