The Internet Corporation for Assigned Names and Numbers is seeking ideas and opinions on ways to modify the agreement terms it enters into with Internet registrars to protect individuals and organizations that do business with them.
The effort stems from the recent debacle involving registrar RegisterFly, which ICANN had to strip of its accreditation due to poor quality of service, which prompted massive and loud complaints from many of its tens of thousands of customers.
At its 29th International Public Meeting in San Juan, Puerto Rico, ICANN on Monday hosted a workshop to discuss possible changes to its Registrar Accreditation Agreement (RAA) and steps it is taking to make sure registrars provide good service to their customers.
Participants in the workshop, titled "Protection of Registrants," generally agreed that the RAA is due for a makeover to prevent another RegisterFly-like situation and because much has changed since the RAA was last amended about seven years ago.
"We need to deal with registrar accreditation and the procedures by which we accommodate registrants," said Susan Crawford, an ICANN board member who moderated the discussion.
Among the issues panelists and audience members debated was the need for Internet registrars -- companies ICANN accredits to sell Internet domain names to individuals and organizations -- to escrow their customers' data with ICANN or another third party.
That way, in the event of a registrar meltdown, ICANN, which manages and oversees the Internet's domain name system, could access the customer data and help customers switch to another registrar.
"This is important to registrants. We want to be able to reconstitute a registrar if it fails so that registrants can continue to have access to their domains and be able to work with them," Crawford said.
Ironically, in its current form, the RAA has a data escrow provision but it hasn't been implemented for several reasons. "It put a burden on ICANN to receive data, so the cost was all on ICANN. And until recently, there wasn't a budget item for the registered data escrow program," Crawford said.
Details on how this escrow will work need to be established, such as what will constitute a valid trigger for the data release and what data will be stored.
Jon Nevett, policy and ethics vice president of Internet registrar Network Solutions, said that ICANN's Registrar Constituency, which he chairs, has worked in recent months on the data escrow program with ICANN, which recently requested proposals to provide escrow services.
A key point for registrars is how ICANN will protect their customers' data if it needs to be transferred, Nevett said. "There is a lot of private information in this data," he said.
One of the issues ICANN is trying to work through is what data would be put in escrow. Under the current RAA provisions that data includes: registrant, administrative contact, technical contact, billing contact, name servers and expiration dates.
"When the provision was drafted, these were the elements that were believed to be critically necessary to restore the functionality of a registrar," said Mike Zupke, ICANN's Registrar Liaison Manager. Changing the data requirements would require amending the RAA, he said.
This issue is an interesting one, considering individuals' privacy concerns when registering a domain name, concerns that have prompted the appearance of "proxy" services that let registrants "hide" from the public some of the information they submit to a registrar, Crawford said.
Nevett argued that providing data to an escrow party that the registrant wants to keep from public view doesn't compromise privacy, because the escrow data wouldn't be publicly available.
Meanwhile, Beau Brendler, director of Consumer Reports Webwatch, suggested that ICANN provide more information about registrars, including ratings, so that consumers can make better informed decisions when choosing one.
There are about 900 registrars currently, according to ICANN.
"Measures that increase compliance are good," Brendler said, adding that ICANN might consider setting up a system to rate registrars and hold registrars to best practices guidelines.
Stacy Burnette, ICANN's director of contractual compliance, said that starting next month her team will publish a report twice a year with results from their registrar audits.
Citing preliminary results, Burnette said that in March her team found that of 881 audited registrars, 19 had non-working Web sites, and that in April, 192 registrars had invoices that were overdue by 30 days or more. Based on these findings, her group is seeking compliance from the offending registrars.
Her group is also currently doing a "code of conduct audit" to ensure that registrars are not engaging in conduct that would give "the appearance of impropriety," she said. Meanwhile, a future audit will focus on registrars' back-end systems performance, checking on issues like availability, downtime and outages, to see if they are meeting standards set in their agreements with ICANN.
Moreover, an ongoing audit is focusing on registrar data retention requirements, while a future audit will verify whether registrars are maintaining the required commercial liability insurance levels, she said.
"We want to encourage compliance to enhance ICANN's ability to preserve and enhance the operational stability, reliability, security and global interoperability of the Internet," Burnette said.