Volker, regarding 4.7, it was discussed on today's plenary call and the Action Item out of the discussion was:

rec. 4.7: Susan and Lili to clarify rec 4.7 to indicate the audit would apply only in cases where there is a pattern of failure to validate as required by the RAA

I believe that this was in line with Michele's comment from the floor.

Alan

At 09/07/2018 11:47 AM, Volker Greimann wrote:

The reason why 4.7. is received in such an emotional way is because it is absolutely unworkable and it ties certain facts of doing business with penalties that will result in weeks of wasted man-hours. There is absolutely no feasible way of preventing inaccurate whois requests as a registrar, yet you propose that registrars receiving such complaints (which in no way has any indication on whether they are compliant with the RAA or not) should be targeted in one of the most onerous, wasteful and time-consuming processes ICANN compliance has to offer. The recommendation as it is written will rightfully cause this reaction in any registrar. It needs to go, quietly and peacefully.

As for Kathys comment, the contactibility of the registrant is being ensured by the verification requirement of either telephone number or email address in the whois as it required a protive response. It is therefore impossible to "just copy any public contact info crawling from the internet" and achieve the verification result as the registrar will shut down the domain after 15 days if no positive response to the verification request is received. As for the other data, it is correct that there only is a format check envisioned in the RAA and such databased can be (and in some cases are being) used to create compliant registrations, but there simply is no feasible way to stop that. It seems you are misunderstanding the intent of the differentiation between verification and validation. Verification means checking that the registrant is reachable through this contact; validation just checks if the data is formatted correctly, nothing more. Validated data does not guarantee that this data belongs to the registrant (or anyone at all), it is merely a sanity check to prevent blank or malformed data fields, which seems to have been an issue in the past. It thereby improves overall data quality, but not necessarily accuracy. Accuracy is improved only by the verification requirement.

Best,

Volker