Latest news of the domain name industry

Recent Posts

ICANN says EU registrars could be exempt from stringent new Whois rules

Kevin Murphy, October 11, 2012, Domain Registrars

Registrars based in the European Union could be let off the hook when it comes to the Whois verification requirements currently under discussion at ICANN.

That’s according to ICANN CEO Fadi Chehade, who this week responded to privacy concerns expressed by the Article 29 Working Party, a EU-based quasi-governmental privacy watchdog.

The Working Party said last month that if ICANN forced EU registrars to re-verify customer data and store it for longer than necessary, they would risk breaking EU privacy law.

Those are two of the many amendments to the standard Registrar Accreditation Agreement that ICANN — at the request of governments and law enforcement — is currently pushing for.

In reply, Chehade noted that ICANN currently plans to give registrars an opt-out:

ICANN proposes to adapt the current ICANN Procedures for Handling Whois Conflicts with Privacy Law, to enable registrars to seek an exempton from these new RAA WHOIS and data protection obligations in the even that the obligations would cause registrars to violate their local laws and regulations.

He also said that the Governmental Advisory Committee has “endorsed” the provisions at question, and encouraged the Working Party to work via the GAC to have its views heard.

I understand that registrars based in the US and elsewhere would not respond favorably to what would essentially amount to a two-tier RAA.

Some of the RAA changes would have cost implications, so there’s an argument that to exempt some registrars and not others would create an un-level competitive playing field.

The Article 29 Working Party is an advisory body, independent of the European Union, comprising one representative from the data privacy watchdogs in each EU state.

Some GAC representatives said during the ICANN meeting in Prague this June that they had already factored privacy concerns into their support for the RAA talks.

It’s going to interesting to see how both registrars and the GAC react to the Article 29 developments at the Toronto meeting, which begins this weekend.

Identity checks coming to Whois

Kevin Murphy, September 25, 2012, Domain Registrars

Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.

That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.

While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.

Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.

Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.

The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.

The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.

According to a memo released for discussion by ICANN last night:

It is our current understanding that law enforcement representatives are willing to accept post-­‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.

Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.

After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.

Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.

Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.

These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.

It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.

How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.

ICANN threatens to shut down registrar flipper

ICANN has said it will terminate one of its registrars for non-payment of fees, the thirteenth such threatening letter the organization has sent out this year.

The unfortunate recipient is #1 Host Brazil, which has just a couple hundred domains under its belt in the generic top-level domains.

I may be wrong, but based on some cursory research I’m inferring that the registrar is basically a shell accreditation, acquired in order to flip to a larger registrar.

There are 10 other “‘#1 Host” registrars, such as #1 Host Australia and #1 Host Canada, listed on ICANN’s list of accredited registrars, almost all of which were awarded in late 2005 to the same Texan.

They all use the same logos and, due to the hash sign, all appear at the top of alphabetical lists of ICANN-accredited registrars.

Apart from the Brazil and Israel variants, most of the other “#1” accreditations have been acquired by Moniker at various times over the last few years, according to Internic and Whois records.

#1 Host Brazil faces de-accreditation (pdf) on August 24 unless it pays almost $9,000 in ICANN fees and provides evidence of $500,000 in commercial liability insurance.