For some time, the Internet user, law enforcement and security communities have voiced concerns that domain name registration services are too frequently exploited, that a preponderance of malicious domains are registered through a small number of registrars, and that certain registrars are lax, unwitting accomplices to, or "have the appearance of facilitating" malicious activities such as fast flux. While acknowledging that many registrars and resellers serve them well, these communities also call ICANN to task for not acting swifty to compel registrars who serve as the loci for registration and DNS abuse to clean up their operations or face deaccreditation.
What is often perceived as ICANN's disinterest or lack of willingness to take action against registrars can be attributed in part to the enforcement mechanisms available through the existing ICANN Registrar Accreditation Agreement. ICANN COO Doug Brent explains that "aspects of the existing RAA are hard to enforce" and "there are significant mismatches between community expectations and actual enforcement provisions and tools. RAA provisions should define practices that are efficiently enforceable... On a daily basis, staff compliance work is either aided or frustrated by clear, enforceable language."
Taking into account the day to day experience attempting to enforce compliance, ICANN staff has identified
several new obligations to concerns about domain registration and DNS abuse. Staff has also identified amendments that would clarify the RAA and promote registrar compliance with existing RAA obligations. The following Staff Notes were submitted to a GNSO RAA amendments drafting team for consideration:
1) Consider cybersquatting by registrars a violation of the RAA.
2) Oblige registrars to investigate credible reports regarding malicious conduct and report back to complainants.
3) Escrow privacy and proxy registration data.
4) Require registrars to provide full information on affiliates (e.g., reseller contact information).
5) Extend requirements for problem investigation to some definition of validation or verification of accurate Whois data.
6) Clarify and codify the amount of time a registered name holder has to respond to an inquiry or accept liability for harm caused by wrongful use of that name.
7) Reduce the number of arbitrators to save time and expense for all involved, when arbitration is required.
8) Improve administrative process for TLD accreditation so that registrars in good standing can efficiently be accredited for additional TLDs.
9) Require a registrar to promptly notify ICANN of any security breaches affecting the registrar and
affected registrants when there is reasonable evidence of unauthorized access to their accounts.
Brent gives context to these notes, explaining that "success for the community and for registrants is a set of rules that provide adequate registrant protection, are easily understood by all, represent a consensus, and that
can be both effectively implemented by Registrars and are efficiently enforceable in a way that meets expectations." ICANN's Kurt Pritz aptly describes these notes as "outlining areas of potential concern in the RAA, and offering some possible implementation options for community consideration".
This is where you play an important role. If you are interested the subjects discussed in the staff notes speak out! Subscribe to the RAA mailing lists (1, 2, 3). If you have theinterest *and* time to volunteer, ask the GNSO Secretariat for information regarding working group participation.
Comments