Folks, Some interesting data is coming out of the RAP working group. Here's an interesting sample. ------------------------ ICANN sent eleven (11) escalated compliance notices (e.g. notices of breach, termination or non-renewal) to registrars for failure to comply with Whois provisions of the Registrar Accreditation Agreement. This information is published on the Contractual Compliance website at http://www.icann.org/en/compliance/. For your convenience, please see the links below for detailed information regarding the escalated compliance notices sent. Notices of Breach, Termination and Non-Renewal 19 November 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-dicker-19nov09-en.pdf> (Domain Jingles, Inc.) 9 October 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-bahlitzanakis-09oct09-en.pdf> (BP Holdings Group, Inc. dba IS.COM) 8 October 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-bahlitzanakis-08oct09-en.pdf> (CodyCorp) 11 September 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-sundin-11sep09-en.pdf> (Red Register, Inc.) 30 July 2009: ICANN Notice of Non-Renewal of RAA <http://www.icann.org/correspondence/burnette-to-friedman-30jul09-en.pdf> (South America Domains Ltd. dba namefrog.com) 9 April 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-valdes-09apr09-en.pdf> (Parava Networks, Inc. dba 10-Domains.com) 8 April 2009: ICANN Sends Notice of Termination to Registrar <http://www.icann.org/correspondence/burnette-to-bordes-08apr09-en.pdf> (DropLimited.com, Inc.) 27 February 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-valdes-27feb09-en.pdf> (Parava Networks, Inc.) 4 February 2009: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-bordes-04feb09-en.pdf> (DropLimited.com, Inc.) 30 September 2008: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-hu-30sep08-en.pdf> (Beijing Innovative Linkage Technology) 30 September 2008: ICANN Sends Notice of Breach to Registrar <http://www.icann.org/correspondence/burnette-to-legenhausen-30sep08-en.pdf> (CSL Computer Service Langenbach GmbH) -----Original Message-----

From: Garth Bruen at KnujOn <gbruen@knujon.com> Sent: Dec 13, 2009 11:08 PM To: na-discuss@atlarge-lists.icann.org Subject: [NA-Discuss] Online Drug Traffic and Registrar Policy

NARALO Folks,

Last month I published an article called "What's Driving Spam and Domain Fraud? Illicit Drug Traffic”(http://www.circleid.com/posts/20091119_whats_driving_spam_and_domain_fraud_i...) which explained how the many of the troublesome online crime issues are related to the online sale of narcotics and dodgy pharmaceuticals. Since this article was published we have witnessed one of the largest international law enforcement efforts against online drug traffic (Operation Pangea II) which included domain terminations requests to many Registrars, most of whom complied immediately without any court orders. Pharmacists and traffickers were also targeted with great success.

The Internet is a tool for criminals and part of a large functional structure for moving cash and illegal products. Most critical in the architecture of the global drug trade is the need for core domains to accept orders, process transactions, and operate as name servers to an illicit network. Clearly, the Registrars cannot be expected to monitor the content of all their domains (nor should they anyway), literally millions of domains sometimes. This is why Registrars need to work with the concerned public and the dutiful abuse handling community. However, when Registrars reject this assistance they show their hand and display their tacit, or possibly active, support for this illicit traffic. However, Registrars will cite the possibility of lawsuits as their reluctance to terminate domain names and many Registrars have been criticized for wrongfully terminating domains.

So what will save the Registrars from criminal infestation, law enforcement looking into their business, spam complaints, ICANN notices and law suits? Good policy. And the best policy is one implemented voluntarily and with clarity. No policy is bad policy, and no policy is what Registrars have been operating under for quite some time. The result is rampant online drug traffic that already lead to some Registrars downfall.

As a bright and shining example, GoDaddy recently updated its Terms of Use (TOS) to include the following language:

"Go Daddy may also cancel Your use of the Services...if You are using the Services [for]...activities associated with the sale or distribution of prescription medication without a valid prescription." (http://www.godaddy.com/gdshop/legal_agreements/show_doc.asp)

This is one of the smartest moves I have seen from a Registrar in terms of cybercrime and they should be lauded for it. Every Registrar should make this language part of their TOS as a way of curbing fraud, spam, and intellectual property infringements within their space while at the same time indemnifying themselves. This action by Godaddy is a natural evolution from last year's joint declaration by Directi, HostExploit and KnujOn to stop the fake pharmacy menace. As we move from problem identification, problem definition, policy development to policy testing and policy enforcement process development we're heading the right direction. Other Registrars that hold a significant portion of the illicit pharmacy problem have clear choice: join in with the positive policy shift of risk investigations later.

We can already see the success of this as the pill-pushing spammers are complaining about the mass shutdowns at Godaddy:

"I've heard rumours lately that godaddy have started to suspend all rx sites since this week.. Anyone lost their domains lately with godaddy?" (http://rxaffiliateforum.com/showthread.php?p=38891#post38891)

Good, sound policy will provide the Registrars and their critics with a way to address this problem. Criminals need access to domain names as a resource and the Registrars are in a position to deny that access in a way that does not infringe on free speech or the flow of normal legal commerce.

More to come!

-Garth

http://www.circleid.com/posts/20091211_online_drug_traffic_and_registrar_pol...

------------------------------------- Collect, analyze, enforce, repeat...

Garth Bruen gbruen@knujon.com http://www.knujon.com http://www.linkedin.com/pub/4/149/724 Linkedin Group: http://www.linkedin.com/groups?gid=1870205 Blog: http://www.circleid.com/members/3296/ Twitter: @Knujon

------ NA-Discuss mailing list NA-Discuss@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.ica...

Visit the NARALO online at http://www.naralo.org ------