Hi RDA Small Team Members, During today’s meeting, Support Staff took an action item to provide additional context on Recommendation CC.1 from the RDS Whois 2 Review Team. The following text comes from pp. 118-119 of the Final Report<https://www.icann.org/en/system/files/files/rds-whois2-review-03sep19-en.pdf> and provides, Recommendation CC.1 The ICANN Board should initiate action intended to ensure that gTLD domain names suspended due to RDS (WHOIS) contact data which the registrar knows to be incorrect, and that remains incorrect until the registration is due for deletion, should be treated as follows: (1) The RDS (WHOIS) record should include a notation that the domain name is suspended due to incorrect data; and (2) Domain names with this notation should not be unsuspended without correcting the data. Findings: As detailed in Section 8.2.1 (e), currently, when a domain name is suspended for inaccurate information the false information remains in the record. The information in the record may belong to another person or entity so the inaccurate information remaining in the record continues the act of identity theft. At the very least, this remaining information is misleading. Rationale: Ensure that inaccurate information does not remain in the record and if identity theft has occurred the person or entity doesn’t continue to be impacted. Currently, a record’s inaccurate information can cause confusion and harm, especially if it is an act of identity theft. Inaccurate identity and contact information is often used in the registration data for registrations that are perpetrating DNS abuse. Eliminating the use of inaccurate data in any suspended domain name will add to the security and stability of the DNS. Inaccurate information would no longer be found lingering in the registrant data. This would not be difficult to implement a new policy that registrars would follow when suspending a domain name. Impact of Recommendation: Successful implementation would result in new statuses in the domain name registration record that indicated the domain name was suspended due to inaccurate information. The inaccurate information would be redacted. No related work is currently underway. This recommendation should result in a PDP created immediately upon approval by Board. If this recommendation is not implemented, inaccurate registrant data will continue to be displayed, authorized for inclusion in registrant data and continue to contribute to identity theft. This recommendation is aligned with ICANN’s Strategic Plan and Mission and is within the scope of the review team. Feasibility of Recommendation: Agreed upon language could be added into the RDS (WHOIS) record to clearly indicate status of the domain name. This implementation would involve the community to create the policy, ICANN organization to implement it, and the ICANN Contractual Compliance team to enforce it. Priority: High. Level of Consensus: Full Consensus. -- With apologies to Sam and Greg, there are references to statuses in the impact section of the recommendation – sorry about that! We hope this information is helpful. Best regards, Feodora and Caitlin From: Caitlin Tubergen via Gnso-rda-smallteam <gnso-rda-smallteam@icann.org> Reply-To: Caitlin Tubergen <caitlin.tubergen@icann.org> Date: Thursday, May 29, 2025 at 1:37 PM To: "gnso-rda-smallteam@icann.org" <gnso-rda-smallteam@icann.org> Subject: [Gnso-rda-smallteam] Notes and action items - Council Accuracy Small Team Meeting #3 - 29 May 2025 Dear RDA Small Team Members, Below, please find the notes and action items below from today’s Council Accuracy Small Team meeting. Thank you. Best regards, Feodora and Caitlin -- Council Accuracy Small Team Meeting #3 Thursday, 29 May, 13:00 UTC Action Items: 1. Small Team Members to continue considering and socializing the three “golden nuggets” in preparation for updates to the GAC and GNSO Council at ICANN83. Updated Golden Nuggets: 🟡 The recent INFERMAL study reported that validation/verification of contact details before or during the registration process resulted in a 70% decrease in malicious registrations. The current 2023 RAA requires validation and verification within 15 days. This golden nugget looks at potentially shortening that timeline of 15 days. Note: this does NOT involve identify verification, but rather shortening the timeframe the verification and validation that is already required under the 2023 RAA. 🟡 Creation of clear and user-friendly educational tools before, during, and after domain name registration to assist registrants in understanding the (i) importance of providing and maintaining accurate registration data through the lifecycle of their domain name(s), (ii) how their data is protected, and (iii) the consequences of providing inaccurate data or not verifying email/phone under the required timeline. The educational tools could, for example, include pop-ups during the registration process. 🟡 Recommendation CC.1 remains outstanding and recommends including a notation in the RDDS record that the domain name is suspended due to incorrect data and that domain names with this notation should not be unsuspended until the data is corrected. The GNSO Council committed to including this in future policy work, and the Small Team agrees that this could be the subject of future policy work, noting, however, that how this notation is done may require further discussion and/or involve another group like the IETF. 1. Leadership and Support Staff to draft preliminary recommendations based on the above golden nuggets to assist the Small Team in its review. (Note: these are very preliminary, and the Small Team is invited to edit.) 2. Leadership and Support Staff to work on draft talking points for the GAC and Council updates, which will be circulated to the small team when available. 3. Support Staff to provide additional context on the history of Rec. CC.1 and the rationale for its recommendation. Notes: 1. Welcome (5 min) 2. Reminder of Golden Nuggets + Current Contractual Requirements (30 min) - Reminder of the Venn diagram, or “three-ring circus”, which endeavors to show high-level areas of agreement and divergence in the responses to the Council’s framing questions - Staff to change “incremental” improvements to “additional” improvements (complete) - This slide could be used during the update to the GAC and Council - Golden Nugget #1 (earlier timeline for existing validation/verification) - In terms of discussing accuracy, the RrSG provided feedback on the terminology, which may be helpful as the group discusses current requirements: · Fidelity - accurately collecting, storing, and disclosing data provided without error or omission. · Validation - format checks, city/postal code match · Verification - actually sending email, text, phone call or mail piece to confirm receipt. - Under the 2023 RAA, validation is looking at the format of the data, and verification an affirmative response from the registrant from phone or email. This is not about identity verification. - The registrar performs the validation, and the verification is a joint process b/w the registrar and registrant. - The RrSG is aligned with taking a closer look at validation and verification, but the answer may not be to conduct this earlier based on one study. However, the study raises good questions, and the RrSG is aligned that this could be a further area to explore. - This group is still very early in its process and has not reached any conclusions or recommendations yet. - NCSG is against identity verification in any form as accuracy is for the purposes of contactability. In saying that, there was not a strong objection to shortening the time to verify email address (from maybe 2 weeks to one week, for example). - NCSG also believes that proactive, user-friendly education that explains the implications of not verifying, for example, is very important. - The GAC has relayed that email verification should involve an email or SMS in response, confirming the email or SMS has been received. - Important to ensure the work we are doing does not conflict with NIS2. - Important to note that this is a starting point for what the group can get to consensus on to get the ball rolling forward; these agreements do not inhibit more changes in the future. - The group could potentially agree on items that could be worked on in a narrow PDP, or bilateral contractual amendments. This, however, does not preclude other work. - This work of this group should be jurisdiction agnostic. - Re: potentially shortening timeframe for validation/verification), the group has not yet agreed on proposed timing; this is still an idea to see if the group can get behind it. - Group seems to align on looking into this further, in conjunction with better user-friendly education of registrants. - Golden nugget #2 (increased education) - NCSG is concerned about traditional forms of education (like reading 100-page document); recommend, for example, crisp user-friendly pop-ups before, during, and after registration to raise awareness on why registrants should keep their registration data accurate and what could happen if they do not) - IPC will also likely support additional registrant education; this could be a good area of collaboration. - Group agrees this nugget should include addition around user-friendly educational materials, initiative, etc. - Golden nugget #3 (Notation in RDDS) - Not a strong pushback from the RrSG regarding this nugget, but in terms of understanding the recommendation, it would be helpful to understand thinking behind the recommendation and why this Review Team thought this would be beneficial. - Could the nugget include something like “fast-track” or “implement” this recommendation. - Does this CC.1 recommendation mean the notation will be in the domain name data the registrant has access to? - The recommendation is recommending a notation in the public RDDS. This may, for example, involve the creation of a new EPP status code because this does not currently exist. Important to understand that this would likely need to be uniform and does not involve putting a text line in RDDS. It may involve IETF. 1. Next Steps + Homework (10 min) * Small Team Members to continue considering and socializing the three “golden nuggets” in preparation for updates to the GAC and GNSO Council at ICANN83. * Leadership and Support Staff to draft preliminary recommendations based on the above golden nuggets to assist the Small Team in its review. (Note: these are very preliminary, and the Small Team is invited to edit.) * Leadership and Support Staff to work on draft talking points for the GAC and Council updates, which will be circulated to the small team when available. * Support Staff to provide additional context on the history of Rec. CC.1 and the rationale for its recommendation. 1. AOB (5 min)