Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.
While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.
The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.
It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.
So, what’s going to change?
The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.
They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.
Here’s a list of all 12, taken from a recent ICANN summary report (pdf).
|Prohibition on registrar cybersquatting|
|Malicious conduct – registrar duty to investigate|
|Designation and publication of technically competent point of contact on malicious conduct issues, available on 24/7 basis|
|Registrar disclosure of privacy/proxy services made available in connection with registration; and responsibility of registrar for compliance by such services|
|Obligations of privacy/proxy services made available in connection with registration re data escrow; Relay function; Reveal function|
|Registrar responsibility for cancellation under appropriate circumstances of registrations made by other privacy/proxy services for noncompliance with Relay and Reveal|
|Define circumstances under which registrar is required to cancel registration for false Whois data and set reasonable time limits for registrar action|
|Require PCI compliance in registration process|
|Define “reseller” and clarify registrar responsibility for reseller compliance|
|Require greater disclosure of registrar affiliates/multiple accreditations|
|Require greater disclosure of registrar contact information, information on form of business organization, officers, etc.|
|Clarification of registrar responsibilities in connection with UDRP proceedings|
The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.
There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.
As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.
“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.
She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.
He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.
“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.
“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.
An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.
The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.
Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.
It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.
The ideas in the motion nevertheless stirred some passionate debate.
Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.
“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.
Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.
A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.
Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.
I’m not sure it’s going to be enough to fully satisfy the GAC.
Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.
She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.
UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.
Rather, he said, “there will be consideration of a broader range of issues.”
This appears to be consistent with the registrars’ original statement, which was linked to in the above post:
The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.