Hi Susan,

just a few notes and points:

3.2.1.1 - Analysis, second paragraph: In my operative experience, the main reason for the cancellation or suspension of a domain name after receiving an inaccuracy complaint is nowhere near as nefarious as the subgroup assumed, but rather the fact that the registrant did not respond to the request of the registrar to either confirm or update his data. This can be due to the contact data on file being outdated, a reseller failing to forward the inquiry, the registrant failing to respond (mail ignored/seen as spam/overlooked/mailbox not main mailbox/etc) and things like that. As the RAA states unequivocally that a non-response within a certain time and as we do not have the time and ressources to chase after each such registrant, this usually causes: first the deactivation, then a call from an irate customer and then the re-instatement of the domain. Of course, many registrants do not even notice the deactivation, for example if the domain is parked or unused.

The sad fact of the matter is that this contractual requirement causes at least as much harm for the registrants as it does provide benefits for those interested in more accuracy.

I hope that we can update the analysis to move out of the realm of speculation and more into the realm of experience based evidence. And by that, I am not disputing that there are also cases where the record was intentionally false. But in my experience, these make up less than 10% of the cases I see.

As for the issues following from that earlier assumption: While the registrar has the ability to unsuspend at any time, ICANN compliance will follow up on such cases and demand the same type of evidence they would ask for in a case where the registrant updated his whois details. So i am not really sure this actually is an issue...

Second issue: I am not actually sure that there are more suspensions for abuse than for nonpayment for example. What data was used to determine that statement that "most of them (occur) for abusive activity"? Or is this speculation and assumptions again?
I also note that the statement that the inaccurate data is still visible in the WHOIS is outdated since last month ;-)

Third point: This should be already taken care of by the compliance follow-up that will follow any unsuspension.

The recommendation is problematic as this would effectively result in domain names without any data. I would prefer the "incorrect data" to remain in place as we do not know why the domain was suspended. Again, suspension usually just means someone did not reply in time. Also, suspensions can occur for a multitude of other reasons. Forcing a whois verification for a unsuspension after a bill is paid late for example seems unreasonable.

f) Grandfathered domains: Correction: The actual calendar date is irrelevant to whether a domain is considered grandfathered or not. Instead, only only relevant date is the effective date the sponsoring registrar signed on to the 2013 RAA. So the section would have to be reworded.
Obviously I also disagree with the conclusions drawn here, so I provide an alternative for those as well.

Suggestion:

40% of the WHOIS ARS domain names that are sampled for this program are grandfathered domain names that have not yet been subjected to the rigorous verification and validation requirements of 2013 RAA. The 2009 RAA neither required the collection and display of Registrant email address, postal address or phone number it not the validation or verification of the data. This applies to domain names registered prior to the date that the sponsoring registrar signed on to the 2013 RAA that have not since been transferred to a registrar that had at the time of the transfer signed on to the 2013 RAA and that did not have a change of RNH occur after such a time.

Analysis: If we assume the sample of ARS domain names of 40% grandfathered domain names then we can extrapolate (based on wrong assumption of what constutes a legacy domain name).

We have asked the compliance team to provide data on this statistics but they do not track this data.

Problems/Issues:

There are domain name registrations that currently do not comply with the current WHOIS format requirements and/or policy requirements as they were registered under contractual terms different to those required now and have since then not been updated in a meaningful way. In fact, the last registrar under the 2009 RAA is expected to switch from the 2009 to the 2013 RAA this year. The current process foresees a smooth and gradual transition of legacy domain names to the new requirements upon the occurrence of certain trigger events and it is expected that the number of such domain will gradually drop over time as they are deleted, get transferred between registrars or the RNH data gets updated. Further, as such domain names are usually significantly older domain names, the likelyhood of abusive registrations amongst them is significantly lower than for newly registered domain names. The WG therefore currently sees no need to suggest modifications to the transition process foreseen in the 2013 RAA.

3.2.1.3 For this section, I question the viability of this tool under GDPR. As bulk whois inquiries are now a thing of the past, it seems counter-intuitive to continue to provide a bulk complaint tool as the complainant has no way of knowing if the data of multiple domains is identical. We should discuss this point more.

3.2.1.4 Strike the last sentence in the first paragraph, or replace by:
Potential benefits of a more proactive approach to RDS inaccuracy should be investigate as better data quality is seen as beneficial to internet users.

Question: Do we have any indication about the investigative and financial ressources such a proactive approach would require? We should not make a recommendation that would result in an unreasonable increase in costs of the compliance function. So the recommendation should at a minimum also require a cost/benefit study prior to any expansion of the compliance function into this area. ICANN is strapped for cash as it is...

Open Questions:
This actually is not an open question. Work between ICANN and registrars on identifying a solution that meets the requirements of the RAA is ongoing. There is no compliance issue to this until the time that such a program becomes an actual contractual obligation.

4 Problem issues:
a) Problem, second paragrph, first sentence, replace by:

Registrars are contractually required by the 2013 Registrar Accreditation Agreement (RAA) to conduct verification and validation operations regarding registration data.

Recommendation #2:
I would actually support removing this recommendation entirely, as described above. Maybe we can add something that ICANN should monitor whether the soft transition process included in the 2013 RAA actually works as intended, e.g. the number of such domain names is gradually decreasing. Anyway, the statement that it has been a 5 year transition time is blatantly false and misleading, as detailed above, but I do not blame anyone for the misconception.
Such an undertaking as proposed would also be highly unfeasible as especially for these older registrations as the only contact between registrars and these customers often is their payment of the invoices. Having to reach out proactively to these customers without any indication of an issue will just lead to countless unjustified and problematic suspensions and angry customers.

Recommendation #3 should be changed as described above. I also do not get why the renewal reference is in there. Even suspended domains get renewed after all... Also note that a "suspension for incorrect data" may also occur under the current RAA requirements regardless of whether the whois is actually correct or incorrect as non-response already triggers suspension.

Recommendation 7:
I move to strike this in its entirety. This is based on so many errouneous assumptions and will result in so much additional work for contracted parties, it isn't even funny. I have argued this in previous mails, so I will leave it at that. This one has to go...

Recommendation8 is missing the feasibility section, which I think is key for this section. In itself it is a good idea, but the benefits must be weighed against the costs.

Apologies that this went longer than I originally intended, thanks for bearing with me,

Volker

Am 15.06.2018 um 15:18 schrieb Susan Kawaguchi:

Hello All,

I have updated the Compliance report for subgroup 4.

Please see attached.

Susan
_______________________________________________
RDS-WHOIS2-RT mailing list
RDS-WHOIS2-RT@icann.org
https://mm.icann.org/mailman/listinfo/rds-whois2-rt

--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems
www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net
www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems
www.twitter.com/key_systems

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.