The fourth version of the Draft Applicant Guidebook (DAG4) on new TLDs was the subject of much debate at the recent ICANN Brussels meeting (at which Valideus was a silver sponsor).
There have been a number of improvements designed to prevent and mitigate malicious conduct – the main improvement in DAG4 is to strengthen the background checks on all applicants “to protect the public interest in the allocation of critical internet resources”. Applicants will now have to make “specific declarations” about their involvement in the domain industry including “intellectual property violations”. The checks will be performed by a third party firm “that can execute these checks based on public information”. The example is given of an applying entity failing because “it has been found liable in a series of cybersquatting proceedings”.
However, there is currently no requirement on registry operators to validate information provided by registrants in whois, to use CAPTCHA to prevent domains being registered by BOTS, to maintain a list of fraudulent IP addresses or to regulate privacy curtains. In Brussels, several law enforcement agencies called for such measures to be applied across all TLDs and received the endorsement of the Government Advisory Council (GAC) provided they can be implemented with respect to “applicable local law”. Paul Hoare of the UK Serious Organised Crime Agency said: “We believe that the industry needs mandatory minimum standards, because otherwise the good practices that some registries and registrars have only displace criminals to those with less strict regimes and less strict audits.”
FBI spokesperson Robert Flaim called for the contracts between ICANN and both registry operators and registrars to be tightened. “Certain individuals very much need privacy, and we respect that. But … law enforcement with due process should be able to trace the proxies” – a suggestion that is unpopular with such operators based outside the USA. Thick whois (where all records are held by the registry operator and not spread across registrars) has been mandated for all new gTLDs but, as the law enforcement specialists stated, the data needs to be accurate, up to date and freely available. ICANN also now promises to “perform regular audits” of applicants as part of its contractual compliance function.
Elaine says: (July 18, 2010 at 10:39 pm)
” there is currently no requirement on registry operators to validate information provided by registrants in whois, to use CAPTCHA to prevent domains being registered by BOTS, to maintain a list of fraudulent IP addresses”…
Because this is the registrar’s responsibility according to ICANN contracts. Don’t forget there is a party between (miscreant) applicants and registry operators.
david says: (July 27, 2010 at 12:15 pm)
Elaine: ICANN registrars may have a contract with ICANN but disappointingly there are a significant number of them who are less than rigorous at meeting their obligations. In the past two years we have seen the rise of Bad Actor registrars such as Lead Networks (now de-accredited) who conspire to infringe rights owners. We therefore agree with the law enforcement specialists who deal with the consequences of malicious behaviours every day. We think that ICANN should impose greater requirements on registry operators to eliminate malicious behaviours higher up the chain. Of course ICANN could also impose greater requirements on registrars too. The sad fact is that ICANN’s investment in contract compliance has been woefully inadequate so far.