Good Morning, Thank you for your note Michael, but I think it may be a bit misleading and the RrSG does not (and did not) agree with the suggested updates to the current working definition of accuracy. As you have reviewed the call on Nov 4th several times, you will have noted that I objected to these changes around the 1 hour and 11 minute point. Specifically, around adding any mention of identity requirements as that is just not the case in our contract or policy. I believe the reference to ICANN's report/memo below in your email, leaves off some important language/context. First, this report provides information on how ICANN Compliance operates, it does not add requirements (that is only done in contracts or Policy). Second, as I have mentioned several times, the mention of "identity" here does not (and cannot, see first point) add any requirements on the CP, it only states that ICANN Compliance may ask for "...further information concerning their findings...", it does not ask or even suggest that the Registrar do anything more than what they have already done in their investigation. The one item I do believe we agreed to was around the "affirmative response" idea. I don't have the specifics on this one but I think Sarah brought up support on adding language around that idea. Additionally, as I (and others) have mentioned many times we did not provide a proposed definition we provided the current working definition. I understand that people may want to update/expand that definition and I believe that is why the GNSO Council formed this Scoping Team. I will also point to prior calls, like the Oct 21st call where this working definition was presented, and we had agreement from several SGs, staff and the Chair that this was the baseline definition that we would work from moving forward. I will note that I saw no chat nor anyone speak in objection to this working definition. I once again brought this point of agreement up during our ICANN session (36 min) and once again I did not see or hear any objections to this being the baseline. Obviously, some minor tweaks would occur, but the suggested changes were not minor and adds responsibilities that just do not exist today. To be clear the RrSG does not agree with the suggested updates to the working definition. Thanks Roger ________________________________ From: GNSO-Accuracy-ST <gnso-accuracy-st-bounces@icann.org> on behalf of Michael Palage <michael@palage.com> Sent: Tuesday, November 30, 2021 1:57 PM To: 'Lori Schulman' <lschulman@inta.org>; 'Sarah Wyld' <swyld@tucows.com>; gnso-accuracy-st@icann.org <gnso-accuracy-st@icann.org> Subject: Re: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@. Hello All, As someone that watched the video recording twice allow me to recount the events of Nov 4th. In advance of the call there had been two “definitions” (contractual construction / explanations) put forth for consideration. One by the Registrars and the one put forward by myself. In an effort to reconcile these two definitions, I opted to mark-up the Registrar’s “definition”. The first change was replacing the phrase “shall strictly” with “is.” Specifically I cited to Background Briefing Assignment #1 which stated in relevant part that: However, if the complaint is about identity (e.g., the registrant is not who they say they are), Contractual Compliance may ask the registrar to provide further information. (emphasis added). After the group acknowledged that this excerpt from the ICANN briefing document showed a larger remit than just syntactical and operational accuracy, the “shall strictly” phrase was redlined and replaced with ‘is.”. Alan Greenburg from ALAC tired to propose an alternative wording but the redline stayed as “is”. The next proposed redline was inspired largely by the following excerpt from the ICANN72 GAC communique which states in relevant part: The GAC gives particular importance to the verification, validation and correction of all registration data by registrars, and certain registries, in line with their contractual obligations, and supports rigorous monitoring and enforcement of such contractual obligations by ICANN. (emphasis added) These changes again were made with no substantive opposition from the group. As I have stated previously these agreed upon changes where lost when the document was exited at the end of the call. I have consulted with ICANN Org and they are unaware of how these changes were lost. However, I believe the video clearly shows that the deletion was NOT an intentional act because no one spoke to the text being removed, it just disappeared. Please review the video for yourself, I have provided the time stamp to help make everyone’s review easier. Now if the RySG and RsSG are going to maintain their objection to the previous redline “definition” and instead advocate for the RrSG “definition” we will address this topic AFTER the we conclude the questions to ICANN Org, but before we begin our GAP analysis. I do have a specific request for Marc, Beth and Sofie. During the next RySG call could you seek clarification from the RySG on whether Registries believe they have a right under their Registry Agreement to verify the accuracy of data elements that they process as part of domain name registrations in their respective TLDs. Additionally, what steps if any does ICANN Compliance take in connection with Registry Audits regarding this verification as I do believe it is relevant to our discussion here in this Working Group. Listed below are a non-exhaustive list of Registry Operators that involve some level of accuracy /registrant vetting beyond just email and phone accuracy (syntactical and operational) as part of their registry operations: 1. From the original 2001 proof of concept round, .AERO was one of the first TLD that required the process of registrant data prior to being able to obtain a gTLD domain name registration. If you look at the current .AERO registration website you will see the following requirement: Obtain your .aero ID, prior to registration of your chosen domain name through a .aero authorised registrar, this unique validity process screens potential domain registrants thus ensuring the integrity and the exclusivity of the .aero domain. See https://information.aero/registration and https://information.aero/node/add/request-aero-id 1. From the 2004 Sponsored round perhaps the best example was .XXX which made the following representations: 5.0 PREVENTING ABUSIVE REGISTRATIONS The Registry will authenticate members of the Sponsored Community, as part of the name registration process. As part of this process, the Registry will validate contact information for the Registrant, secure the Registrant’s affirmative consent to the Registry-Registrant Agreement, and issue unique Membership Credentials. The Membership Application Process must be completed before a domain name is permitted to resolve in the TLD. See https://www.icmregistry.com/about/policies/launch/#general_aval 1. fTLD submitted an approved RSEP to ICANN for the processing of Registrant information prior to registration. The name of this RSEP is Dynamic Registration Verification and is available here, see https://www.icann.org/en/system/files/files/rsep-2017039-bank-et-al-request-... This webpage shows the information that fTLD collects from prospective registrants as part of their verification process, see https://www.register.bank/get-started/ 1. NABP, the Registry Operator of .PHARMACY, has also vetted prospective registrants as part of its registration process, see https://nabp.pharmacy/programs/accreditations-inspections/dotpharmacy/#apply 1. In addition, every .BRAND Registry Operator has a requirement to limit registrations in that TLD to either the Brand owner or “Trademark Licensee” so this would be a further example of where a Registry Operator is processing data about a Registrant (e.g. Trademark Licensee) that may or may not appear in the Whois/RDDS output. 1. There are also numerous RSEPs filed by Registry Operators seeking “Registration Validation” which clearly go above just syntactical and operational validation, e.g. Chinese Real Name Verification. I hope this removes any ambiguity as to the events of Nov 4th. If, however, the RySG and RrSG maintain their objection we will revisit prior to our GAP analysis discussion as noted above. Best regards, Michael From: Lori Schulman <lschulman@inta.org> Sent: Tuesday, November 30, 2021 1:06 PM To: Sarah Wyld <swyld@tucows.com>; michael@palage.com; gnso-accuracy-st@icann.org Subject: RE: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hi, The changes were definitely tracked. I was under the impression that we agreed to those changes. If so, then they should be reinserted as a compromise that we can live with for the purposes of the scoping exercise. Any binding definitions will be negotiated by the eventual PDP. With kind regards, Lori S. Schulman Senior Director, Internet Policy International Trademark Association (INTA) +1-202-704-0408, Skype: LSSchulman lschulman@inta.org<mailto:lschulman@inta.org>, www.inta.org From: GNSO-Accuracy-ST <gnso-accuracy-st-bounces@icann.org<mailto:gnso-accuracy-st-bounces@icann.org>> On Behalf Of Sarah Wyld Sent: Monday, November 29, 2021 3:27 PM To: michael@palage.com<mailto:michael@palage.com>; gnso-accuracy-st@icann.org<mailto:gnso-accuracy-st@icann.org> Subject: Re: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hi team, I (of course) can’t speak for the registries or answer this question, but I do want to say, I’m glad the text in the screenshot was not updated. The definition in that section of the document should remain as we had proposed it back on Oct 29, and any changes should be tracked elsewhere. Maybe that’s why the changes were removed? See you tomorrow, thanks! Sarah -- Sarah Wyld, CIPP/E Policy & Privacy Manager Pronouns: she/they swyld@tucows.com<mailto:swyld@tucows.com> +1.416 535 0123 Ext. 1392 [cid:image001.png@01D7E5ED.2A93AD10] From: Michael Palage<mailto:michael@palage.com> Sent: November 26, 2021 12:02 PM To: gnso-accuracy-st@icann.org<mailto:gnso-accuracy-st@icann.org> Subject: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hello All, For those colleagues that celebrated the Thanksgiving holiday yesterday, I hope you had an enjoyable time with your family and friends and did not eat too much. I would also like to thanks those team members that showed up for our brief Administrative Call yesterday. In preparing for the call yesterday I noted some of the new additions added by the RySG to the questions for ICANN staff. Thank you for these additions Roger. This flagged a previous issue which I had raised with our ICANN colleagues last weekend and it involves the current working contractual construct / definition. In the RySG questions they cited to the proposed RrSG accuracy “definition” (aka contractual construct): "Accuracy shall be strictly defined as syntactical accuracy of the registration data elements provided by the Registered Name Holder as well as the operational accuracy of either the telephone number or the email address." Last week when I was looking for the latest and greatest contractual construct/definition I noted that there was a technical glitch when reviewing the Zoom recording which I will summarize below. If you go to the Zoom recording from the Nov 4th call you will see that the red lined version of the contractual construct/definition which was agreed to during the call and which is reflected below. [cid:image001.png@01D7E2BD.34B4CF00] However, at the conclusion of the call as we were wrapping up the session, these edits were lost [cid:image002.png@01D7E2BD.34B4CF00] Therefore, I would like clarification from the RySG do they wish to cite the group’s current working contractual construct/definition that was agreed to during the Nov 4th call, or do they intend to cite to the RrSG pre November 4th call contractual construct/definition? I know these technical glitches, e.g. delta in Google Doc, Alan receiving emails, and the unavailability email archives makes things a little more challenging. However, I know our ICANN colleagues are working on the email issues, and I am sure we will be able to achieve most of our work asynchronously if we put our minds to it. Best regards, Michael

Hi, I think we need to differentiate between mandatory accuracy requirements and those accuracy processes adopted voluntarily by selected contracted parties for their very particular, specific purposes. Most of these TLDs have some form of eligibility requirement, something that simply is not the case for most TLDs. For example, just because registrar A may have chosen to only accept registrations after verifying fingerprints and DNA of each customer, this does not make such a requirement relevant for our discussions. If we venture down this rabbit hole of voluntary measures intended to achieve very specific goals that do not apply to all TLDs equally, I dare predict we will still be here months from now. Like Roger, I do not recall agreeing to the proposed changes, in fact, I think we need to object to most of them as they do not reflect a position we can support. Best, -- Volker A. Greimann General Counsel and Policy Manager *KEY-SYSTEMS GMBH* T: +49 6894 9396901 M: +49 6894 9396851 F: +49 6894 9396851 W: www.key-systems.net Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835 CEO: Oliver Fries and Robert Birkner Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358. This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached. On Tue, Nov 30, 2021 at 8:58 PM Michael Palage <michael@palage.com> wrote:

Hello All,

As someone that watched the video recording twice allow me to recount the events of Nov 4th.

In advance of the call there had been two “definitions” (contractual construction / explanations) put forth for consideration. One by the Registrars and the one put forward by myself.

In an effort to reconcile these two definitions, I opted to mark-up the Registrar’s “definition”. The first change was replacing the phrase “shall strictly” with “is.” Specifically I cited to Background Briefing Assignment #1 which stated in relevant part that:

However, if the *complaint is about identity* (e.g., the registrant is not who they say they are), Contractual Compliance may ask the registrar to provide further information. (emphasis added).

After the group acknowledged that this excerpt from the ICANN briefing document showed a larger remit than just syntactical and operational accuracy, the “shall strictly” phrase was redlined and replaced with ‘is.”. Alan Greenburg from ALAC tired to propose an alternative wording but the redline stayed as “is”.

The next proposed redline was inspired largely by the following excerpt from the ICANN72 GAC communique which states in relevant part:

The GAC gives particular importance to the verification, validation and correction of all registration data by registrars, *and certain registries*, in line with their contractual obligations, and supports rigorous monitoring and enforcement of such

contractual obligations by ICANN. (emphasis added)

These changes again were made with no substantive opposition from the group.

As I have stated previously these agreed upon changes where lost when the document was exited at the end of the call. I have consulted with ICANN Org and they are unaware of how these changes were lost. However, I believe the video clearly shows that the deletion was NOT an intentional act because no one spoke to the text being removed, it just disappeared. Please review the video for yourself, I have provided the time stamp to help make everyone’s review easier.

Now if the RySG and RsSG are going to maintain their objection to the previous redline “definition” and instead advocate for the RrSG “definition” we will address this topic AFTER the we conclude the questions to ICANN Org, but before we begin our GAP analysis.

I do have a specific request for Marc, Beth and Sofie. During the next RySG call could you seek clarification from the RySG on whether Registries believe they have a right under their Registry Agreement to verify the accuracy of data elements that they process as part of domain name registrations in their respective TLDs. Additionally, what steps if any does ICANN Compliance take in connection with Registry Audits regarding this verification as I do believe it is relevant to our discussion here in this Working Group.

Listed below are a non-exhaustive list of Registry Operators that involve some level of accuracy /registrant vetting beyond just email and phone accuracy (syntactical and operational) as part of their registry operations:

1. From the original 2001 proof of concept round, .AERO was one of the first TLD that required the process of registrant data prior to being able to obtain a gTLD domain name registration. If you look at the current .AERO registration website you will see the following requirement:

Obtain your .aero ID, prior to registration of your chosen domain name through a .aero authorised registrar, this unique validity process screens potential domain registrants thus ensuring the integrity and the exclusivity of the .aero domain.

See https://information.aero/registration and https://information.aero/node/add/request-aero-id

1. From the 2004 Sponsored round perhaps the best example was .XXX which made the following representations:

5.0 PREVENTING ABUSIVE REGISTRATIONS

The Registry will authenticate members of the Sponsored Community, as part of the name registration process. As part of this process, the Registry will validate contact information for the Registrant, secure the Registrant’s affirmative consent to the Registry-Registrant Agreement, and issue unique Membership Credentials. The Membership Application Process must be completed before a domain name is permitted to resolve in the TLD.

See https://www.icmregistry.com/about/policies/launch/#general_aval

1. fTLD submitted an approved RSEP to ICANN for the processing of Registrant information prior to registration. The name of this RSEP is Dynamic Registration Verification and is available here, see https://www.icann.org/en/system/files/files/rsep-2017039-bank-et-al-request-... This webpage shows the information that fTLD collects from prospective registrants as part of their verification process, see https://www.register.bank/get-started/

1. NABP, the Registry Operator of .PHARMACY, has also vetted prospective registrants as part of its registration process, see https://nabp.pharmacy/programs/accreditations-inspections/dotpharmacy/#apply

1. In addition, every .BRAND Registry Operator has a requirement to limit registrations in that TLD to either the Brand owner or “Trademark Licensee” so this would be a further example of where a Registry Operator is processing data about a Registrant (e.g. Trademark Licensee) that may or may not appear in the Whois/RDDS output.

1. There are also numerous RSEPs filed by Registry Operators seeking “Registration Validation” which clearly go above just syntactical and operational validation, e.g. Chinese Real Name Verification.

I hope this removes any ambiguity as to the events of Nov 4th. If, however, the RySG and RrSG maintain their objection we will revisit prior to our GAP analysis discussion as noted above.

Best regards,

Michael

*From:* Lori Schulman <lschulman@inta.org> *Sent:* Tuesday, November 30, 2021 1:06 PM *To:* Sarah Wyld <swyld@tucows.com>; michael@palage.com; gnso-accuracy-st@icann.org *Subject:* RE: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition

Hi,

The changes were definitely tracked. I was under the impression that we agreed to those changes. If so, then they should be reinserted as a compromise that we can live with for the purposes of the scoping exercise. Any binding definitions will be negotiated by the eventual PDP.

With kind regards,

Lori S. Schulman

Senior Director, Internet Policy

*International Trademark Association (INTA)*

+1-202-704-0408, Skype: LSSchulman

lschulman@inta.org, www.inta.org

*From:* GNSO-Accuracy-ST <gnso-accuracy-st-bounces@icann.org> *On Behalf Of *Sarah Wyld *Sent:* Monday, November 29, 2021 3:27 PM *To:* michael@palage.com; gnso-accuracy-st@icann.org *Subject:* Re: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition

Hi team,

I (of course) can’t speak for the registries or answer this question, but I do want to say, I’m glad the text in the screenshot was not updated. The definition in that section of the document should remain as we had proposed it back on Oct 29, and any changes should be tracked elsewhere. Maybe that’s why the changes were removed?

See you tomorrow, thanks!

Sarah

--

*Sarah Wyld*, CIPP/E

Policy & Privacy Manager

Pronouns: she/they

swyld@tucows.com

+1.416 535 0123 Ext. 1392

*From: *Michael Palage <michael@palage.com> *Sent: *November 26, 2021 12:02 PM *To: *gnso-accuracy-st@icann.org *Subject: *[GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition

Hello All,

For those colleagues that celebrated the Thanksgiving holiday yesterday, I hope you had an enjoyable time with your family and friends and did not eat too much. I would also like to thanks those team members that showed up for our brief Administrative Call yesterday.

In preparing for the call yesterday I noted some of the new additions added by the RySG to the questions for ICANN staff. Thank you for these additions Roger. This flagged a previous issue which I had raised with our ICANN colleagues last weekend and it involves the current working contractual construct / definition.

In the RySG questions they cited to the proposed RrSG accuracy “definition” (aka contractual construct):

"Accuracy shall be strictly defined as syntactical accuracy of the registration data elements provided by the Registered Name Holder as well as the operational accuracy of either the telephone number or the email address."

Last week when I was looking for the latest and greatest contractual construct/definition I noted that there was a technical glitch when reviewing the Zoom recording which I will summarize below.

If you go to the Zoom recording from the Nov 4th call you will see that the red lined version of the contractual construct/definition which was agreed to during the call and which is reflected below.

However, at the conclusion of the call as we were wrapping up the session, these edits were lost

Therefore, I would like clarification from the RySG do they wish to cite the group’s current working contractual construct/definition that was agreed to during the Nov 4th call, or do they intend to cite to the RrSG pre November 4th call contractual construct/definition?

I know these technical glitches, e.g. delta in Google Doc, Alan receiving emails, and the unavailability email archives makes things a little more challenging. However, I know our ICANN colleagues are working on the email issues, and I am sure we will be able to achieve most of our work asynchronously if we put our minds to it.

Best regards,

Michael

_______________________________________________ GNSO-Accuracy-ST mailing list GNSO-Accuracy-ST@icann.org https://mm.icann.org/mailman/listinfo/gnso-accuracy-st

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

Hello Sophie, While I am not attempting to answer your previous question to Lori on her behalf, I thought I would like to provide the following data points that may help answer/clarify this issue for all parties in an asynchronous manner, thus saving previous plenary time for other matters. In EPDP Phase 1 which the RySG fully endorsed, in Recommend 1 under "ICANN Purposes for processing gTLD Registration Data" Paragraph 7 states in relevant part "Enabling validation to confirm that Registered Name Holder meets gTLD registration policy eligibility criteria voluntarily adopted by Registry Operator and that are described or referenced in the Registry Agreement for that gTLD." FN4 [The EPDP Team's approval of Purpose 7 does not prevent and should not be interpreted as preventing Registry Operators from voluntarily adopting gTLD registration policy eligibility criteria that are not described or referenced in their respective Registry Agreements.] Additionally, Paragraph 5 of Recommendation 1 in the EPDP Phase 1 report further states that an ICANN purpose is Handle contractual compliance monitoring requests and audit activities consistent with the terms of the Registry agreement." My recollection is that the RySG fully endorses the EPDP Phase 1 report which is now consensus policy, so I am a little confused over the RySG's concern about "belief" and "rights" since this seems to have already been asked and answered. If the RySG's position on Recommendation regarding purpose under Paragraphs 5 and 7 have change please let me know. While reviewing or proposing changes to the EPDP-identified purposes are outside the mandate of this scoping team per the instructions of Council, we have been instructed by Council to "identify this as an area of further work" if "the scoping team finds that further review of these purposes is necessary." Best regards, Michael From: Sophie Hey <sophie.hey@comlaude.com> Sent: Friday, December 3, 2021 1:01 PM To: michael@palage.com; 'Lori Schulman' <lschulman@inta.org>; 'Sarah Wyld' <swyld@tucows.com>; gnso-accuracy-st@icann.org Subject: RE: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hi all, Michael, Beth, Marc and myself would appreciate further clarity about what information you are hoping to get from this question so we can pass this along to the rest of the RySG. I'm not sure we understand why you are asking or its relevance to our current work. During the next RySG call could you seek clarification from the RySG on whether Registries believe they have a right under their Registry Agreement to verify the accuracy of data elements that they process as part of domain name registrations in their respective TLDs. Additionally, what steps if any does ICANN Compliance take in connection with Registry Audits regarding this verification. In speaking with our RySG colleagues, we received feedback that answering the first part of the question which is framed around "belief" and "rights" related to the Registry Agreement is not something the RySG is in a position to respond to and probably not appropriate for them to do so. The second part of the question you posed asks about steps ICANN Compliance takes and is probably more appropriately addressed to them. While the RySG is likely not in a position to respond globally, two of our members provided responses about their individual gTLDs that we do want to share. .BANK and .INSURANCE: Having worked at ICANN in a registry capacity and now operating fTLD for the last decade, I fully appreciate that Registry Operators' business models can vary greatly and thus I can only share fTLD's interpretations of our rights and responsibilities for operating .BANK and .INSURANCE.

From a community-based gTLD perspective and because fTLD's Registry Agreements (RAs) for .BANK and .INSURANCE include unique elements, is that we absolutely have the right, and in fact have the obligation, based upon what is in our RAs, to verify the accuracy of domain name registration information. The aforementioned unique elements include Section 2.19, Obligations of Registry Operator to TLD Community; Specification 11, Public Interest Commitments; and Specification 12, Community Registration Policies.

As a part of ICANN's audit of Registries in 2016 and 2017, our TLDs were selected (.BANK in 2016, and .INSURANCE in 2017) and ICANN requested verification information for a random list of domain registrations in their Request For Information (RFI) and their RFI cited Section 2.19 and Specification 12 as the basis of their request. In 2017, when fTLD determined we could more effectively and efficiently implement the Registrant verification process rather than continuing to outsource it, we were directed to the RSEP process by ICANN GDD Staff, despite this process being neither a Service, nor the proposed offering of an Additional Service, as defined in the Registry Agreement. As a result of ICANN's position, fTLD submitted an RSEP (see request 2017039 accessible here: <https://www.icann.org/resources/pages/rsep-2014-02-19-en> https://www.icann.org/resources/pages/rsep-2014-02-19-en) detailing our migration from a static to a dynamic registration verification process. Notwithstanding fTLD's obligations to perform Registrant Verification per our RAs with ICANN, the responsibility is further enumerated in our Registry Registrar Agreement (RRA): * 3.3.2. Obligations of Registered Name Holder. Registrar shall require all Registered Name Holders to enter into a Registration Agreement with Registrar. In such Registration Agreement, Registrar shall require such Registered Name Holder to acknowledge and agree that the Registry Operator reserves the right to deny, cancel or transfer any Registered Name registration or transaction, or place any Registered Name (s) on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion: (i) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs), (ii) to correct mistakes made by Registry Operator, Registry Service Provider, Registry Verification Agent, Registrar and/or any other contractually obligated vendors in connection with a domain name registration, or (iii) for the nonpayment of Fees to Registry Operator. * 3.9.8. Registrant shall take all necessary action(s) as directed by Registrar or Registry Operator in relation to compliance actions, directives, or instructions from ICANN, and/or as otherwise directed by Registry Operator in its sole discretion as being reasonably necessary for the provision of Registry Services and enforcing compliance with Registry Operator's Operational and Security Requirements and Operations Pledge, including monitoring for compliance regarding the Registered Name. .PHARMACY The RA for .pharmacy obligates us to verify the accuracy of the information provided by prospective registrants. To clarify, this verification is part of the preliminary application and review process, not the actual domain name registration process. Sophie Hey Policy Advisor Com Laude T +44 (0) 20 7421 8250 <tel:+44%20(0)%2020%207421%208250> Ext 252 <https://comlaude.com/> From: GNSO-Accuracy-ST <gnso-accuracy-st-bounces@icann.org <mailto:gnso-accuracy-st-bounces@icann.org> > On Behalf Of Michael Palage Sent: 30 November 2021 19:58 To: 'Lori Schulman' <lschulman@inta.org <mailto:lschulman@inta.org> >; 'Sarah Wyld' <swyld@tucows.com <mailto:swyld@tucows.com> >; gnso-accuracy-st@icann.org <mailto:gnso-accuracy-st@icann.org> Subject: Re: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hello All, As someone that watched the video recording twice allow me to recount the events of Nov 4th. In advance of the call there had been two "definitions" (contractual construction / explanations) put forth for consideration. One by the Registrars and the one put forward by myself. In an effort to reconcile these two definitions, I opted to mark-up the Registrar's "definition". The first change was replacing the phrase "shall strictly" with "is." Specifically I cited to Background Briefing Assignment #1 which stated in relevant part that: However, if the complaint is about identity (e.g., the registrant is not who they say they are), Contractual Compliance may ask the registrar to provide further information. (emphasis added). After the group acknowledged that this excerpt from the ICANN briefing document showed a larger remit than just syntactical and operational accuracy, the "shall strictly" phrase was redlined and replaced with 'is.". Alan Greenburg from ALAC tired to propose an alternative wording but the redline stayed as "is". The next proposed redline was inspired largely by the following excerpt from the ICANN72 GAC communique which states in relevant part: The GAC gives particular importance to the verification, validation and correction of all registration data by registrars, and certain registries, in line with their contractual obligations, and supports rigorous monitoring and enforcement of such contractual obligations by ICANN. (emphasis added) These changes again were made with no substantive opposition from the group. As I have stated previously these agreed upon changes where lost when the document was exited at the end of the call. I have consulted with ICANN Org and they are unaware of how these changes were lost. However, I believe the video clearly shows that the deletion was NOT an intentional act because no one spoke to the text being removed, it just disappeared. Please review the video for yourself, I have provided the time stamp to help make everyone's review easier. Now if the RySG and RsSG are going to maintain their objection to the previous redline "definition" and instead advocate for the RrSG "definition" we will address this topic AFTER the we conclude the questions to ICANN Org, but before we begin our GAP analysis. I do have a specific request for Marc, Beth and Sofie. During the next RySG call could you seek clarification from the RySG on whether Registries believe they have a right under their Registry Agreement to verify the accuracy of data elements that they process as part of domain name registrations in their respective TLDs. Additionally, what steps if any does ICANN Compliance take in connection with Registry Audits regarding this verification as I do believe it is relevant to our discussion here in this Working Group. Listed below are a non-exhaustive list of Registry Operators that involve some level of accuracy /registrant vetting beyond just email and phone accuracy (syntactical and operational) as part of their registry operations: 1. From the original 2001 proof of concept round, .AERO was one of the first TLD that required the process of registrant data prior to being able to obtain a gTLD domain name registration. If you look at the current .AERO registration website you will see the following requirement: Obtain your .aero ID, prior to registration of your chosen domain name through a .aero authorised registrar, this unique validity process screens potential domain registrants thus ensuring the integrity and the exclusivity of the .aero domain. See https://information.aero/registration and https://information.aero/node/add/request-aero-id 2. From the 2004 Sponsored round perhaps the best example was .XXX which made the following representations: 5.0 PREVENTING ABUSIVE REGISTRATIONS The Registry will authenticate members of the Sponsored Community, as part of the name registration process. As part of this process, the Registry will validate contact information for the Registrant, secure the Registrant's affirmative consent to the Registry-Registrant Agreement, and issue unique Membership Credentials. The Membership Application Process must be completed before a domain name is permitted to resolve in the TLD. See https://www.icmregistry.com/about/policies/launch/#general_aval 3. fTLD submitted an approved RSEP to ICANN for the processing of Registrant information prior to registration. The name of this RSEP is Dynamic Registration Verification and is available here, see https://www.icann.org/en/system/files/files/rsep-2017039-bank-et-al-request- 11dec17-en.pdf This webpage shows the information that fTLD collects from prospective registrants as part of their verification process, see https://www.register.bank/get-started/ 4. NABP, the Registry Operator of .PHARMACY, has also vetted prospective registrants as part of its registration process, see https://nabp.pharmacy/programs/accreditations-inspections/dotpharmacy/#apply 5. In addition, every .BRAND Registry Operator has a requirement to limit registrations in that TLD to either the Brand owner or "Trademark Licensee" so this would be a further example of where a Registry Operator is processing data about a Registrant (e.g. Trademark Licensee) that may or may not appear in the Whois/RDDS output. 6. There are also numerous RSEPs filed by Registry Operators seeking "Registration Validation" which clearly go above just syntactical and operational validation, e.g. Chinese Real Name Verification. I hope this removes any ambiguity as to the events of Nov 4th. If, however, the RySG and RrSG maintain their objection we will revisit prior to our GAP analysis discussion as noted above. Best regards, Michael From: Lori Schulman <lschulman@inta.org <mailto:lschulman@inta.org> > Sent: Tuesday, November 30, 2021 1:06 PM To: Sarah Wyld <swyld@tucows.com <mailto:swyld@tucows.com> >; michael@palage.com <mailto:michael@palage.com> ; gnso-accuracy-st@icann.org <mailto:gnso-accuracy-st@icann.org> Subject: RE: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hi, The changes were definitely tracked. I was under the impression that we agreed to those changes. If so, then they should be reinserted as a compromise that we can live with for the purposes of the scoping exercise. Any binding definitions will be negotiated by the eventual PDP. With kind regards, Lori S. Schulman Senior Director, Internet Policy International Trademark Association (INTA) +1-202-704-0408 <tel:+1-202-704-0408> , Skype: LSSchulman lschulman@inta.org <mailto:lschulman@inta.org> , www.inta.org <blocked::http://www.inta.org> From: GNSO-Accuracy-ST <gnso-accuracy-st-bounces@icann.org <mailto:gnso-accuracy-st-bounces@icann.org> > On Behalf Of Sarah Wyld Sent: Monday, November 29, 2021 3:27 PM To: michael@palage.com <mailto:michael@palage.com> ; gnso-accuracy-st@icann.org <mailto:gnso-accuracy-st@icann.org> Subject: Re: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hi team, I (of course) can't speak for the registries or answer this question, but I do want to say, I'm glad the text in the screenshot was not updated. The definition in that section of the document should remain as we had proposed it back on Oct 29, and any changes should be tracked elsewhere. Maybe that's why the changes were removed? See you tomorrow, thanks! Sarah -- Sarah Wyld, CIPP/E Policy & Privacy Manager Pronouns: she/they <mailto:swyld@tucows.com> swyld@tucows.com +1.416 535 0123 Ext. 1392 From: <mailto:michael@palage.com> Michael Palage Sent: November 26, 2021 12:02 PM To: <mailto:gnso-accuracy-st@icann.org> gnso-accuracy-st@icann.org Subject: [GNSO-Accuracy-ST] Update - Working Accuracy Contractual Construct/ Definition Hello All, For those colleagues that celebrated the Thanksgiving holiday yesterday, I hope you had an enjoyable time with your family and friends and did not eat too much. I would also like to thanks those team members that showed up for our brief Administrative Call yesterday. In preparing for the call yesterday I noted some of the new additions added by the RySG to the questions for ICANN staff. Thank you for these additions Roger. This flagged a previous issue which I had raised with our ICANN colleagues last weekend and it involves the current working contractual construct / definition. In the RySG questions they cited to the proposed RrSG accuracy "definition" (aka contractual construct): "Accuracy shall be strictly defined as syntactical accuracy of the registration data elements provided by the Registered Name Holder as well as the operational accuracy of either the telephone number or the email address." Last week when I was looking for the latest and greatest contractual construct/definition I noted that there was a technical glitch when reviewing the Zoom recording which I will summarize below. If you go to the Zoom recording from the Nov 4th call you will see that the red lined version of the contractual construct/definition which was agreed to during the call and which is reflected below. However, at the conclusion of the call as we were wrapping up the session, these edits were lost Therefore, I would like clarification from the RySG do they wish to cite the group's current working contractual construct/definition that was agreed to during the Nov 4th call, or do they intend to cite to the RrSG pre November 4th call contractual construct/definition? I know these technical glitches, e.g. delta in Google Doc, Alan receiving emails, and the unavailability email archives makes things a little more challenging. However, I know our ICANN colleagues are working on the email issues, and I am sure we will be able to achieve most of our work asynchronously if we put our minds to it. Best regards, Michael _____ The contents of this email and any attachments are confidential to the intended recipient. They may not be disclosed, used by or copied in any way by anyone other than the intended recipient. If you have received this message in error, please return it to the sender (deleting the body of the email and attachments in your reply) and immediately and permanently delete it. Please note that Com Laude Group Limited (the "Com Laude Group") does not accept any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments. The Com Laude Group does not accept liability for statements which are clearly the sender's own and not made on behalf of the group or one of its member entities. The Com Laude Group is a limited company registered in England and Wales with company number 10689074 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England. The Com Laude Group includes Nom-IQ Limited t/a Com Laude, a company registered in England and Wales with company number 5047655 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Valideus Limited, a company registered in England and Wales with company number 6181291 and registered office at 28-30 Little Russell Street, London, WC1A 2HN England; Demys Limited, a company registered in Scotland with company number SC197176 and registered office at 15 William Street, South West Lane, Edinburgh, EH3 7LL Scotland; Consonum, Inc. dba Com Laude USA and Valideus USA, a corporation incorporated in the State of Washington and principal office address at Suite 332, Securities Building, 1904 Third Ave, Seattle, WA 98101; Com Laude (Japan) Corporation, a company registered in Japan with company number 0100-01-190853 and registered office at 1-3-21 Shinkawa, Chuo-ku, Tokyo, 104-0033, Japan; Com Laude Domain ESP S.L.U., a company registered in Spain and registered office address at Calle Barcas 2, 2, Valencia, 46002, Spain. For further information see www.comlaude.com <https://comlaude.com>