GAC Communiqué – Copenhagen, Denmark - ICANN · GAC Communiqué – Copenhagen, Denmark 1 I. Introduction The Governmental Advisory Committee (GAC) of the Internet Corporation

1

Copenhagen,15March2017

GACCommuniqué–Copenhagen,Denmark1

I. Introduction

TheGovernmentalAdvisoryCommittee(GAC)of the InternetCorporationforAssignedNamesandNumbers(ICANN)metinCopenhagen,Denmarkfrom11to16March2017.

59GACMembersand8Observersattendedthemeeting.

TheGACmeetingwasconductedaspartofICANN58.AllGACplenaryandWorkingGroupsessionswereconductedasopenmeetings.

II. Inter-ConstituencyActivities&CommunityEngagement

MeetingwiththeICANNBoard

TheGACmetwiththeICANNBoardanddiscussed:

• 2-charactercountrycodesatthesecondlevel.• TheICANNCEO’sresponsetothequestions intheHyderabadCommuniquéconcerning

mitigationofDNSabuse.• ConfidentialityofGACdocuments.• TheBoard’snewprocessforconsideringandprocessingGACadvice.• Anupdateonthedotwebauctionissue.• ThefacilitateddiscussiononIGOprotectionsandRedCrossRedCrescentprotections.• CCWG-AccountabilityWS2• GACpriorities

MeetingwiththeGenericNameSupportingOrganisation(GNSO)

TheGACmetwithmembersoftheGNSOCouncilanddiscussedincreasedengagementbyGACMembersinPolicyDevelopmentProcesses2-lettercountrycodesatthesecondlevel,aproposedcross-communitysessionatICANN59ongeographicnames,theGAC-GNSOConsultationGroup

1 To access previousGAC Advice,whether on the same or other topics, past GAC communiqués are available at:https://gacweb.icann.org/display/GACADV/GAC+Communiques

2

Final Report ImplementationPlan and common concerns aboutworkload createdbymultiplesimultaneousPDPs.

MeetingwiththeCountryCodeNameSupportingOrganisation(ccNSO)

TheGACmetwiththeccNSOanddiscussedtheccNSOPDPonaretirementandreviewmechanismforccTLDs,theCrossCommunityWorkingGrouponUseofCountryandTerritoryNamesasTLDs,support for the GAC Working Group on Under-Served Regions regarding ccTLD issues,implementation of Bylaws concerning the Empowered Community and ICANN meetingscheduling. Itwasagreed thatan inter-sessional conferencecallsbetweenGACandccNSObescheduled.

MeetingwiththeAtLargeAdvisoryCommittee(ALAC)

TheGACmetwiththeALACanddiscussedgeographicnames,thereportcommissionedbytheCouncilofEuropeoncommunityapplications,thesurveybeingdevelopedbytheGACWorkingGrouponUnder-ServedRegions, theAt LargeReviewandCCWG-AccountabilityWork Streamtopicsofjointinterest.

MeetingwiththeRegistrarStakeholderGroup(RrSG)

The GAC met with the Registrar Stakeholder Group of the GNSO and discussed Registraroperations,marketdevelopmentsandmechanismsfordealingwithabuse.

MeetingwiththegeoTLDGroup

TheGACmetwiththegeoTLDGroup(representingTop-Leveldomainsidentifyingacity,region,language or culture) and discussed policies on geographic names, cooperation with localauthoritiesandissueswithnationaldataprotectionlaws.

MeetingwiththeUniversalAcceptanceSteeringGroup(UASG)

The GAC received an update from the Universal Acceptance Steering Group (UASG) on theiractivitiestomakeIDNdomainnamesandemailaddresses,aswellasnewgTLDs,workseamlesslyonallbrowsers,applicationsandsoftwareprograms.TheGACnotedwithinterestthattheUASGwould be publishing a White Paper on 11 April 2017, and discussed suggestions on howgovernments can assist with the dissemination of UA information and engage their owndepartmentsandlocalsoftwarecommunitiestomaketheirsystemsUAReady.

CustomerStandingCommittee(CSC)

The GACwas briefed bymembers of the Customer Standing Committee for Public TechnicalIdentifiers(PTI)ontheoperationsoftheCommitteetodate.

3

DataProtection

TheGACmetwithdataprotectionofficialsconvenedwiththeassistanceoftheCouncilofEurope.The discussion enabled meaningful exchanges on the implementation of data protectionprinciplesinICANN.ParticipantsexpressedtheneedtocontinuethisimportantdialogueandtooknoteoftheproposaloftheChairoftheCommitteeofConvention108toproviderepliestoanyquestionsputtoit.TheGACwelcomedtheseexchangesandencouragesICANNtocontinuethedialoguewithdataprotectionauthoritiestoenhanceprivacyanddataprotection.

Cross-CommunityDiscussions

TheGACPublicSafetyWorkingGroupledacross-communitysessiononDNSabusemitigation,coveringtrendsinabuseandtheneedformitigation;industryresponses;andtheroleofICANN.Thesessionhighlightednewinitiativesby ICANN’sOfficeoftheCTOaswellassolutionstobeexploredbytheCommunitytowardseffectiveDNSAbuseMitigation, includingleveragingNewgTLDauctionproceedswhereappropriate.

TheGACWorkingGrouponUnder-ServedRegionsledasessionthatexploredoptionsforcapacitybuildingandICANNengagementindevelopingcountries.

III.InternalMatters

1. NewMembers

TheGACwelcomedZimbabweasanewMember.ThisbringsGACmembershipto171Members,and35Observers.

2. Board-GACRecommendationImplementationWorkingGroup(BGRI-WG)

TheBGRI-WGandtheGACmetanddiscussedtheissuesofwhatconstitutesGACadvice,clarityofGACadviceandpost-CommuniquécallsbetweentheGACandtheICANNBoard.Workintheseareaswillbepursuedinthelead-uptotheJohannesburgmeeting

3. GACWorkingGroups:UpdatesasreportedtotheGAC

TheGACOperatingPrinciplesReviewWorkingGroupagreedtopresenttheGACwithproposedminoramendmentstotheGACOperatingPrinciples,includingintroducingonlinevotingfortheupcomingGACelections,withaviewtoformalisingthoseamendmentsaccordingtotheproceduresoutlinedinOperatingPrinciple53.Theamendedprincipleswillbesubjecttofurther

4

reviewaspartofaholisticapproachthathasalreadystartedinparallel.Inthatrespect,theWorkingGroupalsoagreedtopresenttheGACwithapreliminarylistofhigh-levelprinciples,tobeconsideredassubjectheadingsforafullyrevisedsetofOperatingPrinciples.TheWorkingGrouprecommendedthattheGACcloseditsWorkingGroupandthatongoingeffortstorevisetheGACOperatingPrinciplescouldcontinuewithinGACPlenarysessions.

TheGACUnder-ServedRegionsWorkingGroupheldtwosessionstoprogressitsworkandprovideupdatesonvariousactivitiesasstipulatedinitsworkplan.Inordertoprogressongoingwork,theWorkingGroupCo-Chairsmetwith:

• TheccNSOandthePTItodiscussandexplorevariousapproachestothetasksmandatedbytheGACfortheWorkingGrouptoactasthefirstpointofcontactforGACMembersexperiencingccTLDdelegationandre-delegationissues.

• TheDevelopmentandPublicResponsibilityDepartment(DPRD)ofICANNtodiscusscollaborationindevelopingandimplementingaWorkingGroupsurveyforGACMembersfromunderservedregions.

• TheGovernmentEngagement,GlobalStakeholdersEngagementandSecurityStabilityandResiliencyteamsofICANNtoplanforthenextseriesofregionalcapacitydevelopmentsessionsforGACMembersandlawenforcementagenciesfromunderservedregionsinAsiaPacific,MiddleEastandLatinAmericaandtheCaribbeanbeforetheendof2017.

TheWorkingGroupwillcontinuetoparticipateinthefollowingactivities:• ThenewgTLDSubsequentProceduresPDPspecificallyWorkTrack1whichisdealing

with"SupportforApplicantsfromDevelopingCountries".• WorkbytheCCTReviewondevelopingcountryissues.• CCWGonNewgTLDAuctionProceeds.• CCWGAccountabilityWS2subgrouponDiversity.

TheGACHumanRightsandInternationalLawWorkingGroupreceivedanupdatefromtherapporteuroftheCCWGWS2HumanRightssubgrouponpreparationofaFrameworkofInterpretationforICANN'sHumanRightsBylaw.TheWorkingGroupalsodiscussedhumanrightsperspectivesoftheCouncilofEurope'sReportonApplicationsforCommunity-basedNewgTLDswithoneoftheauthorsofthereport.TheGACWorkingGrouponProtectionofGeographicNamesinNewRoundsofNewgTLDsreviewedaproposaltoestablishasetofbestpracticesrulesandthepossibleestablishmentofarepositoryofnames.Itwasinformedandagreedthattherewillbeacross-communitywebinarandacross-communitydialoguesessionduringICANN59.TheWorkingGroupwillengageinthesedialogueeffortsandwillcontinueworkingonapossibleproposal.

5

TheGACWorkingGrouponGACParticipationintheNomComagreedthattheWorkingGroupwillrefineatexton"GACcriteriaforNomCom"andshareanewversionwiththeGACbeforethenextICANNmeeting.AboutthepossibleappointmentofaGACnon-votingmemberintheNomCom,theWorkingGroupwillreviewlegalbackgroundandpreviousexperiencesinfulfillingthisrole.ThisinformationwillbesharedwithGACwhenavailableandanalyzed.TheGACPublicSafetyWorkingGroup(PSWG)reportedtotheGAConitsanalysisoftheresponseprovidedbyICANNtoAnnex1oftheGACHyderabadCommuniquéandproposedaFollow-upScorecard.ItinformedtheGACthatitwillbeseekingendorsementofaDraftSecurityFrameworkforRegistriestoRespondtoSecurityThreats,whichtextwasagreeduponwithrepresentativesofRegistryOperatorsinCopenhagen.SimilarendorsementwillsoonbesoughtregardingtheupcomingPSWGproposalforaLawEnforcementDisclosureFrameworkaspartofthePrivacy/ProxyServicesAccreditationPolicyImplementation(PPSAIIRT).RegardingtheRegistrationDirectoryService(RDS),WorkingGroupvolunteersnominatedbytheGACtojointheRDSReviewTeamareseekingguidancefromtheGACtodefinethescopeoftheReview.ThePSWGproposedthatGNSOsuggestionsinthismatterbeendorsed,exceptforanylimitationsimposedonmatterthatmayormaynotoverlapwiththeongoingNextGenerationRDSPDP.BuildinguponthemeetingoftheGACandthedataprotectionofficials,theWorkingGroupbriefedtheGAConthebalancetobeachievedbetweenprivacy,theneedsoflawenforcementandpublicinterestsinanyfutureRDS.

4. IndependentSecretariat

TheGACnotedthatthecurrentcontractwithACIGtoprovideanindependentsecretariatservicetotheGACexpiresinJuly2017andagreedthattheGACleadershipurgentlyengagewithICANNonitsextension.PledgesfromGACmemberstocontributetothecostsofthesecretariathavebeenincreasinglynumerousbuttodatenotsufficienttomaintainthesamelevelofserviceprovided,whichimpliestheneedforadjustingthelevelofserviceprovidedintheshortterm.Furtherpledgesaresoughtandencouragedasamatterofurgency.Inaddition,theGACleadershipwillworkonmid-termsolutionswithaviewoffindingsustainablefundingarrangements.

IV.EnhancingICANNAccountability

TheGACcontinuedtoworkonaseriesofmeasurestoimplementtheICANNBylawsthatcameinto effect on 1 October 2016. These include the provision of GAC Advice to the Board andproceduresforGACparticipationintheEmpoweredCommunity.

The GAC received an update fromMembers representing GAC in CCWG-AccountabilityWork

6

Stream2activities,inwhichtheywillcontinuetoparticipate.Inparticular,theGACnotedthe importanceofthe jurisdictionquestionnaireasakeypointofCCWGWS2,andcallsonallgovernmentsandotherstakeholderstorespondtoitbeforetheexpiryofthedeadlineof17April2017.OtheractivitiesofCCWGWS2alsoneedtobepursued.

V.OtherIssues

1. Competition,ConsumerTrustandConsumerChoiceReviewTeam(CCT-RT)

TheGACwasbriefedbytheCCT-RTontheReviewTeam’swork,includingtherecentlyreleaseddraftreport.GACMemberswillreviewthedraftreportindetail.

2. NewgTLDs:SubstantivePolicyIssues

The GAC discussed specific policy issues relevant to possible future release of new gTLDs,including:

• Community-basedgTLDapplications:FollowingtheCouncilofEurope'ssubmissiontotheGACatICANN57oftheirreport“ApplicationstoICANNforcommunity-basednewgTLDs:OpportunitiesandChallenges fromaHumanRightsPerspective”,apresentationof thereport's recommendations was provided by one of the authors. The GAC expressessupportfortheserecommendationsgoingforwardforfurtherconsiderationbytheNewgTLDSubsequentProceduresPDPWorkingGroup.

• Supportforapplicantsfromdevelopingcountries.• Geographicnames.

3. ICANNGeographicRegions

TheGACwillexaminetheissueofICANNgeographicregionsandconsidertheissuefurtheratthenextmeetings.

7

VI.GACConsensusAdvicetotheBoard2

1. ProtectionoftheRedCrossandRedCrescentdesignationsandidentifiers

Re-affirmingpreviousGACAdviceforapermanentreservationoftheRedCrossandRedCrescentdesignationsand identifiers, theGACacknowledges theconclusionsof the facilitateddialogueheldduringICANN58onresolvingoutstandingdifferencesbetweentheGAC’spreviousadviceand the GNSO's past recommendations to the Board on the protections of the names andidentifiersoftherespectiveRedCrossandRedCrescentorganizations.Consistentwiththeconclusionsoftheabovementioneddialogue,

a. TheGACadvisestheICANNBoardto:

I. request theGNSOwithoutdelay tore-examine its2013recommendationspertaining to the protections of Red Cross and Red Crescent names andidentifiers (definedas “Scope2”names in theGNSOprocess)whichwereinconsistentwithGACAdvice.

RATIONALETheGACacknowledgestheoutputsofthefacilitateddialogueonthistopicandrequeststheBoardtoproceedaccordinglywithoutdelay

2. IGOProtections

TheGACnotesthatadialoguefacilitatedbytheBoardonthistopichasbegunbetweentheGACandtheGNSO(includingitsrelevantWorkingGroups).TheGACexpectsthatthesediscussionswould resolve the long-outstanding issue of IGO acronym protections and understands thattemporaryprotectionswillcontinuetoremain inplaceuntilsuchtimeasapermanentagreedsolutionisfound.Baseduponthefacilitateddiscussionsuptothisstage,


I. pursue implementation of (i) a permanent system of notification to IGOsregardingsecond-levelregistrationofstringsthatmatchtheiracronymsinuptotwolanguagesand(ii)aparallelsystemofnotificationtoregistrantsforamorelimitedtimeperiod,inlinewithbothpreviousGACadviceandGNSOrecommendations;

2TotrackthehistoryandprogressofGACAdvicetotheBoard,pleasevisittheGACAdviceOnlineRegisteravailableat:https://gacweb.icann.org/display/GACADV/GAC+Register+of+Advice

8

II. facilitate continued discussions in order to develop a resolution that willreflect(i) thefactthat IGOsare inanobjectivelyuniquecategoryofrightsholdersand(ii)abetterunderstandingofrelevantGACAdvice,particularlyasitrelatestoIGOimmunitiesrecognizedunderinternationallawasnotedbyIGOLegalCounsels;and

III. urgetheWorkingGroupfortheongoingPDPonIGO-INGOAccesstoCurativeRightsProtectionMechanismstotakeintoaccounttheGAC’scommentsontheInitialReport.

RATIONALE

ThisAdvicecapturesachievementsmadetodateinthefacilitateddiscussions,inthehopethatthiswillbeinstrumentalinresolvingthislong-standingissueattheearliestopportunity.

3. MitigationofDomainNameAbuse


I. providewrittenresponsestothequestionslistedintheFollow-upScorecardattached to this Communique, no later than 5May 2017 for appropriateconsideration by theGAC before the ICANN 59meeting in Johannesburg,takingintoaccountthattheICANNPresidentandCEOwillactascontactpointfortheGACinthismatter.

RATIONALE

TheGACisseekingtoassesstheeffectivenessofitsAdvicetotheICANNBoard.

Annex 1 of the GAC Hyderabad Communiqué listed a number of questions to conduct suchassessment in relation to Advice implemented as part of the 2013 Registrar AccreditationAgreementandtheNewgTLDRegistryAgreement.

TheGACisalsointerestedinassessingthecontributionoftheSSRandContractualCompliancedepartmentsofICANNtothepreventionandmitigationofdomainnameabuse.

While ICANN responded to Annex 1 of the GAC Hyderabad Communiqué, the informationprovidedwasnotsufficienttoconductthenecessaryassessments.

9

4. 2-CharacterCountry/TerritoryCodesattheSecondLevel

InlightofthediscussionswiththeICANNBoardinCopenhagenontheBoardResolutionof8November 2016 and its implementationof 13December 2016 regarding two-letter countrycodesassecondleveldomains,


I. TakeintoaccounttheseriousconcernsexpressedbysomeGACMembersascontainedinpreviousGACAdvice

II. EngagewithconcernedgovernmentsbythenextICANNmeetingtoresolvethoseconcerns.

III. Immediatelyexploremeasurestofindasatisfactorysolutionofthemattertomeettheconcernsofthesecountriesbeforebeingfurtheraggravated.

IV. Provideclarificationofthedecision-makingprocessandoftherationalefortheNovember2016resolution,particularlyinregardtoconsiderationoftheGACadvice,timingandlevelofsupportforthisresolution.

RATIONALE

The GAC noted serious concerns expressed by some governments about the consequencesintroducedbythechangescreatedbythe8November2016Resolution.Inparticular,accordingtothenewprocedureitisnolongermandatoryfortheregistriestonotifygovernmentsoftheplansfortheiruseof2-lettercodes,norareregistriesrequiredtoseekagreementofgovernmentswhenreleasingtwo-lettercountrycodesatthesecondlevel,which,forexample,allowsregistriestochargegovernmentssubstantialfees.

VIII.NextMeeting

TheGACwillmeetduringICANN59inJohannesburg,SouthAfrica,scheduledfor26-29June2017.

PartI–Question1-WHOISAccuracyProgramSpecification-CrossValidationRequirement Page1

GACFollow-upScorecardtoAnnex1ofGACHyderabadCommuniqué(asof15March2017)

PartI.Implementationof2013RAAprovisionsandRegistrarsAccreditation

GACQuestion(HyderabadCommuniqué)

1.WHOISAccuracyProgramSpecification-CrossValidationRequirementWhatistheimplementationstatusofthe2013RAA,WHOISAccuracyProgramSpecification,Section1(e)whichprovidesthatRegistrarwill“Validatethatallpostaladdressfieldsareconsistentacrossfields(forexample:streetexistsincity,cityexistsinstate/province,citymatchespostalcode)wheresuchinformationistechnicallyandcommerciallyfeasiblefortheapplicablecountryorterritory”?

a) DetailedinformationonwhatregistrarsandICANNhavedonetofulfillthisRAArequirementtodate;b) Atimelinewithspecificmilestones&dates,includingaprojectedclosuredateforcompleteimplementationofthisrequirementc) Detailedinformationoncross-fieldvalidationsoftware,approaches,etc.thathavebeenconsidered,includingsupportingdataandresearch;d) Detailedinformationregardingregistrars'concernsaboutwhyspecificoptionsarenottechnicallyandcommerciallyfeasible,includingsupportingdataand

research;ande) Currentproposalsforcross-fieldvalidation(publishedatthetimetheyaresharedwithanyregistrar).

ICANNResponse(8Feb.2017)

Inmid-2014,ICANNOrgandtheRegistrarStakeholderGroupjointlyagreedtoplaceonholdtheacrossfieldvalidationinitiativespecifiedinSection1(e)oftheWHOISAccuracyProgramSpecificationtothe2013RegistrarAccreditationAgreement.ThisinitiativewasplacedonholdduetotheimplementationofthedomainverificationandsuspensionrequirementoutlinedintheWHOISAccuracyProgramSpecification.Registrarswerechallengedwithmaintainingparalleltracksasitpertainedtothesetwoinitiatives.Overthecourseofthelastthreeyears,ICANNOrghasfocuseditseffortsonidentifyingcommerciallyreasonableandglobalsolutionsthatwouldmeettherequirementsoftheRAAaswellasregionalandglobaladdressinganddataformatrequirements.DuringICANN57inHyderabad,India,ICANNOrgpresentedtheresultsofthisresearchinanopensession,aswellasastrawmanproposaltoaddressthisissue.InJanuary2017,theWHOISValidationWorkingGroupwasre-formedtofocusitseffortonidentifying,specifying,andapproving(byaminimumoftwo-thirds(2/3)voteoftheRegistrarWHOISValidationWorkingGroup),anappropriatesetoftoolstoenableregistrarstocompletetheacrossfieldaddressvalidationspecifiedinSection1(e)oftheWHOISAccuracyProgramSpecificationofthe2013RegistrarAccreditationAgreement.Startinginthefirstquarterof2017,theWorkingGroupandICANNOrgplantodefineandmutuallyagreeupontheabilitytodetermineifasolution(s)iscommerciallyviable,basedonprovidercriteriathatwillbedraftedandagreeduponbyWorkingGroupandICANNOrg.AcompletesetofdocumentsislocatedontheAcrossFieldAddressValidationWikiPage:https://community.icann.org/display/AFAV/Registrar+Across+Field+Address+ValidationTheWikipagealsoincludesdetailsofpotentialcommerciallyreasonablesolutionsthattheWorkingGroupwillevaluateandanalyzeinconjunctionwithICANNOrg.


Follow-up

# Follow-upGACQuestion ICANNAnswertoFollow-upQuestion Status

I.1.1 GACrequestsfurtherdetailsonwhatregistrarsandICANNhavedonetofulfillthisRAArequirementtodate(questionI.1.a).BasedonICANN’soriginalresponse,itappearsthatagrouphasbeenformedbuthasasofyetproducednoresults,andnoprogresshasbeenmadeinfinalimplementation.

Open

I.1.2 GACrequestsfurtherdetailsonitsrequestforatimelinewithspecificmilestones&dates,includingaprojectedclosuredateforcompleteimplementationofthisrequirement(questionI.1.b).NoclosuredatehasbeenprovidedforcompletionandimplementationoftheCrossValidationcontractualrequirement.

Open

I.1.3 GACrequestsfurtherdetailsonitsrequestfordetailedinformationoncross-fieldvalidationsoftware,approaches,etc.thathavebeenconsidered,includingsupportingdataandresearch(questionI.1.c).TheanswerprovidedbyICANNtodatedidnotincludeanyspecificapproaches,toolsthatwereconsidered,rejectedandthereasoningbehindsuchdecisions.Nofinancialdecision,discussion,analysisofanycross-fieldvalidationsolutionswereprovided.DetailsonconsiderationoranalysisofanysolutionbyeitherICANNorathird-partyshouldbeprovided,includingdetailssuchasnameofthird-party,cost,function,andotherrelevantinformation.

Open

I.1.4 GACrequestsfurtherdetailsonitsrequestfordetailedinformationregardingregistrars'concernsaboutwhyspecificoptionsarenottechnicallyandcommerciallyfeasible,includingsupportingdataandresearch(questionI.1.d).Theanswerprovidedtodatedidnotincluderegistrars'concernssuchasthetechnicaland/orcommercialissuesregardingcross-validation.

Open


Follow-up


I.1.5 CanICANNprovidedetailsonwhythe“acrossfieldvalidationinitiative”specifiedinSection1(e)oftheWHOISAccuracyProgramSpecificationwasstoppedifitwasacontractualobligationperthe2013RAA,WHOISSpecification?Inaddition,itisnotclearwhytheserequirementswereviewedasseparatestreamsastheywerebothdetailedinthesameWHOISSpecification.

Open

I.1.6 PleaseprovidetheGACwiththeresultsofICANN’sstrawmanproposal“identifyingcommerciallyreasonableandglobalsolutionsthatwouldmeettherequirementsoftheRAAaswellasregionalandglobaladdressinganddataformatrequirements”

Open

I.1.7 Astheacrossfieldaddressvalidationisacontractualobligation,whyisitsubjecttobeingconsidered“commerciallyviable”?

Open

I.1.8 Whatisconsideredcommerciallyviable? Open

I.1.9 Hasadeadlinebeensetfordevelopingatool/methodologytoenableregistrarstocompletetheacrossfieldaddressvalidationspecifiedinSection1(e)oftheWHOISAccuracyProgramSpecification?

Open

PartI–Question2-EnforcementbyICANNofWHOISVerification,ValidationandAccuracyRequirement Page4



2.EnforcementbyICANNofWHOISVerification,ValidationandAccuracyRequirementPerthe2013RAAWHOISSpecification,howdoesICANNenforceallregistrarWHOISverification,validationandaccuracycontractualobligations?PleaseprovideexamplesthatdemonstratehowICANNisenforcingeachofthesecontractualobligations?


ICANNContractualCompliancemonitorsandensurescompliancewiththeverification,validation,andaccuracyrequirementsofSection3.7.8ofthe2013RAAandtheWHOISAccuracyProgramSpecification(WAPS)through:

• ProcessingWHOISinaccuracycomplaintscoveringverification,validation,andinvestigationandcorrectionofaccuracyissues.BetweenNovember2015andNovember2016,WHOISinaccuracycomplaintsconstitutedapproximately70%ofcomplaintsprocessedbyICANNContractualCompliance(almost32,000complaints).

• PerformanceoftheICANNContractualComplianceregistraraudit,whichincludesWHOISdataverificationandvalidationrequirements.• ProcessingtheWHOISAccuracyReportingSystem(ARS)inaccuracyreports.TheARScheckssamplesofWHOIScontactinformationformat(syntax)and

functionality(operability)foraccuracyfromacrossthegTLDs.ThedataisprovidedtoICANNContractualComplianceforfollow-upwithregistrars(includingWHOISinaccuracycomplaintsandregistraroutreach).

• ProactivemonitoringandoutreachbyICANNContractualCompliance.EnforcementofSection3.7.8:ThissectionrequiresregistrarstotakereasonablestepstoinvestigateandcorrectWHOISdatainaccuracies.Percontract,Registrarshave15calendardaysaftertriggerevent(forexample:newregistrations,inboundtransfers,changetoregistrantinformation,WHOISInaccuracycomplaints)toverify/validate,asapplicable.ICANNenforcestheobligationbyrequesting:

1. Evidencesuchaswhen,how,andwithwhomcommunicationwasconducted2. Validationofanydataupdatedfollowinginvestigations3. VerificationofregistrantemailperSection4ofWAPS

ICANNlooksforoneofthreeresultswhenreviewingWHOISinaccuracycomplaints:

1. WHOISupdatedwithin15daysofnotifyingtheRegisteredNameHolder–registrarprovideddocumentationofvalidationofupdatesandverification(includingaffirmativeresponseormanualverification)

2. NoresponsefromRegisteredNameHolderwithin15daysofnotifyingRegisteredNameHolder–domainsuspendeduntilregistrarhasverifiedinformation3. WHOISverifiedasaccurate(nochange)within15daysofnotifyingRegisteredNameHolder–registrarprovideddocumentationofverification

ICANNmayalsorequestevidenceofWAPSfulfillmentunderSection1.


Follow-up


I.2.1 WhiletheanswertoquestionI.2providesstatisticsandgeneralinformation,itdoesnotaddresstheintentofthequestion.TheGACadviceaimedatdeterminingspecificallywhatactions/stepsaretakentoverify,validate,andconfirmtheaccuracyofcontractually-requiredWHOISinformation.Inotherwords,isthereasetofcriteriausedinverification,i.e.,whenastaffmemberreviewsWHOIScomplaints;arecomplaintstracked,analysed,etc.?

Open

I.2.2 Whatweretheresultsofthe32,000WHOIScomplaintsprocessed? Open

I.2.3 Wereanyregistrarsde-accreditedforWHOISviolations?Ifnot,doesthatmeanall32,000WHOIScomplaintsresultedinregistrarstakingappropriateactions?

Open

I.2.4 Whatactions,ifany,hasICANNtakenagainstanyregistrarfornon-complianceofWHOISrequirementsin2013RAA,startingJanuary1,2014?

Open

I.2.5 DoesICANNconsiderde-accreditationforaWHOISinaccuracyviolationtoosevere?Ifso,shouldtheRAAbeamendedtospecificallyprovideagraduatedscaleofpenaltiesorsanctionsforWHOISinaccuracies?

Open

I.2.6 Pleaseprovidespecificactions,stepsandanalysisthatICANNtakesduringanaudit?

Open

I.2.7 DoesICANNuseatemplateorstandardizedmethodologytoconducteachaudit?

Open

I.2.8 Howoftenareauditsconducted? Open

I.2.9 Whatdeterminesifanauditisneeded,specifically? Open

I.2.10 Whoconductsanaudit? Open

I.2.11 Howmuchtimeisneededforanaudit?Hours,days,weeks? Open


Follow-up


I.2.12 Whatareassociatedcostswithaudits?Howmuchdoeseachauditcost,withbreakdownoflabor,travel,andanyotherrelatedcosts?

Open

I.2.13 Pleaseprovidespecificexample(s)ofactionstakenafterareportofanactualaudit(withnamesredacted)?

Open

1.2.14 AccordingtoMay2016ContractualComplianceRegistrarAuditReport,“Ten(67%)oftheRegistrarscompletedtheauditwithdeficiencies[…]TheseRegistrarswillrequirefollow-up(i.e.partialre-audit)fromICANNtoverifytheremainingdeficiencieshavebeenremediated.”Howisthisfollow-upachieved,andhowisitreported?

I.2.15 Pleasedefine“proactivemonitoring”andwhatactionsaretakeninthisprocess?

Open

I.2.16 Howoftenisproactivemonitoringdone? Open

I.2.17 Doesproactivemonitoringapplytoeachregistrarandregistry?Whyorwhynot?

Open

I.2.18 DoesICANNhaveenoughresourcestoconductproactivemonitoringforeachregistryandregistrar?

Open

I.2.19 WhatdoesICANNmeanby“outreach”? Open

I.2.20 Howisoutreachconducted? Open

I.2.21 DoesICANNhaveenoughresourcestoconductoutreachtoeachregistryandregistrar?Specifically,whatisconsidered“follow-up”withregistrars?

Open

I.2.22 PleaseexplainhowICANNdefines“evidence”inthiscontextofICANN’senforcementofSection3.7.8relatedtotheinvestigationandcorrectionbyRegistrarsofWHOISdatainaccuracies.

Open

I.2.23 HowmanydomainnameshavebeensuspendedduetonoresponseofRegisteredNameHolderwithin15daysofrequestforverificationofWHOISdataaccuracy?

Open

PartI–Question3-DiligencebyICANNinRelationtoRegistrars’DutytoInvestigateReportsofAbuse Page7



3.DiligencebyICANNinRelationtoRegistrars’DutytoInvestigateReportsofAbuseWhatisthestandardofdiligencethatICANNappliestoregistrarsintheregistrar’sdutytorespondtoreportsofabuseaccordingtoSection3.18ofthe2013RAA?


ICANNContractualCompliancemonitorscompliancewithSection3.18ofthe2013RAAthrough:• ProcessingabusecomplaintssubmittedthroughtheRegistrarStandardsComplaintForm

(https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form).• ConductingtheRegistrarAuditProgramwhichincludestheobligationsofSections3.18.1,3.18.2,and3.18.3ofthe2013RAA.

Forabusecomplaints,ICANNconfirmsthatthereportersentabusereport(s)toregistrarabusecontactemailaddressbeforeICANNsendscomplainttoregistrar.Onceconfirmed,ICANNcouldrequesttheregistrartoprovide:

1. Adescriptionofthestepstakentoinvestigateandrespondtoabusereport2. Theamountoftimetakentorespondtoabusereport3. Allcorrespondencewithcomplainantandregistrant4. Thelinktowebsite’sabusecontactemailandhandlingprocedure5. Thelocationofdedicatedabuseemailandtelephoneforlaw-enforcementreports6. TheRegistrar’sWHOISabusecontacts,emailaddress,andphonenumber7. Examplesofstepsthatregistrarshavetakentoinvestigateandrespondtoabusereportsinclude:

a. Contactingtheregistrantb. Requestingandobtainingevidenceorlicensesc. Providinghostingproviderinformationtocomplainantd. PerformingWHOISverificatione. Performingtransferuponrequestofregistrantf. Suspendingdomain

PartI–Question3-DiligencebyICANNinRelationtoRegistrars’DutytoInvestigateReportsofAbuse Page8

Follow-up


I.3.1 Unfortunately,ICANNhasnotprovidedspecificdetailsinhowitinvestigatesreportsofabusebyprovidingspecificdocumentation.WhileitisunderstoodICANNwouldnotwanttoreleaseinformationorwasteresourcesonsuperfluousorunfoundedabusereports,itwouldbehelpfulifICANNcanprovideaclear,transparentandconsistentinvestigativeapproachtoreportsofabuse.

Open

I.3.2 WhatarethedeterminingfactorsforICANNtorequesttheinformationlistedfromregistrarwhenhandlingabusecomplaints?

Open

I.3.3 Isthereathresholdand/orstandardizedanalysisperformedforeachreportofabuse?

Open

I.3.4 Isalloftheinformationlistedintheanswerrequestedoftheregistrarwheninvestigatinganabusereport?Ifnot,howdoesICANNdeterminewhichquestionsarepresentedtoregistrar?

Open

I.3.5 DoesICANNprepareawrittenreportuponthecompletionofeachinvestigation,withsupportingdocumentation?

Open

I.3.6 PleaseprovidecomprehensivestatisticsdetailinghowmanyreportsofabusearereceivedbyICANNandtheiroutcomesoradjudication.

Open

I.3.7 Pleaseprovideareportofmeasuresthathavebeentakenagainstregistrars,includingviolation,date,andlengthofinvestigation,costsassociated,outcomesandfollow-ups.

Open

PartI–Question4-AwarenessEffortsbyICANNonRegistrars’Obligations Page9



4.AwarenessEffortsbyICANNonRegistrars’Obligations:WhateffortsdoesICANNundertaketoensureregistrars,areeducatedandawareoftheircontractualobligations?Per2013RAA,Section3.13,canICANNprovidedetailsofrequiredtraining,forinstance:

a. IsthereanICANNtrainingprogramwithcorrespondinglinksandinformation?b. Howoftenisthistrainingprovided?c. Otherdetailsofthetrainingprogram?


Yes.ICANNhasdevelopedatrainingprogramincollaborationwiththeregistrarcommunity.TheprogramisintendedtohelpICANN-accreditedregistrarsunderstandandcomplywiththeirobligationsundertheRegistrarAccreditationAgreementandincorporatedconsensuspolicies.ThetrainingisavailableontheICANNLearntrainingplatform:https://www.icann.org/resources/pages/registrar-training-resources-2015-09-23-en.Thetrainingisweb-basedandcanbeaccessedatanytimeuponsuccessfulaccountcreationandlogin.Section3.13ofthe2013RAArequirestheprimarycontactordesigneetocompleteatrainingcoursecoveringregistrarobligationsunderICANNpoliciesandagreements.ACertificateofRegistrarTrainingCourseCompletionispublishedathttps://www.icann.org/resources/pages/registrar-training-resources-2015-09-23-en.Registrarsarerequiredtosendinasignedanddatedcopyofthecertificateuponsuccessfulcompletionofthetrainingprogram.Inaddition,ICANNconductsoutreachtocontractedpartiesatICANNpublicmeetings,GDDIndustrySummits,viaawebinar-typeapproach,orthroughpublishedmaterialonICANN.org.Theoutreachprovidesoverallcontractualguidelines,informsofpolicyand/orcontractchanges,andprovidesanopportunitytoproactivelycollaborateandaddresscomplianceissues.

Follow-up


None

PartI–Question5-VettingRegistrarAccreditationApplications Page10



5.VettingRegistrarAccreditationApplicationsICANNhaslistedcriteriaforregistraraccreditation.Pleaseexplainhowthesecriteriahavebeenputintopracticeandenforced?Specifically:

a. HowdoesICANNverifyinformationprovidedinregistraraccreditationapplications?b. Whatdatabases,recordchecks,etc.areused?c. HowmanyapplicationshasICANNreceivedsincethenewprocessbegan?Ofthose,howmanyapplicationshavebeenrejected,why?d. HowlongdoesittakeICANNtoevaluateeachapplication?e. Whatarethefinancialcostsassociatedwithprocessingeachapplication,includingverificationcosts?


ICANNconductsathoroughreviewofapplicationsforRegistrarAccreditation.Thisreviewincludes,butisnotlimitedto:• Backgroundchecksconductedthroughathird-partyserviceprovider,ThomsonReuters.Thesechecksinclude:Litigation,Bankruptcy,Regulatory,andLaw

Enforcementchecks,aswellasinternetsearches.• Financialreview;areviewoffinancialstatementsandbankverification• Reviewofgoodstandingdocuments,e.g.,CertificatesofIncorporation,BusinessRegistration/License• ICANNContractualCompliancestatus

ICANNhasreceivedatotalof2,157applicationsincalendaryears2012through2016,fourofwhichwerewithdrawnandelevenofwhichwererejected.Reasonsforrejectionincludedbackgroundcheckfindings,financialreviewfindings(suchasinsufficientcashonhand),andapplicationreviewfindings.Table1.RegistrarAccreditationApplications,2012–2016

Year Applications Withdrawals Rejections2012 57 0 62013 183 2 32014 519 1 12015 847 1 12016 551 0 0Total 2157 4 11

ReviewofRegistrarAccreditationApplicationstakeonaveragethreetosixmonths.However,thistimingislargelydependentupontheresponsivenessoftheapplicant.Delaysinapplicantresponsemayextendtheoverallreviewcycletotwelvemonthsorlonger.

PartI–Question5-VettingRegistrarAccreditationApplications Page11

Follow-up


I.5.1 GACrequestsfurtherdetailsonwhatarethefinancialcostsassociatedwithprocessingeachapplication,includingverificationcosts(questionI.5.d).HowmuchdoesICANNpayThompsonReuterstoconductchecks?Also,arethereanothercostsICANNincursafteritreceivesThompsonReutersdata,i.e.,isfurtherinvestigationorchecksrequired?

Open

I.5.2 Havetherebeeninstanceswhentheabove-referencedatabaseshavenotproduceddata?Ifso,whatdoesICANNdoinsuchcircumstances?

Open

I.5.3 IsThompsonReutersabletoprovideabove-referencedchecksforeverycountryintheworld?Ifnot,whichcountriesarenotincludedintheirchecks?

Open

I.5.4 WhatdoesICANNdoifthereisinsufficientorcontradictorydataprovidedbyabove-referencedchecks?

Open

PartII–Question1–VettingRegistryAccreditationApplications Page12

PartII.ImplementationofNewgTLDApplicantGuidebookandRegistryAgreement


1.VettingRegistryAccreditationApplicationsTheNewgTLDApplicantGuidebook(v.2012-06-04),Module1,Section1.2.1,Eligibilitystatesthat“ICANNwillperformbackgroundscreeninginonlytwoareas:(1)Generalbusinessdiligenceandcriminalhistory;and(2)Historyofcybersquattingbehavior.”HowisICANNmonitoring,enforcingand/orverifyingcontinuedcompliancewithSection1.2.1?


TheApplicantGuidebookrequirementswereusedtoevaluatetheapplicants.ICANNmonitors,enforces,and/orverifiescontinuedcomplianceviaArticle1.3.aRepresentationsandWarrantiesintheNewgTLDRegistryAgreement,whichcoverscontinuedcompliancewithwhatanapplicantstatedinitsapplication.ICANNmonitorsmediareportsincludingsocialmedia,reviewscomplaintsreceivedandtheregistry’sannualcertificationwhereapplicable,andconductsauditsaddressingtheseissues.VerifyingcompliancemayincluderequestingdifferenttypesofdocumentssuchascurrentCertificateofSubsistence(alsoknownas"GoodStandingCertificate")orthelocalequivalent,andrecentfiscalyearFinancial/OperationalStatementorthelocalequivalent(audited,ifavailablewithredactedproprietaryorconfidentialdata).

Follow-up


None

PartII–Question2–SecurityChecks,Specification11,Section3(b) Page13


GACQuestion(HyderabadCommuniqué) ICANNResponse(8Feb.2017)

2.SecurityChecks,Specification11,Section3(b)a. DoesICANNcollectand/orreviewthesestatisticalreportsorotherwise

verifythatthePublicInterestCommitmentisbeingmet?

Specification11intheNewgTLDRegistryAgreementenablesICANNtorequestreportsrelatedtotheSecurityChecksundertakenbyRegistryOperatorsandtheactionstakentoaddressthem.ICANNreviewseachreportindividuallytoaddressareportedissue;thisisaproactivereviewinitiatedasaresultofmonitoringoranaudit.Statisticalreportsmostcommonlyinclude:

• Numberofdomainnamesreviewedduringanalysis• Listofdomainnameswithpotentialthreats• Typeofthethreatidentified-malware,botnets• Typeofactionstakeninresponsetothreats• Status(open/pending/closed)andstatisticsonactionstaken• AdditionaldetailsonthreatssuchasIPaddress,geographiclocation,and

registrantinformation• Trendsandalerts

b. IsICANNconductinganytypeofindependentresearchthatallowsittoobtainmetricsandgeneratestatisticsrelatedtoconcentrationofmaliciousdomainnamesperregistrar/registryandhowthistrendsoveradeterminedperiodoftime

Atthistime,ICANNisnotgeneratingstatisticsonmaliciousdomainsinacomprehensiveway.However,theOfficeoftheChiefTechnologyOfficerisconductingaresearchprojectthatworkswithindustryexpertstodevelopaservicethatconsolidatesanumberofDNSabuse-relateddatafeedstogeneratestatisticsonavarietyofmaliciousdomainnamesperregistrarandregistry.Theintentofthisresearchprojectistoprovideanauthoritative,unbiased,andreproducibledatasetthattracksDNSabuse-relatedtrendsovertime.

c. IfICANNisconductingthisresearch,pleaseprovideabriefexplanationofhowtheanalysisisperformedandwhatspecificactionsICANNtakesinresponsetotheresultsindicatedbythedata.

Asmentionedinresponse2b,thereisaresearchprojectindevelopment.Theanalysisbeingperformedistoaggregatedatafeedsandgenerateanindexbasedontheprevalenceofthedifferentkindsofabusethatarebeingreported.WhileICANN’splansregardingactionswiththedatahavenotyetbeenfinalized,itislikelythoseactionswillincludeatleastinformingregistriesandregistrarsoftheirabusestatisticsandtheirpositionrelativetothemedianfortheindustry,andworkingwiththeorganizationsthatrequestICANN’shelpinmitigatingtheabuse.



GACQuestion(HyderabadCommuniqué) ICANNResponse(8Feb.2017)

2.SecurityChecks,Specification11,Section3(b)d. IfICANNisNOTconductingthisresearch,pleaseexplainwhynot.Inthe

interestsoftransparency,theGACrequestsareportcontainingthesestatisticsandsummariesofactionstakeninresponsetothesecuritythreatsidentifiedabove.

Atthispointintime,thetoolusedtoaggregateandreportonDNSabuseisstillunderdevelopment.Thecurrentplanistohavethetoolinbetabythesecondquarterof2017

e. TheGACwouldliketoremindICANNthatthelistofSecurityThreatsintheNewgTLDSafeguardsisnotmeanttobeexhaustive.Infact,theSecuritychecksSafeguardapplicabletoallNewgTLDsrefersto“securitythreatssuchasphishing,pharming,malware,andbotnets”(emphasisadded),whichdoesnotexcludeotherrelevantthreats.Pleasedescribewhatanalysisandreportingisconductedregardingotherrelevantthreatsnotlistedabove,includingspam?

Thetoolbeingdevelopedislimitedtothedatawecancollectfromthevariousmaliciousdomainname-relatedservicessuchasSURBL,Spamhouse,etc.Atthistime,thedataavailableallowsustoaggregateinformationrelatingtomalware,botnetcommandandcontrol,phishing,andspam.Asmoreformsofabuseareprovidedviadatafeedswecangainaccessto,thetoolwillbemodifiedasappropriate.

Follow-up


II.2.1 ThepurposeofthisquestionwastosolicitbeneficialinformationonhowSpecification113(b)isfosteringgreatersecuritythroughdiligence,transparencyandaction,especiallyinthenewgTLDspace.Theresponseprovidedonthereceiptofreportswithunidentifiedactions,statistics,etc.shouldbemoredetailedindeterminingwhetherSpecification11,3(b)issuccessfulinidentifying,mitigatingandattributingabuseontheDNSthroughdomainnameregistrations.

Open

II.2.2 CanICANNprovidethelistofstatisticalreportsithasreceived,perbelowresponse?

Open

II.2.3 HowmanyreportshasICANNreceived? Open

II.2.4 DoesICANNtakeanyactionbasedonthecontentofthosereports?Ifso,whatactions,specifically?Ifnot,why?

Open


Follow-up


II.2.5 Pleaselistanddescribewhatspecificactionsondomainnameswithpotentialthreatsaretaken?IstherereportingtolawenforcementornationalCERTs?ICANNcontractualenforcementactions?Otheractions?

Open

II.2.6 Pleaseprovidestatisticsonopen/closed/pendingactionsreported. Open

II.2.7 Howis“AdditionaldetailsonthreatssuchasIPaddress,geographiclocation,andregistrantinformation”usedinrelationtosecuritychecks?

Open

II.2.8 WhatspecificactionsdoesICANNtakeregarding“trendsandalerts?” Open

II.2.9 TheGACPSWGisawareICANNhasbeenworkingonanAdvisorytoclarifytheprovisionsofSpecification11section3(b)intheNewgTLDRegistryAgreementrelatingtotheidentificationandreportingofSecurityThreats.ConsideringtheoriginoftheseprovisionsintheNewgTLDGACSafeguards,doesICANNplantoconsultwiththeGACPSWGinthismatter?

Open

II.2.10 WhendoesICANNplantoissuetheseclarifications? Open

PartII–Question3–AwarenessEffortsbyICANNonRegistries’Obligations Page16



3.AwarenessEffortsbyICANNonRegistries’ObligationsWhateffortsdoesICANNundertaketoensureregistries,areeducatedandawareoftheircontractualobligations?IsthereanICANNtrainingprogramwithcorrespondinglinksandinformation?


ICANNconductsoutreachtocontractedpartiesatICANNpublicmeetings,GDDIndustrySummits,viawebinars,andthroughpublishedmaterialonICANN.org.Theoutreachprovidesoverallcontractualguidelines,informsofpolicyand/orcontractchanges,andprovidesanopportunitytoproactivelycollaborateandaddresscomplianceissues.Inadditiontotheongoingeffortsoutlinedabove,in2014,ICANN’sGlobalDomainsDivisionconductedaseriesofglobal,interactive,hands-onworkshopsdesignedtoprovideguidancetoRegistryOperators,RegistryBack-endTechnicalOperators,andAgentsofRegistries.

Follow-up


None

PartIII–Question1–AbuseInvestigations,Research,Reports Page17

PartIII.DNSAbuseInvestigation,reportingandmitigationperformance


1.AbuseInvestigations,Research,ReportsICANN’sIS-SSRprogramsareaninternalresourcethatcouldbeutilizedforcontractenforcementpurposes.InadditiontoICANN’sIS-SSRprograms,thereareseveralpublicallyavailableanti-abusereportsthatcanbeusedtoassistICANNinenforcingcontractualobligationswithgTLDregistriesandregistrars.a) IsICANNcontractcompliancestaffawareofsuchpublicallyavailableabusereports?

i. Ifso,doesICANNutilizethesetoassistincontractenforcement?ii. IfICANNutilizessuchpubliclyavailableabusereportsforcontractenforcementpurposes,howdoesitutilizesuchreports?iii. IdentifywhatreportsorsourcesICANNutilizes?iv. IfICANNdoesnotutilizethesereportsforcontractenforcementpurposes,isthereanyreasonwhynotto?Arethereanyplansorawillingnesstodosoin

thefuture?b) DoesICANNhaveanyintentiontoutilizeitsIS-SSRprogramsforcontractenforcementpurposes?

i. Ifso,how?ii. Ifnot,whynot?iii. HasICANN'sIS-SSRconsideredestablishingabaselineforgoodregistryandregistrarbehavior?Ifso,pleaseprovidedetails.


RegardingquestionsIII.1.aandIII.1.b,ICANN’sContractualComplianceApproachandProcessincludesmonitoringactivitiesthatareICANN-initiated,basedinpartonindustryarticlesandtrendanalysis.Thisincludespubliclyavailableanti-abusereportsandICANN-generatedreports.ThesereportsmaybeusedforCompliancereviewandactiontotheextentthatthereportscovertopicsthatarewithinthescopeofthe2013RegistrarAccreditationAgreementandRegistryAgreement.Inaddition,thesereportsareonepartoftheselectioncriteriafortheregistrarandregistryauditprograms.

PartIII–Question1–AbuseInvestigations,Research,Reports Page18

Follow-up


III.1.1 ICANNhasnotprovidedinformationabouthowitutilizes“publiclyavailableabusereports”(questionIII.1.a.ii).Theanswer“ThesereportsmaybeusedforCompliancereviewandactiontotheextentthatthereportscovertopicsthatarewithinthescopeofthe2013RegistrarAccreditationAgreementandRegistryAgreement”doesnotprovideanyinformationonwhatspecificallyICANNcontractcompliancedoeswiththereports,especiallyasitrelatestoIS-SSR.Forexample,ifIS-SSReitherfindsoutfromathird-partyordiscoversthroughICANNinternalanalysis,thataregistrarorregistryiseithercommittingabuseorallowingabuse,whatdoesContractCompliancedo?Isthereaformalizedprocesstodealwiththesesituations?

Open

III.1.2 ICANNhasnotidentifiedreportsorsourcesitutilizes(questionIII.1.a.iii).Pleaseprovidespecifics.

Open

III.1.3 ICANNhasnotansweredwhetheritintends“toutilizeitsIS-SSRprogramsforcontractenforcementpurposes”(questionIII.1.b.i),andifsohow,andifnot,why.

PartIII–Question2–Multi-JurisdictionalAbuseReporting Page19

PartIII.DNSAbuseInvestigation,reportingandmitigationperformance


2.Multi-JurisdictionalAbuseReportingICANN’sformerChiefContractComplianceOfficer,AllanGrogan,publishedablogposton1October2015entitled“UpdateonStepstoCombatAbuseandIllegalActivity”.Inthisblogpost,Mr.Groganindicatesthecomplainantmustidentifythelaw/regulationviolatedandtheapplicablejurisdiction.Manycyber/malware/botnetattacksaffectmanyTLDsspreadacrossmanyinternationaljurisdictions.a) Pleaseclarifywhatproceduresshouldbefollowedwhenacomplainantseekstosubmitvalidreportsofabusetoregistrarsinvolvingincidentsinmultiple

jurisdictions?b) Inparticular,whatdoesICANNrequirefromcomplainantstoidentifythoselaws/regulationsinthejurisdictionsofeachaffectedregistrar?


Reportersshouldprovideasmuchinformationaspossiblewhensubmittingacomplaint,includinginformationregardingallegedviolationsoflaws/regulationsinoneormoreapplicablejurisdictions.Asstatedintheblog,ICANNContractualComplianceconsidersitreasonableforaregistrartoexpectthatareportofabuseorillegalactivityshouldmeetatleastthefollowingcriteria,absentextenuatingcircumstancesorreasonablejustification:

1. Thecomplainingpartyshouldbeidentifiedintheabusereportandshouldprovideawayfortheregistrartocontactthecomplainingparty.2. Thespecificurl(s)thatareallegedtobethesourceoftheabuseorillegalactivityshouldbeidentified,i.e.,theregistrarshouldnothavetoguessor

searchthewebsitetounderstandwheretheoffendingmaterialislocatedoroffendingactivitiesarebeingconducted.3. Thenatureoftheallegedabuseorillegalactivityshouldbeidentifiedwithspecificity,includingidentificationoftherelevantlaworregulationallegedto

beviolatedandtheapplicablejurisdictionwheresuchlaworregulationisineffect.4. Ifthecomplaintallegesinfringementorviolationofanindividualorentity'srightsunderalaworregulation,thereportshouldidentifytheindividualor

entitywhoserightsareallegedtobeviolatedorinfringed,andtherelationshipbetweenthecomplainingpartyandsuchrightsholder(e.g.,isthecomplainingpartytheindividualorentitywhoserightsareallegedtobeviolatedorinfringed,oranauthorizedagentofthatpartyoristheresomeotherrelationship).

5. Ifacourt,regulatoryauthority,orlawenforcementagencyhasmadeaformaldeterminationthatabuseorillegalactivityistakingplace,thatformaldeterminationshouldbesubmittedifavailable.

6. Iftheabusereportrequeststheregistrar'scompliancewithaparticularlaworregulation,itshouldsetforththebasisforbelievingthattheregistrarissubjecttothatlaworregulation.

7. Acomplainingpartyshouldnotsubmitmultipleabusereportscomplainingaboutthesameinstanceofthesameactivityiftheregistrarhaspreviouslyrespondedtoanabusereportaboutthatactivity.

ICANNrequiressufficientinformationtoenableICANNandtheregistrartoreviewanddetermineaproperresponseoractioninrelationtotheallegedviolationoflaworregulationfortheapplicablejurisdiction(s).

PartIII–Question2–Multi-JurisdictionalAbuseReporting Page20

Follow-up


None

GAC Communiqué – Copenhagen, Denmark - ICANN · GAC Communiqué – Copenhagen, Denmark 1 I. Introduction The Governmental Advisory Committee (GAC) of the Internet Corporation

Documents