FW: Information regarding Data Escrow
Registrars: The following is an e-mail message from Kurt Pritz regarding ICANN's data escrow program. It appears that ICANN staff has selected Iron Mountain as the ICANN preferred provider pending final comments and a contract. Because a division of Iron Mountain actually is an accredited registrar, it has supplied -- at ICANN's request -- the attached document that shows how it proposes to address any conflicts of interest concerns. I should note that we all have a choice of whether to use the ICANN provider (at ICANN's expense) or select an escrow provider of our choosing (at our expense) that is approved by ICANN. Please provide any comments to the list or directly to Kurt or Mike Zupke. Thanks. Jon -----Original Message----- From: Kurt Pritz [mailto:pritz@icann.org] Sent: Wednesday, August 08, 2007 6:58 PM To: Nevett, Jonathon Cc: Mike Zupke; Tim Cole Subject: Information regarding Data Escrow Jon: In response to discussions with the Registrar Constituency regarding data escrow services, please provide the attached document to the constituency members for their review and information. After analysis of seven responses to an RFP for the provision of data escrow services, Iron Mountain has emerged as the most suitable candidate. There were other competent proposals but, balancing the criteria provided in the RFP, ICANN has begun negotiations with Iron Mountain. Other candidates have been informed that the process is not yet closed but these negotiations have started. ICANN understood concerns voiced in the RC meeting regarding selection of an accredited registrar for this task. Given those concerns (and in accordance with best practices anyway) we set out to understand all potential conflicts of interest that might exist for Iron Mountain. ICANN sent, and Iron Mountain returned for distribution to the constituency, the attached questionnaire. We think the responses are open and frank. We also believe that these responses, the fact that Iron Mountain presently escrows some registrar data, and the fact that Iron Mountain's business model is predicated on the trust that confidential data will not be compromised demonstrate its suitability as a potential service provider. We understand that some registrars may opt for a different provider for various reasons but hope that those who make that choice understand that this appears now to be the best selection for ICANN at this time. I hope this is helpful. If there are questions or comments from constituency members, please have them forwarded directly to Mike Zupke or me. As an aside, you will also notice a second section to the questionnaire regarding contingency, disaster and failure planning. We added this because it was thought that the original RFP did not solicit sufficient information in this regard. Kurt Pritz ICANN 4676 Admiralty Way, #330 Marina del Rey. CA 90292 +1.310.301.5809 (office) +1.310.400.4184 (mobile)
Dear Fellows: After read the atached letter for me its clear that there is a HUGE conflict of interest. An ICANN accredited Registrar to escrow other Registrars ? No, sorry. Even with a very specific confidentiality contract and policy... we might opt for a diff provider... Could you redirect this email to Mike cc Kurt? Are the other proposals so weak ??? Best Regards, Ricardo Vaz Monteiro Nomer.com -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org]On Behalf Of Nevett, Jonathon Sent: quinta-feira, 9 de agosto de 2007 11:12 To: Registrars Constituency Subject: [registrars] FW: Information regarding Data Escrow Registrars: The following is an e-mail message from Kurt Pritz regarding ICANN's data escrow program. It appears that ICANN staff has selected Iron Mountain as the ICANN preferred provider pending final comments and a contract. Because a division of Iron Mountain actually is an accredited registrar, it has supplied -- at ICANN's request -- the attached document that shows how it proposes to address any conflicts of interest concerns. I should note that we all have a choice of whether to use the ICANN provider (at ICANN's expense) or select an escrow provider of our choosing (at our expense) that is approved by ICANN. Please provide any comments to the list or directly to Kurt or Mike Zupke. Thanks. Jon -----Original Message----- From: Kurt Pritz [mailto:pritz@icann.org] Sent: Wednesday, August 08, 2007 6:58 PM To: Nevett, Jonathon Cc: Mike Zupke; Tim Cole Subject: Information regarding Data Escrow Jon: In response to discussions with the Registrar Constituency regarding data escrow services, please provide the attached document to the constituency members for their review and information. After analysis of seven responses to an RFP for the provision of data escrow services, Iron Mountain has emerged as the most suitable candidate. There were other competent proposals but, balancing the criteria provided in the RFP, ICANN has begun negotiations with Iron Mountain. Other candidates have been informed that the process is not yet closed but these negotiations have started. ICANN understood concerns voiced in the RC meeting regarding selection of an accredited registrar for this task. Given those concerns (and in accordance with best practices anyway) we set out to understand all potential conflicts of interest that might exist for Iron Mountain. ICANN sent, and Iron Mountain returned for distribution to the constituency, the attached questionnaire. We think the responses are open and frank. We also believe that these responses, the fact that Iron Mountain presently escrows some registrar data, and the fact that Iron Mountain's business model is predicated on the trust that confidential data will not be compromised demonstrate its suitability as a potential service provider. We understand that some registrars may opt for a different provider for various reasons but hope that those who make that choice understand that this appears now to be the best selection for ICANN at this time. I hope this is helpful. If there are questions or comments from constituency members, please have them forwarded directly to Mike Zupke or me. As an aside, you will also notice a second section to the questionnaire regarding contingency, disaster and failure planning. We added this because it was thought that the original RFP did not solicit sufficient information in this regard. Kurt Pritz ICANN 4676 Admiralty Way, #330 Marina del Rey. CA 90292 +1.310.301.5809 (office) +1.310.400.4184 (mobile)
Forwarded Response from Kurt Pritz: Ricardo, Thank you for your message. Some other registrars raised this same sort of general concern when ICANN initially discussed potential candidates, some of whom are registrars. Most of these general concerns were alleviated when Iron Mountain emerged as the potential provider. The reasons why the concerns of other registrars were alleviated are described below. Please understand that Iron Mountain completed this questionnaire and we undertook this registrar feedback process precisely to identify and mitigate potential risks Iron Mountain could pose due to possible conflicts of interest. (It is also worth noting that the conflicts questionnaire was drafted through a collaborative process involving multiple registrars.) As background, ICANN solicited proposals to operate the Registrar Data Escrow (RDE) service through a competitive Request for Proposals (RFP) and selected a provider based on all criteria, not just one factor, such as technical competence, reputation, accreditation status, and price. In reviewing all proposals received, Iron Mountain presented the most comprehensive solution, and will provide the most secure and competent RDE service to registrars. Bear in mind that the RDE service will not be simple by any measure. For example, ICANN's RDE provider will be required to store up to 25 terabytes per year, dedicate substantial bandwidth to receiving data, coordinate the on-boarding efforts of roughly 900 registrars in under six months, and provide detailed reporting to ICANN for compliance testing. We learned through our RFP process that this is not a service that most existing data storage providers can provide, particularly with the robust level of support that will be required. ICANN's first priority is that the RDE program/service be accomplished securely and competently. This means, locating the best-qualified service provider. While we obviously would not select an otherwise qualified provider whom we felt could not be trusted due to conflicts or other risks, we are assured that the processes described and proposed measures to be taken by Iron Mountain adequately address many of the risks posed by their selection. Through negotiation of a contract, Iron Mountain will make the necessary warranties to ensure registrar data is not misused. The possibility that ICANN could retain an accredited registrar to provide RDE services was raised, generally, at the ICANN meeting in San Juan. Interestingly, in surveying several registrars about Iron Mountain specifically, most, if not all, indicated Iron Mountain would be an acceptable RDE provider, despite its operation of domain name-related businesses. In fact, more than one of the registrars surveyed indicated that they are already Iron Mountain data-storage customers. In talking to registrars, one of the key distinctions made between Iron Mountain and other, more traditionally retail-facing registrars is that Iron Mountain's primary business is "trust." Iron Mountain has, for over fifty years, provided secure document (and later data) storage and escrow services to thousands of people, businesses, and government customers. Like the registrars we spoke to, we do not believe Iron Mountain would sacrifice its reputation and primary line of business in order to gain a competitive advantage in the domain name marketplace. This is obviously a very critical moment for ICANN and the greater internet community. We have now the opportunity to operationalize the RDE service and put into place this secondary layer of security for registrants and all users of the DNS. While we appreciate that not every registrar may find ICANN's selection of an RDE provider to be optimal, our goal is to choose the provider that will most effectively and securely carry out our mission to protect registrants and other stakeholders through the RDE program. While I hope that you find that this information relieves your concerns, your registrar has the right to opt-out by selecting a different, third-party escrow agent no matter who is ultimately selected as the ICANN provider. Thanks in advance for reading and considering this information. Please feel free to write me directly with additional questions you might have. Please also be assured that your opinion will be carefully considered in the decision-making process. Thanks again for your feedback. Best, Kurt Pritz ICANN 4676 Admiralty Way, #330 Marina del Rey. CA 90292 -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of ricardo@nomer.com.br Sent: Thursday, August 09, 2007 8:33 AM To: Registrars Constituency; Nevett, Jonathon Cc: Tim Cole Subject: RE: [registrars] FW: Information regarding Data Escrow Importance: High Dear Fellows: After read the atached letter for me its clear that there is a HUGE conflict of interest. An ICANN accredited Registrar to escrow other Registrars ? No, sorry. Even with a very specific confidentiality contract and policy... we might opt for a diff provider... Could you redirect this email to Mike cc Kurt? Are the other proposals so weak ??? Best Regards, Ricardo Vaz Monteiro Nomer.com
participants (3)
-
Nevett, Jonathon -
ricardo@nomer.com.br -
Tim Cole