Recommendation on contract enforcement by the public
[Third time's the charm? Apparently my earlier attempts to post this were eaten by a spam blocker.] If ICANN't keep a contract, let the public enforce it Earlier in the Registerfly controversy, ICANN Vice President Paul Levins posted to the ICANN Blog <http://blog.icann.org/?p=32>, ICANN is not a regulator. We rely mainly on contract law. We do not condone in any way whatsoever RegisterFly's business practice and behaviour. This is disingenuous. ICANN is the central link in a web of contracts that regulate the business of domain name allocation. ICANN has committed, as a public benefit corporation, to enforcing those contracts in the public interest. Domain name registrants, among others, rely on those contracts to establish a secure, stable environment for domain name registration and through that for online content location. A user registers a domain name by contracting with a registrar, such as Registerfly. The terms of that agreement are constrained by ICANN's accreditation contract with the registrar <http://www.icann.org/registrars/ra-agreement-17may01.htm>. French registrar Gandi <http://gandi.net/> explains this web with helpful diagrams in its registration agreement <http://www.gandi.net/contracts/en/g1/pdf/>: Gandi is a Registrar, accredited by both the Trustee Authority [ICANN] and registry of each TLD to assign and manage domain names according to their specific TLD. We must abide by the terms and conditions of Our accreditation contract. As a consequence, We must pass some of Our obligations on to Our customers. ... As such, We commit Ourselves to providing you with the best possible service. This being said, due to Our contractual obligations with the Trustee Authorities and Registries, and which You must also abide by, Our services are limited in some of their technical, legal, regulatory and contractual aspects. Now the ICANN contracts can both limit and help the end-user registrant. On the limit side, they restrict the registrant's ability to maintain anonymity or privacy by requiring the registrar to provide accurate identifying information to the WHOIS database <http://www.icann.org/registrars/ra-agreement-17may01.htm#3.2>, a duty the registrar fulfills by compelling provision of accurate information in its own contract with the registrant. This requirement benefits trademark holders, who have recently turned out <http://forum.icann.org/lists/whois-services-comments/> to prophesy doom if data display is limited. On the benefit side, the RAA-imposed duty of data escrow <http://www.icann.org/registrars/ra-agreement-17may01.htm#3.6>, requiring the registrar to maintain an escrowed copy of its registration database, provides evidence of a registrant's domain name holdings in the event of registrar failure. Registrants seeing this provision could believe that their domain names would be secure even if the registrar who had recorded them defaulted. So they might have believed, but apparently ICANN has never enforced this provision of its contracts <http://gnso.icann.org/mailing-lists/archives/ga/msg06000.html>. Moreover, ICANN denies that the public is a third-party beneficiary entitled to demand enforcement <http://www.icann.org/registrars/ra-agreement-17may01.htm#5.10>. The Registerfly debacle <http://www.businessweek.com/technology/content/mar2007/tc20070307_079128.htm...> shows why this view is wrong as a matter of law and policy. ICANN was told more than a year ago of customer service problems at Registerfly, but did nothing to respond to those complaints, including escrowing data, leaving the company's 200,000 registrants at risk of losing domain names or the ability to update them when Registerfly's business troubles escalated early this year. ICANN should recognize that the reason for its registrar contracts is precisely to benefit third parties: domain name registrants and those who rely on the domain name system. ICANN is not (or shouldn't be) accrediting registrars merely to have a larger pool of organizations paying fealty to it. Rather, it is imposing terms and conditions on registrars and, with an "ICANN accredited" seal, inviting the public to rely on those terms for a secure domain name registration. In cases where ICANN fails <http://omblog.icann.org/?p=6> to recognize a registrar's problems <http://www.theregister.com/2007/02/19/registerfly_angry_customers/>, concerned members of the public should be entitled to take action themselves. As well as enforcing public-benefit obligations on its own, ICANN should facilitate individual action by removing the "no third-party beneficiary" language from its contracts. Resolved that: Recognizing that the public Internet users are intended beneficiaries of ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements; ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6. -- Wendy Seltzer -- wendy@seltzer.org Visiting Assistant Professor of Law, Brooklyn Law School Fellow, Berkman Center for Internet & Society http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/
I heartily endorse this. On Mar 16, 2007, at 4:51 AM, Wendy Seltzer wrote:
Resolved that: Recognizing that the public Internet users are intended beneficiaries of ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6.
I heartily endorse this.
Me too. While we're endorsing escrow, we should be sure they escrow registry data as well. And perhaps in the interests of transparency, publish periodic reports of who's making escrow deposits where and how often.
On Mar 16, 2007, at 4:51 AM, Wendy Seltzer wrote:
Resolved that: Recognizing that the public Internet users are intended beneficiaries of ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6.
Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
Wendy Seltzer ha scritto:
[Third time's the charm? Apparently my earlier attempts to post this were eaten by a spam blocker.]
If ICANN't keep a contract, let the public enforce it
(Perhaps, to make the text more readable, we should put a brief introduction plus the resolution at the beginning, and move the rationale to an appendix, as Izumi did.)
Resolved that: Recognizing that the public Internet users are intended beneficiaries of ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6.
Can I propose a couple more points? I think that there are some more general lessons to be learned: if ICANN doesn't raise the priority level of "registrant protection", we risk getting into similar problems again in the future. So I would add a couple of additional resolutions such as: * ICANN should be more responsive to registrar misbehaviour or failure that affects a significant number of registrations, using its credibility, "moral suasion" and contractual opportunities to help their prompt resolution; it should also deploy appropriate instruments (complaint forms, news monitoring etc.) to proactively obtain early warning about the insurgency of such problems. * ICANN should foster the bottom-up development of best practices for registrars and domain name resellers, on matters such as information passed on to customers, domain name administration procedures, transfer and renewal policies, etc., to help the industry reach better and more predictable standards in the service offered to customers. -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
Vittorio Bertola wrote:
Wendy Seltzer ha scritto:
[Third time's the charm? Apparently my earlier attempts to post this were eaten by a spam blocker.]
If ICANN't keep a contract, let the public enforce it
(Perhaps, to make the text more readable, we should put a brief introduction plus the resolution at the beginning, and move the rationale to an appendix, as Izumi did.)
Sounds like a good idea.
Resolved that: Recognizing that the public Internet users are intended beneficiaries of
its contracts
ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6 and from registries.
Can I propose a couple more points? I think that there are some more general lessons to be learned: if ICANN doesn't raise the priority level of "registrant protection", we risk getting into similar problems again in the future. So I would add a couple of additional resolutions such as:
* ICANN should be more responsive to registrar misbehaviour or failure that affects a significant number of registrations, using its credibility, "moral suasion" and contractual opportunities to help their prompt resolution; it should also deploy appropriate instruments (complaint forms, news monitoring etc.) to proactively obtain early warning about the insurgency of such problems.
I'm not sure. I don't want ICANN to become a consumer protection agency, because I don't anticipate that it will do any better job at that than in any of its other mission-creep roles. I'd rather push on expanding opportunities for referral to outside enforcement, perhaps with some self-regulation to avoid that enforcement. --Wendy
* ICANN should foster the bottom-up development of best practices for registrars and domain name resellers, on matters such as information passed on to customers, domain name administration procedures, transfer and renewal policies, etc., to help the industry reach better and more predictable standards in the service offered to customers.
-- Wendy Seltzer -- wendy@seltzer.org phone: 718.780.7961 // fax: 718.780.0394 // cell: 914.374.0613 Visiting Assistant Professor of Law, Brooklyn Law School Fellow, Berkman Center for Internet & Society http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/
I personally am of course in favor of this resoution, and just forwarded Wendy's draft to AP RALO discussion list. I hope they will make some comments and contributions. izumi 2007/3/17, Wendy Seltzer <wendy@seltzer.com>:
Vittorio Bertola wrote:
Wendy Seltzer ha scritto:
[Third time's the charm? Apparently my earlier attempts to post this were eaten by a spam blocker.]
If ICANN't keep a contract, let the public enforce it
(Perhaps, to make the text more readable, we should put a brief introduction plus the resolution at the beginning, and move the rationale to an appendix, as Izumi did.)
Sounds like a good idea.
Resolved that: Recognizing that the public Internet users are intended beneficiaries
of its contracts
ICANN should strike the "no third-party beneficiary" language from its Registrar Accreditation Agreements and Registry Agreements;
ICANN should promptly adopt a schedule and provisions for escrowing of data from all registrars, as envisioned in RAA 3.6 and from registries.
Can I propose a couple more points? I think that there are some more general lessons to be learned: if ICANN doesn't raise the priority level of "registrant protection", we risk getting into similar problems again in the future. So I would add a couple of additional resolutions such as:
* ICANN should be more responsive to registrar misbehaviour or failure that affects a significant number of registrations, using its credibility, "moral suasion" and contractual opportunities to help their prompt resolution; it should also deploy appropriate instruments (complaint forms, news monitoring etc.) to proactively obtain early warning about the insurgency of such problems.
I'm not sure. I don't want ICANN to become a consumer protection agency, because I don't anticipate that it will do any better job at that than in any of its other mission-creep roles. I'd rather push on expanding opportunities for referral to outside enforcement, perhaps with some self-regulation to avoid that enforcement.
--Wendy
* ICANN should foster the bottom-up development of best practices for registrars and domain name resellers, on matters such as information passed on to customers, domain name administration procedures, transfer and renewal policies, etc., to help the industry reach better and more predictable standards in the service offered to customers.
-- Wendy Seltzer -- wendy@seltzer.org phone: 718.780.7961 // fax: 718.780.0394 // cell: 914.374.0613 Visiting Assistant Professor of Law, Brooklyn Law School Fellow, Berkman Center for Internet & Society http://cyber.law.harvard.edu/seltzer.html http://www.chillingeffects.org/
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org
http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
www.alac.icann.org www.icannalac.org
-- >> Izumi Aizu << Institute for HyperNetwork Society Kumon Center, Tama University * * * * * << Writing the Future of the History >> www.anr.org
Wendy Seltzer ha scritto:
* ICANN should be more responsive to registrar misbehaviour or failure that affects a significant number of registrations, using its credibility, "moral suasion" and contractual opportunities to help their prompt resolution; it should also deploy appropriate instruments (complaint forms, news monitoring etc.) to proactively obtain early warning about the insurgency of such problems.
I'm not sure. I don't want ICANN to become a consumer protection agency, because I don't anticipate that it will do any better job at that than in any of its other mission-creep roles. I'd rather push on expanding opportunities for referral to outside enforcement, perhaps with some self-regulation to avoid that enforcement.
The problem is that there is no other authority that can enforce anything on registrars, especially in a global environment. The RAA and RRA are the only places where registrars can be required to do anything in favour of their customers; also, ICANN is the only place where you could hope of developing bottom-up best practices agreed by registrars, registries and registrants (where else?). ICANN should not enter in individual disputes between a registrant and a registrar, but when problems become collective (and thus, by the way, pose a threat to the stability of the Internet - what if one million registrations disappear at once?) ICANN should do its part. -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> finally with a new website at http://bertola.eu/ <--------
participants (5)
-
Bret Fausett -
Izumi AIZU -
John L -
Vittorio Bertola -
Wendy Seltzer