The ALAC letter referred to above asks the Board to take immediate action to curtail "domain hold," "cart-hold" and/or "cart-reserve" activities such as Network Solutions and others have recently begun.
You also reference SSAC report SAC 022. That report is the first of two of our reports (SAC 022 and SAC 024) so far on front running. See
In SAC 022, we pointed out that checking the availability of a domain name can be a sensitive act which may disclose an interest in or a value ascribed to a domain name and we suggested to potential registrants that domain name availability lookups should be performed with care. We also noted there does not appear to be a strong set of standards and practices to conclude whether monitoring availability checks is an acceptable or unacceptable practice, and we called for both public comment and policy development within the appropriate bodies.
As you noted in your message, the Board declined to take emergency action and referred the matter to the GNSO for possible policy development. (See the last section of this note for a comment on policy development.)
======================================================================
DOES FRONT RUNNING EXIST?
As noted above, the data is inconclusive. Jay Daley, CTO of Nominet, reported he had looked closely at this question some time ago and concluded it simply wasn't happening. Others have suggested privately that it really does happen on a fairly significant scale. Because there is a very high level of tasting, it may be hard to sort out how many instances of apparent front running are just due to "background radiation." And then we have Mr. Nevett's assertion that one or TLDs is actively involved in this process.
We expect to explore this a bit further. We are still formulating specific plans on how to proceed, and we are open to suggestions and offers for how to gather information efficiently, effectively, and accurately.
=====================================================================
IS FRONT-RUNNING PROHIBITED and DOES IT AFFECT SECURITY OR STABILITY?
As we noted in SAC 022, we do not see any coherent and specific framework that suggests front-running is prohibited. I believe the Registrar Accreditation Agreement has language related to the proper use of registration data, but that applies only after a registration is complete.
Practices and expectations vary from field to field. In certain professions, particularly law and medicine -- and my experience is primarily in the U.S. -- there are very strong rules governing the privacy of information provided by a client or patient. There are also strong rules governing the protection of customer information among stockbrokers. If I ask my stockbroker about a particular stock, it's considered unethical for him to use that information to buy or sell that stock for himself or to help others to do so. However, in our industry, I have not seen any similar explicit statement of principle nor an explicit set of rules prohibiting front-running and related practices. Thus, even if we were to find reliable, concrete information that front-running is taking place, it's not clear there is any basis for stopping it.
"Security and Stability" is a mantra invoked with specialty gravity, and there is sometime debate about whether a specific issues does or does not fall into this category. I think it's hard to argue that front-running, if it exists, is affecting the overall security or stability of the domain name system, although one might imagine fairly severe consequences if the practice existed and affected a very large fraction of the potential registrants instead of only a relatively small number. I emphasized "system." From any particular user's perspective, if someone has swiped a name he is looking at, the impact on him or his business could be very substantial. Is that a "security" matter or a " consumer protection" matter, and is there a strict distinction between the two?
I would argue that if there is a structural bias against consumers, that it's appropriate to consider that to be a weakness in the security of the system. On the other hand, if a consumer has been dealt with unfairly by a particular party, and there's no general bias built into the system, that's a specific consumer protection issue. I'm not sure whether everyone else would choose to draw the lines in the same place.
There is a secondary and slightly subtle element of security here. Efficient and effective markets depend on reliable information and trustworthy behavior. If there is a general perception that a market is dangerous, the market may shrink and the results for the buyers and sellers who are in the market may be inequitable. Building and preserving confidence in a market is thus an important aspect of "security."
I don't think we've thought enough about this as a community, and I would like to see some deeper thought and discussion.
Returning to the specific matter of front-running, I find it odd and dangerous that our framework of core values, principles, rules and contracts does not address such practices explicitly. I think this is a weakness in our overall framework and should be fixed.
=====================================================================
WHO SHOULD BE INVOLVED?
I don't see any single group as being the sole owner of these issues. We certainly don't view this as the sole purview of SSAC and we would be delighted if others are involved. The GNSO has a natural role because the registrars and registries are primary actors. At the same time, the people most strongly affected by weaknesses in the process are potential registrants, and it's not clear who speaks for them. ALAC, in its letter to Board, is certainly taking a strong position. And this issue is not limited to the gTLDs and ICANN-accredited registrars. The ccTLD community presumably has the same issues.
In our reports to the Board, we suggested other groups look at these issues. Dan Halloran recently drew our attention to section 1.c in By-Laws Annex A: GNSO Policy-Development Process:
Advisory Committee Initiation. An Advisory Committee may raise an issue for policy development by action of such committee to commence the PDP, and transmission of that request to the GNSO Council. (http://www.icann.org/general/bylaws.htm#AnnexA)
With some chagrin, I admit we hadn't realized there was a direct channel for SSAC to forward to the GNSO a formal request for the GNSO to commence the PDP. Would you find it helpful for us to send our recommendations to you in this form?
Irrespective of whether we send you a formal recommendation, I hope this note has provided some useful information. We will be happy to discuss it further if you desire.
Thanks,
Steve Crocker
SSAC Chair