BigChanges

New Domain Registration Agreement Recognises Local Law and Privacy

BigChanges

I’ve spoken about the RAA (Registrar Accreditation Agreement) in the past.

I haven’t always been too positive about the planned changes to the contract and considering some of the things we were being asked to do my reaction was, in my view, quite reasonable.

Not only did some versions of the text demand far too much information from us, it also imposed a lot of restrictions on you, our customers, which we felt was, for lack of a better word, “mad”.

So what exactly is the RAA?

It’s the contract that governs our relationship with ICANN and also obliges us, as a company, to do certain things when we’re registering and managing generic top level domain names for you, our clients. There are also a bunch of obligations (and rights) for you as registrants.

All gTLD registrars have to have a contract with ICANN. Any company that sells gTLD domain names (com, net, org, info, biz etc.,) either does so directly as an ICANN accredited registrar or via a reseller or agent of a registrar. So any changes to the contract and its obligations will have an impact on the entire supply chain.

So what’s in the new RAA?

The new contract that is “almost cooked” is the output of over 18 months of negotiations between registrars and ICANN. It’s been a long slog, but the final product is something that we (Blacknight) will be happy to sign.

Are we 100% happy with it?

No, of course not. There are several clauses in the contract that could cause us headaches, but overall we’re happy with it. And hopefully ICANN will finalise the contract language in the next few weeks so that we will be able to sign it and move to implementing the changes on our end that will be required to be compliant.

Are the changes drastic?

For us as a registrar, no, not really. For some registrars I suspect the changes will involve quite substantial changes, but for us they won’t. We’ve discussed most of the changes internally and while they will require a certain amount of work they’re not impossible to implement.

But what about for domain name registrants?

Here there are quite a few changes. While many of them won’t have a big impact there are some that will.

So what will change?

Most of the big changes for our clients are with regard to validation and verification.

We will need to validate all data fields and elements that are submitted for domain name registrations, transfers and updates.

On the plus side this means that we should have overall better quality data, but on the downside we’re going to have to validate address formats which could prove messy. While some countries have relatively “neat” addresses with a relatively consistent format that isn’t always the case. A lot of Irish addresses, for example, consist of simply a townland and nothing else. They’re valid and the post will get there, but how we validate them pro-grammatically could be a challenge.

We will also need to validate email addresses or phone numbers for both account holders and domain name registrants. This may incur extra costs and push up the price of domain names.

What about Irish and EU law?

The new contract language does specifically state that we cannot be expected to be put in conflict with local law, so any obligation under the contract that puts us at odds with Irish law will need to be examined carefully. There is a process for getting a “waiver” based on “legal opinion”

We have already been in touch (informally) with the Irish Data Protection Commissioner and will be following up with them as well as with a number of EU officials. Some of the new obligations that we’d view as problematic are probably problematic for all EU registrars.

What about privacy?

If we can argue that a contract provision is in conflict with Irish law then we should be able to ask for a waiver. This would include some aspects that are related to privacy.

What about whois privacy and proxy?

The new contract brings a certain degree of clarity and should help with both users of proxy / privacy services as well as 3rd parties who need to interact with them. This should help in the case of registrar failure or when domains are abused.

And what about the law enforcement stuff?

Pretty much all of the law enforcement requested changes to the contract are in there in some form or other. They may not be exactly what law enforcement was asking for, but they’re there. We are an Irish company, so we only interact with Irish law enforcement. If anything that has been clarified.

What next?

ICANN has published all the documents for public comment.

Assuming there aren’t any substantial changes we’d expect to be able to sign on to the new contract once we are able to comply.

When do the new contract provisions come into force?

Some of them come into force as soon as a registrar signs the new contract. Others come into force from January 1st 2014.

 

(Original Image: common sense just ahead from BigStockPhoto)

, , , , , , , ,