Fwd: [council] Response from GoDaddy regarding action taken with respect to a .org domain name

Fri Feb 2 21:26:57 CET 2007

Quoting Mawaki Chango <ki_chango at YAHOO.COM>:

> I agree with you as to forwarding your earlier message to the GNSO
> Council list, without further discussion on this list and further
> elaboration.
>
> Please note, however, that Robert Guerra sent a message with the same
> concern, you certainly are not the only one concerned. Here are my
> two cents:
>
> 1) If we want to go further on this, and I do think it is a relevant
> to do so, I would advise that we also request the "plaintiff" to
> explain and document how end users credentials of another network end
> up being disclosed on their web servers and pages, and based on their
> policy provisions what actions they have or should have taken against
> the person/service responsible of such misuse. Why nothing has been
> done in that regard, and contact has not been made with MySpace to
> inform them of whatever steps were taken to resolve that issue. As an
> end user, I wouldn't like to see my identity credentilas in a network
> service that I use be disclosed by any organization be it an NCUC
> member.

I am concerned less with the specifics of this case then with the  
process generally.  While it is useful to receive full information on  
this particular incident, I believe it more importnat to focus on the  
general concern tht this leaves far too much power in the hands of  
registrars.  Even if Go Daddy behaved entirely correctly, the next  
registrar may not.

I would also very much like to know how Go Daddy determined what harm  
would result from elimination of the name.  How did Go Daddy satisfuy  
itself that it's actions would not have caused significant harm to  
innocent parties?  Or did it really believe that the potential harm of  
the released information was so great that it justified immediate  
action regardless.  And, if this is the case, what procedures did it  
have in place to restore service to innocent third parties.

> 2) ICANN has reponsibility to do something there, while it should
> avoid micro-regulation and micro-management. At least because all
> this industry is highly geograpically distributed, and there is a
> void in many countries to that effect (the former explaining the
> latter, maybe.) As for issues such as the grace period, etc. ICANN
> could have a safeguard policy that would require a minimum of notice
> to be given and steps to be taken before any drastic measure such as
> shutting down a website. If necessary, provision could be made for
> the principle of subsidiarity wherever there might be conflict with
> national regulations.

Indeed, what the appropriate steps are is another conversation.  It  
may simply be enough to put registrars on notice that such behavior  
will arouse regulatory scrutiny.  It may be worthwhile to make a  
formal request, either by the NCUC to the Registrar Constituency or  
requesting that the GNSO make such a request, that the Registrar  
community adopt a "best practcices" document.  Or some form of  
enforcement action via the ICANN process to prevent a name deletion  
may be necessary.

Like Sitefinder, the question is not merely "what was the right thing  
to do here," but "what is the process for ensurng that the right  
result hapens consistently in the future."  This need not take the  
form of regulation (although that might ultimately prove necessary).   
But it seems to me that it warrants rather more than "how do you even  
suspect a registrar might act inappropriately."

Harold

> Just general ideas.
>
> Mawaki
>