Thanks Karla. It would be helpful as well if you could explain more specifically ICANN's reluctance to comply with the first "MUST" clause in Recommendation 36.4 adopted by the Board. That is pasted below. It seems odd, given ICANN's Mission in relation to Security and Stability, that the addition of this MUST provision would be causing so much trouble in the current IRT proceedings.
"ICANN must add a contractual provision stating that the registry operator will not engage in
fraudulent or deceptive practices."
An appropriate definition of "deceptive practices" should be readily available. For example, the .ORG Registry Agreement that is posted to ICANN's website contains the language below and specifies in Paragraph 4.3 (e) that ICANN can send a 30-day notice of termination based on a PICDRP determination. I believe someone remarked on the call that this Spec 11 Paragraph 3 language is standard.
Is it ICANN's position that the language below only covers what must be in a contract and that there is no actual requirement for the Registry Operator to prohibit deceptive practices? If so, isn't that directly counter to the Recommendation made by Sub Pro, confirmed by Council, and approved by the Board?
Your clarification would be appreciated. (Please forgive my lack of familiarity with Compliance enforcement practices under the RA.)
Thank you,
Anne
SPECIFICATION 11
PUBLIC INTEREST COMMITMENTS
....
3. Registry Operator agrees to perform the following specific public interest
commitments, which commitments shall be enforceable by ICANN and
through the Public Interest Commitment Dispute Resolution Process
established by ICANN (posted at
http://www.icann.org/en/resources/registries/picdrp), which may be
revised in immaterial respects by ICANN from time to time (the “PICDRP”).
Registry Operator shall comply with the PICDRP. Registry Operator agrees to
implement and adhere to any remedies ICANN imposes (which may include
any reasonable remedy, including for the avoidance of doubt, the termination
of the Registry Agreement pursuan to Section 4.3(e) of the Agreement)
following a determination by any PICDRP panel and to be bound by any such
determination.
a. Registry Operator will include a provision in its Registry-Registrar
Agreement that requires Registrars to include in their Registration
Agreements a provision prohibiting Registered Name Holders from
distributing malware, abusively operating botnets, phishing, piracy,
trademark or copyright infringement, fraudulent or deceptive
practices, counterfeiting or otherwise engaging in activity contrary to
applicable law, and providing (consistent with applicable law and any
related procedures) consequences for such activities including
suspension of the domain name.
b. Registry Operator will periodically conduct a technical analysis to
assess whether domains in the TLD are being used to perpetrate
security threats, such as pharming, phishing, malware, and botnets.
Registry Operator will maintain statistical reports on the number of
security threats identified and the actions taken as a result of the
periodic security checks. Registry Operator will maintain these
reports for the term of the Agreement unless a shorter period is
required by law or approved by ICANN, and will provide them to
ICANN upon request
Thank you,
Anne
Anne Aikman-Scalese
GNSO Councilor
NomCom Non-Voting 2022-2026