Contractual Compliance ALAC Update 24 June 2012 Agenda General Update Overview of Submitted Questions.

Download Report

Transcript Contractual Compliance ALAC Update 24 June 2012 Agenda General Update Overview of Submitted Questions. 

Contractual Compliance
ALAC Update
24 June 2012
Agenda
General Update
Overview of Submitted Questions
2
Three-Year Plan
Strengthen program and operations (Core Operations)
Establish performance measures and improve reporting
(Transparency and Accountability)
2013
2012
Transformation Phase
2011
Assessment Phase
Stabilize operations
Assess people,
processes and tools
Develop improvement
plan
Begin implementation
of plan
Grow staff in number and
expertise
Standardize operations
Plan and develop
- Global metrics
- Audit strategy
- System enhancements/process
- Annual Compliance Report
New gTLD readiness
Future Phase
Continuous
Improvement
Consolidate
Contractual
Compliance Systems
Rollout Annual Audits
3
General Approach & Turn Around-Time
PREVENTATIVE
Monitor, Audit,
Educate & Outreach
I
n
t
a
k
e
ENFORCEMENT
INFORMAL RESOLUTION
1
1st Inquiry
or Notice
Email
3
2
2nd Inquiry
or Notice
Email
Phone call
FORMAL RESOLUTION
Final Inquiry
or Notice
Email
Phone call
Fax
Breach Notice
Check other non-compliance
Suspension (Rr)
Termination
Non-renewal
Publish on website
NOT in Good Standing
Good Standing
Turn Around Time in Business days
5 general
15 WDPRS
5
5
15
case by case
4
Complaint Types and Phases
WHOIS
Access
0.4%
UDRP
1.3%
WHOIS
Inaccuracy
63.2%
Transfer
16.6%
Data
Escrow
Miss
1.1%
Customer
Service
Data
17.1%
Escrow
Audit
0.3%
Prevention phase
15,292 Complaints
Mar 2012 – All Complaints
May 2012
Received by Type
Enforcement
Phase
March – May 2012
Quantity
Customer Service
2,627
Data Escrow Audit
44
Data Escrow Miss
171
Transfer
2,463
UDRP
197
WHOIS Access
61
WHOIS Inaccuracy
9,728
Law Enforcement
1
Total Complaints
15,292
Breach
7
Suspension
0
Terminated/
Non-Renewal
1
5
Informal Resolution Phase
March - May 2012 data
• % of Complaints sent
in each phase
• Based on the 1-2-3
compliance approach
• Complaint Notices
tracked manually past
trimester
Complaint Type
Notification Phase %
1st
2nd
3rd
Customer Service
N/A
N/A
N/A
Data Escrow Audit
77%
20%
2%
Data Escrow Miss
91%
6%
2%
Transfer
78%
17%
5%
UDRP
60%
40%
0%
WHOIS Access
81%
19%
0%
WHOIS Inaccuracy
62%
21%
17%
N/A = Not Available
6
Global Complaint Trend
4
8
Hundreds
Hundreds
5
6
12
10
8
3
4
6
2
2
4
1
2
0
0
Europe
0
Asia
January
February
March
April
Hundreds
Americas
Global Complaint Count
Trend
May
Thousands
Thousands
March – May 2012
10
5
0
7
3
3
Jan
Feb
3
4
0.6
0.4
0.2
0
Australia
Mar
Apr
May
7
WHOIS Inaccuracy Complaints by Region
March – May 2012
64%
Americas
13%
Europe
15%
Asia
0%
Africa
Unknown Continent 7%
1%
Australia
8
WHOIS Inaccuracy Complaints by TLD
March – May 2012
biz
com
info
0
0
0
0
0
Americas
183
3,647
853
0
1
Asia
17
993
105
0
0
112
Europe
12
685
22
0
0
Australia
Unknown*
Continent
0
85
0
0
12
250
213
Africa
Total
224
5,660 1,193
mobi name
net
0
org unknown Total
0
0
0
0
6,178
32
0
1,259
726
28
0
1,473
0
10
12
0
107
12
1
185
37
1
711
12
2
2,200 436
1
9,728
1,167 327
* 710 Tickets Pending Systematic Classification
9
ALAC Question #1
Q: ALAC requests formal confirmation that ICANN does
not have the ability to enforce RAA 3.7.8 in terms of
domain deletions for WHOIS inaccuracy as stated on page
79 of The WHOIS Policy Review Team Final Report.
Specifically, it is desirable to ascertain whether
Compliance, or any other Department of ICANN, has the
authority to hold a Registrar in breach for failing to
delete a domain with inaccurate WHOIS or for failing to
actually correct documented inaccuracies.
10
Response to Question #1
• ICANN has the ability to enforce registrars’ obligations
under the RAA, including those under Section 3.7.8.
• ICANN is authorized to breach a registrar for failure to
delete or failure to correct inaccurate whois, but these
are not the only actions registrars can take to be in
compliance with Section 3.7.8
• As we have advised previously, what is deemed
reasonable steps to correct each alleged inaccuracy is
examined based on the circumstances.
11
ALAC Question #2
Q: ALAC requests that ICANN General Counsel be
in attendance to answer any questions which
Compliance is not able, or does not have the
authority to answer.
R: Samantha Eisner, Senior Counsel with the
Office of General Counsel, is in attendance.
12
ALAC Question #3
ALAC requests to be informed: (i) of the level at which
the decision not to issue breach notices [to particular
registrars] was made (Compliance or elsewhere in
ICANN?); and (ii) of the criteria for such a decision?
• Contractual Compliance staff made the decision in
adhering to its process for enforcing the RAA
13
ALAC Question #4
What is the legal rationale for keeping the names
secret of registrars who have been the subject of
unresolved complaints?
• Where unresolved complaints result in breach of the
RAA, those breach notices are published
• In order to encourage cooperation toward informal
resolution, the names of registrars subject to
compliance investigations are not published.
14
ALAC Question #5
What is ICANN doing to instill public confidence in the
new gTLD program, given its questionable track
record in addressing problems within the existing
number of registrars and registries?
• Strengthening Contractual Compliance is one of
ICANN’s strategic priorities
• Proposed FY13 Budget represents an increase of 62%
from FY12 to:
 Improve on the current systems
 Hiring additional staff
 Planning outreach activities for increased transparency and
improved communications
15
ALAC Question #6
How many ICANN-accredited registrars are currently
out of compliance with the RAA? When will their
accreditation be revoked?
• Non-compliant registrar count changes constantly - as
matters resolve through “informal resolution” process
• An accreditation can be terminated when the registrar
fails to cure a contract breach after being given
notice of the breach and an opportunity to cure
16
ALAC Question #7
What mechanism is in place to inform consumers of
an occasion in which an ICANN-accredited registrar
is out of compliance with its trustmark?
• Please provide more information on what you are
considering to be the trustmark and how that might
relate to our enforcement capabilities. If you are
inquiring about the use of the ICANN Accredited
Registrar logo, upon revocation of Accreditation,
ICANN revokes the right to use that logo.
17
Questions & Feedback
Please send your feedback to
[email protected]
Subject
[ICANN44 Meeting]
18
Appendix
19
Contractual Compliance Dept
• 12 members currently
• Arabic, English, French, Hindi, Mandarin, Spanish, Urdu
• Organization
• Head of Compliance (1)
• Registrar and Registry Compliance (9)
• Risk and Audit Management (1)
• Performance Measurement and Reporting (1)
• 1 new member in July 2012
• 2 open positions
20
Compliance Plan Update
Short Term: March – August 2012
Enhance current ticketing applications
 Consumer Ticketing updated with notification cycle
 WHOIS ticketing software changes planned for July 2012
production release
 UDRP Process-Template changes implemented June 2012
 Document Management System Deployed & staff trained
 Business Intelligence & Reporting Tool Prototype built, under
review for technical & business value
Define & implement a consolidated compliance system
 3 feasibility studies conducted
Defined Compliance Audit Strategy and Approach
21
Registry Compliance & Locations
March – May 2012
• All registries submitted monthly transactions reports
• Registries reported 100% compliance regarding:
 DNS Availability
 WHOIS Availability
 Equal registrar access to the Shared Registration System
 No complaints regarding denial of bulk access to zone
file
• 2 compliance inquiries in “preventive” phase
10
7
1
22
New gTLD Compliance Readiness Plan
Staff Readiness 2012
• Dedicating resources to build knowledge on new gTLD
Agreement
• Train other staff members
• Hire additional staff
Operational Readiness
• Enhance the complaint system to capture additional types and
metrics
• Review and assess operational needs and changes
• Prepare standard communication templates
• Design an audit strategy
• Plan Outreach activities
23
“Preventative” Initiatives for Registrars
March – May 2012
 Validated registrars’ responses to WDRP audit
 Published 2012 port 43 Audit Report
 Outreach to top 10 registrars with most # of WHOIS
complaints
 Outreach to top 10 registrars with most # of transfer
complaints
 Validate and evaluate registrar self-assessment &
responses
 Complete staff training on transfer policy changes
 Continue to standardize processes and templates
24
Outreach –Top 10 WHOIS & Transfer
16 (One hour long) conference calls with registrars to:
•
•
•
•
Share ICANN’s analysis of complaints and findings
Discuss registrar’s transfer/WHOIS practices and procedures
Explore possible ways of addressing the common issues
Share general Compliance approach
Trend from March – May 2012 (T refers to Trimester)
 WHOIS: 8 out of 10 registrars’ monthly average complaints
decreased
 Transfer:
 No reduction in complaints against registrars in China
 3 non-AP registrars in T2 have all dropped out of top 10 list
 9 out of top 10 T3 list are in Asia Pacific
 7 out of top 10 T3 list are in China
25
Single Submission WDPRS Process :
Current vs. Proposed
ENFORCEMENT
PREVENTION
1
2
3
4
5
1st Inquiry 2nd Inquiry 3rd Inquiry 4th Inquiry Final Inquiry
PREVENTION
1
1st Notice
2
2nd Notice
ENFORCEMENT
3
3rd Notice
• Currently registrars are only required to show proof if they have not
responded after 3 ICANN inquiries
• Revised - First notice will require registrars to provide proof of
reasonable steps (including actual documentation)
26
WDPRS Changes Coming Soon…
Notices
Sent to
Impact on Registrar
1st
Notice
WHOIS Contact
Registrars required to respond 15 business days from
date of alleged WHOIS inaccuracy
2nd
Notice
WHOIS Contact &
Primary Contact
Registrar will receive additional notification with 5
business days to respond.
3rd
Notice
WHOIS Contact &
Primary Contact
Registrar will receive additional notification with 5
business days to respond.
Registrars must provide the correspondence with the registrant (including
dates and times and means of inquiries, telephone number, e-mail
addresses, and postal addresses used)
27
UDRP Compliance Changes
Implemented on 20 June 2012
Notices Sent to
Impact on Registrar
1st
Notice
UDRP Contact
Registrars required to respond 5 business days from
date of UDRP inquiry shortened from 10 business days
2nd
Notice
UDRP Contact & Registrars will receive additional notification with 5
Primary Contact business days to respond.
3rd
Notice
UDRP Contact & Registrar will receive additional notification with 5
Primary Contact business days to respond.
Registrars must provide the correspondence with ICANN, the Provider and
the Parties.
28
Summary of IRTP Changes
effective 1 June 2012
1. Transfer Emergency Action Contact (TEAC) (new
requirement & obligations)
2. Registrar of Record to send Form Of Authorization (FOA)
to Registered Name Holder to confirm intent (optional 
mandatory)
3. Add clarity to reason for denial #6 (express written
objection from Transfer Contact and mandatory obligation
to unlock)
1. Delete reason for denial #7 (domain in “lock” status)
29
Transfer Impact on Registrars & ICANN
Changes
TEAC in
RADAR
Registrar of
Record (ROR)
to send FOA
Registrars
Must have TEAC contact
information in RADAR by 1
June 2012
Must respond to Losing
Registrar in 4 hours
Must send FOA to RNH
from 1 June and per other
existing IRTP requirements
Clarify Reason Must obtain express and
for denial #6
informed consent from
Transfer Contact
Must un-lock domain
within 5 calendar days
upon request
Delete reason No immediate impact
for denial #7
ICANN
Review RADAR info to assess compliance
Receive non-compliance reports
Assess whether ROR sent an FOA to RNH
May request copy of FOA from ROR when
processing complaints
Assess whether Transfer Contact provided express
and informed consent on an opt-in basis
Assess whether registrar removed the lock or
provided a reasonably accessible method for
Transfer Contact to remove the lock within 5
calendar days
No immediate impact
30
Complaints per Domain Volume
# Complaints
% Complaints per Domain Volume
# registrars per region
# registrar w/ Complaints
% Unique registrars with
complaints per region
1,596
.008%
141
67
47.5%
Asia
137
.007%
21.2M
19.7%
1,384
0
0%
5
0
0%
Australia
697
6,498
Africa
98.8M
Europe
Feb 2012 Domain Volume/Million
Americas
LEGEND
March – May 2012
14.3M
3,067
.021%
161
61
37.9%
6.4M
130
.002%
18
11
61.1%
31
Registrar Complaint Ratios
March – May 2012
Continent
Africa
% Complaints per % Registrars
Domain Volume with Complaints
0%
0%
Americas
Asia
Europe
0.007%
0.021%
0.008%
19.7%
37.9%
47.5%
Australia
0.002%
61.1%
32
WHOIS Inaccuracy Complaints Closed
March – May 2012
9,000
8,000
7,000
6,000
5,000
4,000
3,000
2,000
1,000
Manually Closed
System Closed
Rejected
Total Closed = 8511
WHOIS Complaints
Closed
498
6,764
Percentage
Rejected
15%
Systematically
79%
Manual
6%
498 Manually Closed Complaints
1,249
1,249 Rejected
Reporter Unconfirmed
Invalid
Invalid On Hold
Not Found
Not Processed
565
6
294
17
367
Domain Expired/Deleted
24
Data Updated
Domain Transferred
Invalid Report
Privacy/Proxy
Registrar Verified Data
Correct
153
7
26
70
Domain Suspended
144
74
*Additional tickets closed, but software
updates needed to capture stats on
additional closures.
33
UDRP
Monitoring
March – May 2012
2 Intake Systems for receiving complaints and inquiries
• General Complaint Intake – 191 UDRP inquiries processed
and closed, i.e., UDRP FAQ, Process questions and Advice requests
• UDRP Intake – 6 complaints about registrars failing to
implement UDRP Provider decisions
Resolved within
1ST NOTICE
2ND NOTICE
3RD NOTICE**
MARCH 2012
0
1*
0
APRIL 2012
5
1
0
MAY 2012
1
2
0
*Notice refers to complaint submitted prior to Trimester 3
** Decisions have been implemented
34
ICANN Referrals to Law Enforcement Agencies
• Referrals will be made on a case-by-case basis
• Criteria for referral if:
 The matter has caused, and if not addressed or rectified, will
likely continue to cause substantial harm to registrants or
Internet users.
 The matter is likely to be a violation of applicable laws or
regulations.
 The referral will not cause ICANN to violate the terms of the
agreements it has with contracted parties or any applicable
laws or regulations.
35
ICANN Referrals to Law Enforcement
Agencies
DRAFT – Brainstorming Activity
36
37
• Link to Form - DRAFT FORM - ICANN
Referral to Law Enforcement Agencies
37
Registrar Suspension Update
Suspension Criteria (section 2.1 in 2009 RAA)
… suspend a registrar’s ability to create new registered
names or initiate inbound transfers of registered names for
one or more TLDs for up to a twelve (12) month
Suspension Duration:
1. X days up to 12 months
2. Suspend until termination
- Not cured and/or No or little effort
3. Suspend pending cure
- Work underway to cure and/or Work not completed
Frequently Asked Questions Link
38
Suspension Communication
Breach
Notice
Period
• Monitor progress during breach period
• Heads-up to potential registry operators re a “potential”
suspension
Suspension
Notice
• Communicate Suspension to registrar
• Communicate Suspension to potential registry operators
• Publish suspension notice
Suspension
Period
• Validate with registrar (checkpoint)
• Monitor the registrar’s registration activities
• Inform relevant registry ops of next steps
39
Customer Service Complaint Demographics
March – May 2012
8.3%
Americas
2.3%
Europe
5.9%
Asia
0%
Africa
Unknown Continent
82.8%
.7%
Australia
40
Customer Service Complaint Breakdown
March – May 2012
Complaint Category
CCTLD
Contact Update
CPanel
DN Dispute
Domain Renewal
Financial Transaction
GTLD
Name Password
Ownership Transfer
Redemption
Registrar Service
Reseller Provider
RIR PEN
Spam Abuse
Website Content
Africa
Americas Asia
-
1.4
27.3
11.2
7.1
12.8
4.0
16.1
13.6
5.9
10.2
50.0
20.4
3.5
Europe
1.4
4.5
4.5
5.8
8.5
12.0
19.5
3.8
6.8
11.7
8.0
2.5
4.5
2.6
3.6
8.0
2.5
1.7
6.8
-
Australia
1.5
0.9
1.7
9.1
0.5
0.8
-
Unknown
Total
Continent
100.0
100.0
94.6
100.0
63.6
100.0
80.2
100.0
82.7
100.0
78.7
100.0
100.0
100.0
76.0
100.0
60.2
100.0
77.3
100.0
89.7
100.0
80.5
100.0
50.0
100.0
61.1
100.0
88.5
100.0
41
Additional Resources
• Inter-Registrar Transfer Information
http://www.icann.org/en/resources/registrars/
transfers
• Amended transfer policy
http://www.icann.org/en/general/consensuspolicies.htm
• Learn more about ICANN Compliance
http://www.icann.org/en/resources/compliance
42
Q#3 - WHOIS Inaccuracy Ticketing
Current Approach (old)
Work underway to align with the 1-2-3 phases
Single Submission WHOIS Data Problem Report System
(WDPRS)
Manual
Automated
I
n
t
a
k
e
1
2
Remind
Registrar of
Obligation to
Take Steps to
Investigate
Request
Registrar
Confirm steps
Taken by
Clicking Link
in E-mail
3
If necessary,
Request
Registrar
Provide
Proof of Steps
Taken
4
If necessary,
Request
Registrar
Provide
Proof of Steps
Taken
5
If necessary,
Request
Registrar
Provide
Proof of Steps
Taken
Bulk Submission WDPRS in Beta
Automated
1
2
38