|
||
|
||
In spite of the material we were presented with in Durban something has gone very wrong inside of ICANN Compliance. KnujOn has published a report which demonstrates that ICANN Compliance appears to completely collapse between September 2012 and December 2012. Following December 2012, ICANN seems to stop responding to or processing any complaints. It is around this time certain compliance employees start disappearing. This was not limited to the Sydney office as some would have us believe, all while we have been given assurances the compliance team was being ramped up not down. The accepted budget has 20 Compliance staffers listed but in reality there are only 14 employees with another ubiquitous staff member vanished from the roster. Six phantom employees is a lot.
We can see the impact of this within the report as 8000 plus complaints were not process effectively or simply did not get processed at all. This report was very much a follow up to a previous report which shows the lack of enforcement in detail. The report speaks for itself in its multiple examples. However, let us focus on one, which given the history and details is completely unacceptable.
The Rape Tube
While the registrar BizCn has been a cited as a comfortable home to drug-dealing sites as well as trademark infringement, one of the most outrageous domains existing in perpetual violation, but with the silent approval of ICANN, is The Rape Tube. A play on Youtube, rapetube[DOT]org offers the most heinous and sick material, which is beyond any other Internet trash (I can’t even re-print the site’s own description here). But this is not just about the garbage content, it is about ineffective ICANN policy and process. You see the Rape Tube is hiding behind a completely invalid WHOIS record which had been documented and reported to ICANN Compliance multiple times since 2011. The Rape Tube has the same WHOIS record as approvedonlinepharmacy[DOT]net and at least 1000 other illicit sites sponsored by BizCn and is accused of being part of a network run by a criminal organization. None of this is a problem apparently. Not only did the registrar fail to correct the issue or suspend the domains in question but ICANN did not issue a breach notice when alerted. When asked why, ICANN insisted that answering such questions would jeopardize ICANN’s relationship with BizCn. Placing the importance of a relationship with a contracted party in clear violation of the RAA over that of the ICANN commitment to the public seems a serious transgression of public trust. But, according to our research the relationship with BizCn trumps everything, calling the sincerity of ICANN pledges into question.
And this is not even the first time. In 2010 a BizCn-sponsored domain with false WHOIS was part of a massive malware attack. Complaints were filed, the registrar did not act, ICANN was notified and no breach notice was issued. Additionally, according to a recent report BizCn has not been providing Port 43 WHOIS access which is a condition of the contract. So what is going on here?
Analyzing the Analysis
Putting some perspective on the issue, the drive for new Compliance metrics started several years ago when the previous head of ICANN Compliance called for more resources and publicly accessible statistics. He was silently removed from his post shortly after. Now, we have a new push, but is it real?
Compliance has started publishing more information, but the way they put data out is frustrating. There is little context for their numbers. Look at this chart. Does it make sense? Does the Processed value include the Closed count? Add up the various closed counts and they do not equal the total closed count. Since the Processed value far exceeds the Received value we must assume that some portion of the 5043 processed complaints are from previous months, how many? How old? Are the closed complaints from this month or a previous month? Compare this chart to the chart below. The Received complaints in chart one for February is 2423. The second chart has 2409. If you assume they are adding the 14 breach and termination notices to the number works out, but breaches and terminations are not complaints. Look at the detailed list of actions and it becomes even more confusing. The charts list 6 Breach notices in February, but the detail shows 1 breach notice and the rest are updates of previous actions. The enforcements against Bargin Register, Inc and Power Brand Center Corp. are counted TWICE in different sections.
I put forth a different metric: Does what Compliance produces actually have any effect or benefit for the Internet? The simple answer is no. Cybercrime is barreling ahead and ICANN appears powerless to slow access to domain names for illicit use. But why would it? ICANN’s various moves always seem geared towards limiting the scope of Internet consumer complaints, favoring the desires of commercial stakeholders. To ICANN, the ordinary Internet user is not important. What is important is keeping the domain industry happy, so all areas of ICANN are engaged in this effort. Thus the language used to respond to complaints reflects this bias. Policy discussion occurs in public, but important decisions are still happening secretly. Most people do not own a domain name, but are impacted by their use. Even those who own domain names typically do no own very many. However, the spammers profiled in our report own thousands. The abusers of the system who purchase and dump domain names are contributing far more to ICANN’s growth than the average netizen could ever dream of. Spammers may be their best repeat customers and as such may receive better treatment than ordinary Internet users. The abusers put money and energy into the cycle. We’re counting on ICANN to protect the DNS but the watchman has been asleep too long and the thieves slip in with impunity.
The Invisible Money Line
Regardless of the flurry of compliance notices in 2013 the department remains a primary bill collector. The most recent notice is about a $6,834.56 deficit. But this is not simply about the money, it is about how much money. To say that only registrars who owe money get terminated is just the beginning of the story. Is Compliance a tool for shaking out registrars who are not “bringing home the bacon”? The number of registrars actually terminated in the last three years had less than 4,000 total combined .COM domains. This represents a rounding error decimal point in ICANN’s budget. 67% of the breach notices in the last 2 years were to registrars with fewer than 10k names. 85% have fewer than 20k names. Only 34% are for non-financial reasons—none ever reached enforcement level. 8 of them came up because of the new audit process so are not really complaint-based; without those, 76% of all enforcement is to collect fees. However, within the counts there are two anomalies: Tucows and XinNet. XinNet has over one million domains. However, ICANN stated this was “due to an error” and the breach was withdrawn. As for Tucows, they received multiple extensions and the issue was eventually dropped by ICANN. Would a registrar with a small number of domains who owed fees be given such reprieve?
What Happened?
There seems to have been a purge of critical compliance staff at the end of 2012 which coincides with the general decline of performance. Meanwhile, a minority of players are using the DNS as a weapon against consumers all under ICANN’s watchful eye. There cannot be consumer trust in an environment of skullduggery. It is part of the reason why sites like the Rape Tube are allowed to endure.
We started off with such high hopes from the new CEO but it appears he has come to a locked door which is beyond even the CEO’s ability to open. Additionally, even more doors were closed. What the CEO set out to accomplish cannot be completed. The special relationship with BizCn places real limits on what the CEO can deliver to the rest of the community. It seems he needs more support from the ICANN community to keep the organization on track, if he fails we all fail. Anyone who wants to discuss this issue and find out how to move forward can contact me directly.
Sponsored byCSC
Sponsored byVerisign
Sponsored byVerisign
Sponsored byRadix
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byIPv4.Global
A World-Renowned Source for Internet Developments. Serving Since 2002.
Additional reads
SECTION 1:
The Effectiveness of ICANN’s WHOIS Compliance Effort Appendix A:
Letter from WHOIS Review Team Chair to Maguy Serad, Senior Director Contractual
Compliance, ICANN Compliance
http://mm.icann.org/pipermail/atrt2/2013/000914.html
This is clearly dizzying. What you see in these documents over and over is the Review Team trying to get facts but ICANN consistently delivering them in contradictory fragments.
They further point out: So, how do we know how many employees they really have without knowing who? They could claim any number at that point. I guess this is just the ICANN portion that deals with numbers and not names ;-) ICANN responds by sending more confusing information leading the Review Team to ask: It goes on like this, with delays, incomplete information, discrepancies. Even now in the email you referenced ICANN is insisting that: But another member of the ATRT team quickly points out So here we are, they say they have 20, they can only prove 14 (and several were jettisoned). If they can be upfront with such basic information how can we trust ANY other information coming out of Compliance?ICANN has admitted there are in fact only 14 Compliance employees, not 20 as they requested funding for. Six phantom employees. Furthermore, they have tossed off the WHOIS Review Team requirement to implement WHOIS validation because it would be...too expensive. It's funny since they have budgeted nearly $1 million to STUDY the issues of invalid WHOIS. Actually doing anything...too expensive. The WHOIS RT Report has been eviscerated.
Your comments illustrate some checks and balances that need addressing within the ICANN organization. I think part of the problem lies with ICANN’s ability and its stakeholders to manage massive change on a global scale, and at the same time manage the way they engage stakeholders within the People’s Republic of China.
On the other hand I’m disturbed in that I don’t see any evidence of you attempting to contact registrars such as BizCN mentioned in your article. It would seem to be a responsible effort to be undertaken. If I was a registrar I would probably be boiling-over mad to read such accusations without at least giving the registrar the opportunity to respond.
Perhaps ICANN and/or you may not be aware there is a certain way to approach any registrar, or any business organization within China for that matter, when you have any question, or just want to be introduced in order to ask a question. Even if that question is related to a possible contractual matter. I know this from over 14 years of making trips to China directly related to the domain name industry. How registrars or any business in the PRC interprets and acts on contracts can be quite different from the way we in the ‘western’ world interpret them. It’s not necessarily a problem if you know how to deal with issues in the correct manner. Then it becomes amazing in what you can accomplish in the complex society and business environment of the PRC.
Very recently I met the COO and Vice General Manager of BizCN face-to-face at their offices. I had specifically targeted them for a meeting even though I had never met them before. How did I do this? I arranged for an introduction the Chinese way. I won’t go into detail here, but it’s no small feat.
I found them to be quite engaging and very honest in their opinions. I recently asked a fellow consultant and Chinese colleague to conduct basic research into the business practices and reputation of BizCN within Chinese online communities (Baidu, Weibo and other online forums).
Through our research, we didn’t find any articles or mentions online regarding dishonest dealings by BizCN. In general, it appears that BizCN has a relatively good online reputation. The tonality of the online media coverage since 2010 is positive, with most of the articles focusing on its contribution to larger local events, like the Shenzhen University Games.
In terms of the buzz on Weibo and other Chinese online forums, we did see several serious customer complaints. Overall, some of its customers are not satisfied with its customer service, and the fact that the company failed to address these concerns and effectively communicate with the customers has made angry customers spread out negative comments online. But it appears that BizCN made improvements by using Weibo to monitor and reach out to those unhappy customers.
We also observed that BizCN used its Weibo account to reply to negative comments with solutions. In particular we observed that the percentage of the complaints is still low, compared to BizCN’s huge market and the enormous number of registrar resellers and registrants in the PRC.
My comments here are not meant to explicitly defend BizCN, but to contribute a balanced view from within the Chinese context. However I will state that our research indicates that there is zero chatter in the PRC about gang/rape/murder/theft/etc issues around BizCN in Chinese media, social media, blogosphere, etc.
Thank you for the thoughtful cultural commentary, unfortunately it does not apply to the discussion.
Good point, should the new gTLD deployment be delayed? Nah, they’ve known about this for two years. This is inapplicable to the issue. ICANN already has a special relationship with BizCn which apparently supersedes the Affirmation of Commitments in all matters of dealing with the public. You didn’t look hard enough. Start with this: My identity has been stolen by BIZCN domain registrar (or their customer(s)), who is accredited by ICANN. Someone at BIZCN has registered over 50 to 70 domain names (or more) using my name and my address...My numerous attempts to call , email and fax ICANN ended up in a wall of silence and complete ignorance by ICANN... My numerous attempts to reach BIZCN ended up in "Jimmy" from BIZCN responding (after numerous no-responses) and promising changes, yet he did very little Nice commercial. Another commercial. The posting had nothing to do with complaints from customers of BizCn, rather abuse victims complaining about customers of BizCn. commercial… commercial… Um, you’ve basically said you consult for them, how else is the reader supposed to take the comments? Why would it? The people behind the domains in question are not Chinese. These are international illicit traffickers taking advantage of the cultural confusion you reference and abusing the Chinese domain marketplace. Efforts would be better placed on rooting the problems out.In response to your question: "...should the new gTLD deployment be delayed?" The new gTLD program is already delayed and has been quite some time. Your assumption that I consult for BizCN is incorrect. I have not ever been nor am I a consultant or employee to BizCN. The most I've ever received from BizCN is green tea to sip during our pleasant and cordial meeting.
The next time you have tea with him let him know BizCn was ranked #8 in the world for phishing by APWG in this most recent quarter.
It’s always good to see a humane, real-world perspective, especially in response to accusations made from a limited data set without context. Thanks Pinky.