RE: [registrars] FW: Information regarding Data Escrow
Larry, appreciate your concerns. 1) Most likely, yes. Escrowing the beneficial user data behind private/proxied registrations is not required under the currently proposed process. But two points about that. First, speaking just for Go Daddy, while there are a large number of our domain names registered through Domains by Proxy the majority are not. Second, Domains by Proxy is willing to escrow the beneficial user data but not likely under the standard Escrow agreement. So that will be discussed with ICANN and hopefully worked out soon. And after our experience with assuming the RegisterFly names, I hope other registrars who offer private/proxied registrations will consider it as well. 2) You're assuming that Iron Mountain is currently mining data? Our records show no evidence of that at all. I would suggest that before making any judgement you look closely at who Iron Mountain is how they've built their publicly traded company on a worldwide reputation of trust and security. Corp. Domain management is a small part of their overall business. It's hard to imagine them sacrificing that reputation for what little they might gain from data that is otherwise public anyway. 3) I doubt that ICANN can select a provider that all registrars will be 100% happy with. So there is no requirement to use ICANN's selected agent. Some are going to use their own agent regardless. Is Iron Mountain more of a risk just because they are accredited any more so than another agent who isn't? You may have a different answer to that than we do. Fortunately, we'll all have a choice. Bottom line, registrars are under fire right now due to recent events. We need to get this escrow thing figured out and implemented. If we delay with the idea that we need a process that 100% of us are 100% happy with it will never get done. Tim -------- Original Message -------- Subject: Re: [registrars] FW: Information regarding Data Escrow From: "DomainRegistry.com Inc. - Larry Erlich" <erlich@domainregistry.com> Date: Thu, August 16, 2007 10:39 pm To: Tim Ruiz <tim@godaddy.com> Cc: ricardo@nomer.com.br, cole@icann.org, registrars@gnso.icann.org, jnevett@networksolutions.com 1) So the escrowed data will show the privacy blocks that some registrars use instead of the actual owner information? (If so, what is the benefit of that exactly?) 2) There is a difference in my mind between mining public data and having what amounts to bulk access to that data. I don't think you are saying that you wouldn't mind if I grabbed all the public info from godaddy's whois, right? You certainly try to block that don't you? 3) Saying that some registrars already use Iron Mountain for storage of data that is more sensitive is a little like saying that an amusement park ride is safe because the operator allows his own children to ride it. Different companies/people have different tolerance for risk. As an aside, a company that I previously owned had about 40 or so cartons of paper information stored by an Iron Mountain owned company years ago. And they actually lost and were never able to (so far) find those documents. True, they actually lost a few skids of paper documents. As of a few years ago they claimed they were still trying to find the records and they had no explanation other than "sorry". (If you would care to see the letter from them stating that, I'd be glad to share it with you.) Larry Erlich http://www.DomainRegistry.com
I am reserving my comments on the escrow program and on Iron Mountain until a draft contract is available for review. I appreciate that Iron Mountain has provided answers to a questionnaire about how it would protect our customer data and how it would address the perceived conflict or interest situation, but we don't know how that will translate into a contract. Will Iron Mountain agree contractually to some sort of structural separation between its registrar business and this escrow arrangement? What contractual warranties will Iron Mountain provide that it will protect our customer data and cover us in case of a breach? Similarly, if ICANN wants to access the data for checking purposes, what contractual warranties and protections will it provide to registrars in order to give us comfort that our customer data will be protected? Perhaps ICANN should be negotiating with the top two bidders to ensure that the contract is as competitive as possible. Thanks. Jon -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of Tim Ruiz Sent: Friday, August 17, 2007 8:46 AM To: registrars@gnso.icann.org Subject: RE: [registrars] FW: Information regarding Data Escrow Larry, appreciate your concerns. 1) Most likely, yes. Escrowing the beneficial user data behind private/proxied registrations is not required under the currently proposed process. But two points about that. First, speaking just for Go Daddy, while there are a large number of our domain names registered through Domains by Proxy the majority are not. Second, Domains by Proxy is willing to escrow the beneficial user data but not likely under the standard Escrow agreement. So that will be discussed with ICANN and hopefully worked out soon. And after our experience with assuming the RegisterFly names, I hope other registrars who offer private/proxied registrations will consider it as well. 2) You're assuming that Iron Mountain is currently mining data? Our records show no evidence of that at all. I would suggest that before making any judgement you look closely at who Iron Mountain is how they've built their publicly traded company on a worldwide reputation of trust and security. Corp. Domain management is a small part of their overall business. It's hard to imagine them sacrificing that reputation for what little they might gain from data that is otherwise public anyway. 3) I doubt that ICANN can select a provider that all registrars will be 100% happy with. So there is no requirement to use ICANN's selected agent. Some are going to use their own agent regardless. Is Iron Mountain more of a risk just because they are accredited any more so than another agent who isn't? You may have a different answer to that than we do. Fortunately, we'll all have a choice. Bottom line, registrars are under fire right now due to recent events. We need to get this escrow thing figured out and implemented. If we delay with the idea that we need a process that 100% of us are 100% happy with it will never get done. Tim -------- Original Message -------- Subject: Re: [registrars] FW: Information regarding Data Escrow From: "DomainRegistry.com Inc. - Larry Erlich" <erlich@domainregistry.com> Date: Thu, August 16, 2007 10:39 pm To: Tim Ruiz <tim@godaddy.com> Cc: ricardo@nomer.com.br, cole@icann.org, registrars@gnso.icann.org, jnevett@networksolutions.com 1) So the escrowed data will show the privacy blocks that some registrars use instead of the actual owner information? (If so, what is the benefit of that exactly?) 2) There is a difference in my mind between mining public data and having what amounts to bulk access to that data. I don't think you are saying that you wouldn't mind if I grabbed all the public info from godaddy's whois, right? You certainly try to block that don't you? 3) Saying that some registrars already use Iron Mountain for storage of data that is more sensitive is a little like saying that an amusement park ride is safe because the operator allows his own children to ride it. Different companies/people have different tolerance for risk. As an aside, a company that I previously owned had about 40 or so cartons of paper information stored by an Iron Mountain owned company years ago. And they actually lost and were never able to (so far) find those documents. True, they actually lost a few skids of paper documents. As of a few years ago they claimed they were still trying to find the records and they had no explanation other than "sorry". (If you would care to see the letter from them stating that, I'd be glad to share it with you.) Larry Erlich http://www.DomainRegistry.com
participants (2)
-
Nevett, Jonathon -
Tim Ruiz