The Internet Corp for Assigned Names and Numbers is planning to review how it accredits and disciplines domain name registrars, after the fiasco at Registerfly.com that has put tens of thousands of web sites at risk.
In a strongly worded statement released yesterday, ICANN president Paul Twomey called for decisive action to reform its standard Registrar Accreditation Agreement, to help protect domain customers.
What has happened to registrants with RegisterFly.com has made it clear there must be comprehensive review of the registrar accreditation process and the content of the RAA, he said. There must be clear decisions made on changes. As a community we cannot put this off.
ICANN will revoke Registerfly’s accreditation, cutting off its ability to sell domain names, at the end of the month. Registerfly has been hit by an internal feud between its two senior executives, ex-boyfriends whose relationship dissolved into allegations of fraud and corruption and resulted in many, many angry customers.
Registerfly’s customers have in many cases said they have lost their domain names, after the company took money two or three times for renewals before failing to renew their domains. When the domains expired, they were snapped up in a matter of seconds by speculators.
ICANN’s Twomey appeared to call for ICANN to be given more powers to enforce registrar compliance with the RAA. Currently, the only thing it can do to keep a registrar in line is to threaten de-accreditation, a power it was reluctant to exercise until Registerfly was falling apart at the seams.
Registrants suffer most from weaknesses in the RAA and I want to make sure that ICANN’s accreditation process and our agreement gives us the ability to respond more strongly and flexibly in the future, Twomey said.
There is a need for better enforcement mechanisms and an ability for ICANN to intervene more quickly if a registrar fails or is engaged in damaging business practice, he later added.
Christine Jones, general counsel of Go Daddy Inc, the biggest registrar, agreed with this sentiment, but suggested that ICANN could have done something about Registerfly earlier.
There should have been a way for ICANN to go to Registerfly – and I think there could have been a way – and say ‘Get this cleaned up or else’, she said. When a registrar is doing something the community thought was not good, there was never any defined disciplinary procedure.
Twomey also called for changes around ICANN access to registrant data, including access when registrants have specifically chosen to have their privacy protected by a proxy registration service.
In such services, registrars such as Registerfly and Go Daddy mask the customer’s name and address in the public Whois service, displaying the name of a company-affiliated proxy registrant instead.
This kind of service, while arguably only legitimate due to a loophole in the RAA, is undeniably valuable to registrants, but it does pose a problem now with Registerfly’s collapse.
ICANN does not have access to the proxied data, which means only Registerfly knows the names of the legitimate registrants. Those domains are more at risk now than domains that were registered without the privacy service.
We’ve got some data but don’t have access to the full set, said ICANN vice president Paul Levins. It’s particularly problematic with ProtectFly. Unless people can convince Registerfly to transfer the data, that’s when it becomes problematic for them.
They will lose their domains, he said.
The data is protected in such a way that it’s not easily identitifiable unless the individual authorizes the registrar to release the data. It’s a vicious cycle – ICANN can’t get the user’s identity unless the user authorizes it, and ICANN doesn’t know who to ask for authorization.
Levins estimated that 15-20% of the data it obtained from Registerfly was covered by ProtectFly. It’s not clear how many domains Registerfly has under management, but last November it had at least 300,000 in .com and .net, according to registry server reports.
Registrants clearly want ICANN to have more capacity to access data on their behalf if there are significant problems with their registrar, Twomey said in his statement.
Under the RAA, all registrars have to escrow their registrant data to ICANN, but ICANN has never had processes to ensure this happens systematically. It was only when the scale of Registerfly’s problems became public that ICANN stepped it to forcibly take copies of its data as a last resort.
An even more fundamental problem with ICANN’s registrar accreditation process has been a loophole that allows accreditations to change hands relatively cheaply.
Many of the over 865 extant accredited registrars are simply shell companies used by domain hoarders to capture valuable expiring domain names. Connections to the domain registries are rationed, so the more accreditations an entity holds, the better their chances of grabbing available unreal estate.
It is possible for companies to ‘avoid’ accreditation application process by buying a registrar. How can abuse of this loophole be stopped? Twomey said in his statement.
In many respects this call for reform goes beyond simply rectifying the problems that allowed the Registerfly debacle to come about, and speaks to some of the fundamental business mechanisms under which much of today’s traffic industry operates.
What will come of Twomey’s call for reform is uncertain. The organization and its constituents will meet in Lisbon, Portugal next week to discuss this and other matters.
But the very constituency that Twomey seems eager to protect – registrants – have always been under-represented at ICANN meetings. If it was ever true that registrars were qualified to speak on behalf of their customers, by now it is no longer the case.
The Lisbon meeting has an open-to-all public participation web site at http://public.icann.org/