FYI. Carlton =============================================================================== Date: Mon, 19 Jul 2010 08:02:36 -0700 From: "Garth Bruen at KnujOn" <gbruen@knujon.com> To: na-discuss@atlarge-lists.icann.org Subject: [NA-Discuss] David Giza and Round up of WHOIS issues to be addressed Folks, I was really hoping to push forward on this with David Giza?s input. His departure may signal a set-back but I?m hoping this is not the case. While I?m determined to get these issues addressed I am open to suggestions as to how to get ICANN compliance moving again on them. In general I think it is imperative that ICANN disclose what happened here with Giza. There are rumors circulating that David was pushed out for saying he didn?t have enough staff or for actually doing his job and enforcing the RAA. If this is true, it represents a serious breach of trust with the community and an undeserved turn for someone trying to do the right thing. But to continue, there are a number of WHOIS-related problems that need addressing, but I?ll start with immediate ones brought up in Brussels and situations that have surfaced recently. -Info and utility for At-Large Members: I promised to post a utility and WHOIS address list for all Registrars and all ccTLDs, but I want the list to be as complete as possible before sending it out, and also to supply a location for updates. The remaining Registrars who wont disclose their Port 43 address are delaying the final list, but I?ll get all the information soon. -Unresponsive Registrars As noted above, there are many Registrars who would not disclose their Port 43 address. Some have supplied it after we published our report, but others remain silent. One Registrar is grumbling that he may sue us to get us to stop asking: http://forum.icann.org/lists/gnso-vi-feb10/msg02490.html But the question is: what to do here? Is there any recourse against a Registrar who wont answer questions about their contracted obligations? They may claim the RAA requires them to have a Port 43 address but does not require them to tell anyone. -Problem Port 43 ICANN compliance is not being equal in its dispensing of breach notices. There are Registrars with poor WHOIS access that have not been notified, while others in jeopardy of loosing their accreditation may have better access records. -?Domain Check? As noted, many Registrars do not have a full WHOIS on their website, but rather a look up that merely tells you if the domain is taken, not who owns it. I will ask compliance about these one more time before filing individual complaints against each. -Bulk Purchases of WHOIS, what?s the story? There is much confusion here that needs to be sorted out by compliance. As part of our research we asked the 5 largest Registrars about accessing WHOIS in bulk as required by RAA 3.3.6. eNom, Dotster, and Moniker/Oversee/Snapnames did not respond at all to the request. NameScout said they did not offer the service. Network Solutions also said they did sell access, and then posted publicly that they were not required to (http://www.circleid.com/posts/who_is_blocking_whois_part_2/), which was then quickly retracted, but the main question goes unanswered. -AIT?s Hidden WHOIS Another question that is emerging is the way WHOIS is accessed. In one example AIT ?has? a web WHOIS but finding it is a challenge. On their main page they have a ?domain lookup? which will tell you if the domain is taken. If you happen to accidentally click on the little red star next to the domain name it will launch a CAPTCHA window, and once you enter the code correctly it will present the WHOIS data. But is this really compliant? -Registrar Complaint Process Unlike the WDPRS system, the complaint interface (http://reports.internic.net/cgi/registrars/problem-report.cgi) for filing a complaint against a Registrar has no ticket, no confirmation email, no time-frame, no feedback, and no official resolution from compliance staff. In fact, to view the brief overview of the process: http://www.icann.org/en/compliance/compliance-flowchart.htm, one will see there is no space for responding to the complainant. The first step in the process is ?Investigation or Dismissal? but no where is there feedback for the user as to why the complaint would be dismissed. We have, in fact, never received a response for a complaint filed through this interface. -Garth ------------------------------------- What is the Doomsday Book? http://knujon.com/doomsday Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724 Linkedin Group: http://www.linkedin.com/groups?gid=1870205 Blog: http://www.circleid.com/members/3296/ Twitter: @Knujon ----------------------------------------------------------------------------------------------------------- Date: Mon, 19 Jul 2010 12:03:56 -0400 From: Evan Leibovitch <evan@telly.org> To: Garth Bruen at KnujOn <gbruen@knujon.com> Cc: na-discuss@atlarge-lists.icann.org Subject: Re: [NA-Discuss] David Giza and Round up of WHOIS issues to be addressed Hi Garth, On 19 July 2010 11:02, Garth Bruen at KnujOn <gbruen@knujon.com> wrote:
I was really hoping to push forward on this with David Giza?s input. His departure may signal a set-back but I?m hoping this is not the case. While I?m determined to get these issues addressed I am open to suggestions as
to
how to get ICANN compliance moving again on them.
Engagement with current staff and pressure at the Board level may be the only way we can persist on this. Obviously with staff movement the newcomers will require time to come to speed, and that is time lost in our attempts to resolve these issues.
In general I think it is imperative that ICANN disclose what happened here with Giza. There are rumors circulating that David was pushed out for saying he didn?t have enough staff or for actually doing his job and enforcing the RAA. If this is true, it represents a serious breach of trust with the community and an undeserved turn for someone trying to do the right thing.
ICANN is at its most opaque (and that's a high bar) on personnel issues of any kind. Part of the reason At-Large has so much trouble knowing its budget is because so much of our budget is support staff costs and ICANN seems loathe to give us any idea what the staff expenses really are (lest the community dare to think it might have a better idea than senior staff of how to allocate resources). Unfortunately, this is one area -- coming clean on the backstory to a staff departure -- in which we will never be told the real goings-on unless David goes public himself. There is some precedent -- Kieren McCarthy has arguably offered more insight as an ex-employee than while working at ICANN. But that has been the exception.
-Info and utility for At-Large Members:
I promised to post a utility and WHOIS address list for all Registrars and all ccTLDs, but I want the list to be as complete as possible before sending it out, and also to supply a location for updates. The remaining Registrars who wont disclose their Port 43 address are delaying the final list, but I?ll get all the information soon.
You could always put out an interim list with "pending" located where the yet-to-be-collected info is supposed to go.
-Unresponsive Registrars
As noted above, there are many Registrars who would not disclose their Port 43 address. Some have supplied it after we published our report, but others remain silent. One Registrar is grumbling that he may sue us to get us to stop asking: http://forum.icann.org/lists/gnso-vi-feb10/msg02490.html
In the chat referenced, there's an insinuation claiming you use "sloppy research methods". I'd like to get that allegation investigated. Is there anything constructive this guy Volker can offer? Or does he think that "sloppy" means anything that produces results he doesn't like?
But the question is: what to do here? Is there any recourse against a Registrar who wont answer questions about their contracted obligations? They may claim the RAA requires them to have a Port 43 address but does not require them to tell anyone.
That is a flaw in the RAA and indeed worth taking up with ICANN. This is *abosolutely* an accountability/transparency issue. -AIT?s Hidden WHOIS
Another question that is emerging is the way WHOIS is accessed. In one example AIT ?has? a web WHOIS but finding it is a challenge. On their main page they have a ?domain lookup? which will tell you if the domain is taken. If you happen to accidentally click on the little red star next to the domain name it will launch a CAPTCHA window, and once you enter the code correctly it will present the WHOIS data. But is this really compliant?
IMO, if the CAPTCHA is legit then I would suggest this is OK. It's reasonable that someone would not want bits vacuuming that data as a matter of course. At very least they could argue that it's a bandwidth issue (the claim could be BS, but it's superficially legit).
-Registrar Complaint Process
Unlike the WDPRS system, the complaint interface (http://reports.internic.net/cgi/registrars/problem-report.cgi) for filing a complaint against a Registrar has no ticket, no confirmation email, no time-frame, no feedback, and no official resolution from compliance staff. In fact, to view the brief overview of the process: http://www.icann.org/en/compliance/compliance-flowchart.htm, one will see there is no space for responding to the complainant. The first step in the process is ?Investigation or Dismissal? but no where is there feedback for the user as to why the complaint would be dismissed. We have, in fact, never received a response for a complaint filed through this interface.
Also an A&T issue. I'm really looking forward to seeing you on that commitee. - Evan ------------------------------ Message: 4 Date: Mon, 19 Jul 2010 09:07:24 -0700 From: "Garth Bruen at KnujOn" <gbruen@knujon.com> To: "Evan Leibovitch" <evan@telly.org> Cc: na-discuss@atlarge-lists.icann.org Subject: Re: [NA-Discuss] David Giza and Round up of WHOIS issues to be addressed Thanks for the comments