ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. In response to the WHOIS Policy Review Team ICANN Compliance stated (on page 79): "there is no requirement in the RAA for registrars to ensure that WHOIS data is accurate" which is in line with the Review Team's own findings that "If data is found to be intentionally false registrars are not obligated to cancel the registration." However, in response to a request to clarify this issue ICANN Compliance stated in a presentation in Prague that "ICANN is authorized to breach a registrar for failure to delete or failure to correct inaccurate whois”. This Compliance statement is also in direct conflict with Compliance's advisory on the subject which states "[the RAA] does not require a registrar to cancel a registration.” Compliance was asked in session to cite the specific authority which allows them to "breach a registrar for failure to delete" but their answer did not address the question. This inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed.
This was not the only conflicting information which came out of the At-Large and Compliance meeting in Prague. In this discussion Compliance staff repeatedly asks At-Large representatives to cite specific examples of problems, but when a question concerning certain complaints (at minute 01:19:27) is asked and the room goes silent. To further the point, a specific case concerning BizCN is read aloud but not addressed specifically by Compliance. Compliance presented a number of process enhancements and improvements in automation at this meeting but the issue on the table was actual enforcement of the contract which seems to be lacking. Setting the tone for this missing enforcement was the apparent removal from ICANN's website of a flowchart entitled "ICANN Compliance Program for Registries and Registrars” which had no enforcement phase documented in the flow, only compliant dismissal, closure and circular shuffling. However, this has been replaced with three new charts which show significant improvement in stated process. Unfortunately, the question is still open as to if these processes will actually be used as stated. So far we do not have a good track record of real follow-through. The three legs of Compliance are Prevention through collaboration, Transparency through communication, and Enforcement. But it feels like this chair is going to drop us on the floor.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines