Here’s something you don’t see every day: a corporate brand management registrar getting smacked by an ICANN breach notice.
Singapore-based registrar IP Mirror has been sent a warning by ICANN Compliance about a failure to respond to abuse complaints filed by law enforcement, which appears to be another first.
Under the 2013 Registrar Accreditation Agreement, registrars are obliged to have a 24/7 abuse hotline to field complaints from “law enforcement, consumer protection, quasi-governmental or other similar authorities” designated by the governments of places where they have a physical office.
According to its web site, IP Mirror has offices in Singapore, Australia, Canada, Hong Kong, Indonesia, Japan, Malaysia, South Korea, Taiwan and the UK, but ICANN’s breach notice does not specify which authority filed the complaint or which domains were allegedly abusive.
Registrars have to respond to such complaints within 24 hours, the RAA says.
The ICANN notice (pdf) takes the company to task for alleged breaches of other related parts of the RAA, such as failure to retain records about complaints and to publish an abuse contact on its web site.
The company has been given until December 5 to come back into compliance or risk losing its accreditation.
IP Mirror isn’t massive in terms of gTLD names. According to the latest registry reports it has somewhere in the region of 30,000 gTLD domains under management.
But it is almost 15 years old and establishment enough that it has been known to sponsor the occasional ICANN meeting. It’s not your typical Compliance target.
DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.
The breach notice raises questions about the company’s popular free Whois privacy service.
Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.
The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.
The domain highlighted by ICANN in relation to the Whois failure is senect.com
ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name
and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.
Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.
ICANN seems to be asking the registrar to investigate itself in this case.
DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.
DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.
As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.
The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.
ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.
ICANN has started termination proceedings on Domain Services Rotterdam, a Dutch registrar, for failure to pay accreditation fees.
The company owes ICANN $5,118.83 in dues but has failed to pay up despite breach notices dating back to May, according to an ICANN termination notice (pdf)
Domain Services does not have any gTLD domains under management, so no registrants will be affected by the termination, which is due to kick in November 21.
The registrar was accredited in March this year.
ICANN is ramping up its focus on contractual compliance in the midst of calls for domain industry offenders to “go to jail”.
CEO Fadi Chehade yesterday revealed that he has has promoted chief contracting counsel Allen Grogan to the newly created role of chief contract compliance officer.
Grogan, who Chehade has worked with off and on since 1991, will report directly to him. Maguy Serad, who has been heading compliance under Chehade for the last couple of years, will now report to Grogan.
In a session with the GNSO Council at the ICANN 51 public meeting in Los Angeles yesterday, Chehade said the appointment was part of a new “strategic, analytical” approach to compliance.
It was hinted that the compliance focus may form part of Chehade’s address at the formal opening ceremony of ICANN 51 later today.
Ron Andruff of the Business Constituency made the “jail” comments in response.
“We need to see action, we need to see teeth,” he said. “We never see any really strong action taken and it’s time we did. It’s time we saw people go to jail for doing things, lose their contracts for doing things.”
“We’ve lived through 15 years of ICANN with all manner of transgressions, some very serious ones, but they all get slid off to the side and there’s never any mention of it,” he said.
“Should someone be the recipient of extremely strong actions — losing their contract, being thrown out the community — that would send a signal,” he said.
Andruff appeared to be relating comments made by the Intellectual Property Constituency’s Kristina Rosette, at a private Commercial Stakeholders Group meeting earlier that day.
However, Rosette was quick to take to Twitter to deny she’d said anything about jail time.
Um, I never said anything about people going to jail for compliance breaches. Yikes.
— Kristina Rosette (@kristinarosette) October 12, 2014
Chehade, in reply to Andruff, agreed with the need for action but clarified what he plans to do.
“It doesn’t mean to create a police force, that’s not what we need,” he said. “What we need is thoughtful, analytical analysis.”
“It doesn’t mean we’re going to take the job of all the global consumer protection agencies,” he said earlier in the session.
The notion of ICANN having the power to directly jail somebody is of course laughable — all of its power comes from its contracts with registrars and registries.
However, it’s not beyond the bounds of possibility that ICANN could refer registrars to law enforcement should it come across suspected illegality in the course of its compliance investigations.
ICANN Compliance currently employs 21 people and deals with 5,000 complaints per month, Chehade said.
In the last year, the number of breach, suspension and termination notices against registrars has been on the increase.
ICANN has suspended the accreditation of Korean registrar Dotname Korea over failures to comply with Whois accuracy rules.
The company was told this week that it will lose the ability to sell names for three months.
“No new registrations or inbound transfers will be accepted from 7 October 2014 through 5 January 2015,” ICANN compliance chief Maguy Serad told the company (pdf).
The suspension follows breach notices earlier in the year pertaining to Dotname’s failure to show that it was responding adequately to Whois inaccuracy complaints.
Other breaches of the Whois-related parts of the 2013 Registrar Accreditation Agreement were also alleged.
The company has until December 16 to show compliance of face the possibility of termination.