Executive Summary:

Purpose:

This document contains updated versions of three CoCCA template documents, the Registrant Agreement, Acceptable Use Policy (“AUP”) and Privacy and WHOIS Policy. The changes proposed herein are largely to the Privacy and WHOIS Policy. The inter-related nature of the policy documents also necessitated minor modification of the AUP and Registrant Agreement.

Context:

The issues of WHOIS policy and data quality are recognised as important components of the effort to combat abuse of the DNS, address cybercrime, protect intellectual property, and align use of a ccTLD register with the legislative and public policy environment in the country or territory it represents. Attempts to address the shortcomings of existing WHOIS and data quality policy in the generic top level domains (“gTLD”) have been frustrated by technical, commercial and contractual restrictions in zones ICANN has oversight of. Similar constraints generally do not exist in most ccTLDs; they do not exist under the CoCCA model.

CoCCAs’ best practice framework has historically sought to address the acceptable use of domain in recognition that the DNS is often part of the publication of internet content. While a register operator cannot remove prohibited or unlawful content from the internet, they can, however, ensure the ccTLD’s network is not part of the publication chain. This framework contrasts somewhat with the largely intellectual property driven policy in the gTLD name spaces, and its focus on who has the “best rights” to a particular character string.

The proposed changes do not reflect a substantive change in CoCCA policy. The policy continues to recognize the compelling public interest in ensuring that accurate “registrant contact data” (for an individual domain) is publicly available via an automated process and on a continuous basis. It extends the WHOIS concept to include Historical Abstracts.

Registrants provide their information to the registry directly or via a registrar for specific purposes detailed in the Policy. The registry operator and sponsoring organisation have a responsibility to put mechanisms and policies in place that are consistent with the objectives of data collection.

The Modifications Summarised:

1. Make available to the general public, regulatory bodies and law enforcement Historical Abstracts that contain complete historical records related to a domain. The AUP filing process - or a nominal fee - for Historical Abstracts introduces very modest administrative or fiscal burdens for persons requesting information. The notion of a Historical Abstract is common in other environments and is largely analogous to ordering a corporate history from a statutory body. Under this common model some information is freely available online (in the case of the DNS via WHOIS), while a complete history may be ordered from an information broker and may attract a processing fee.

2. Allow the registry to enable automated procedures to contact a registrar’s clients (the registrant) by phone or email for the purpose of having registrants update and confirm their contact details BEFORE activation of a domain and at least once a year after that. It is difficult to confirm the identity of registrants, but technology can assist in verifying the accuracy of the phone and email. The registry may also opt to notify registrants directly via registry email or “SMS alerts” of activity and changes to their registry data.

3. Allow registrars that have adopted a practice of replacing some address contact details with alternate addresses that may represent an “agent of the registrant” to create these as subordinate contact records. This will continue to give registrants who desire a very limited level of protection from abuse and data mining of the public WHOIS servers an effective option to combat this known problem.
Registrars will no longer be able provide only limited or “filtered” contact data “sufficient to contact the registrant.” The revised policy and technology allows a registrant to opt to nominate alternate phone, email and address information for publication via the WHOIS server (not registrant name or organisation).

Historical Abstracts and requests for information that flow from an AUP complaint will show both the authoritive (superordinate) registrant information and, if applicable, the alternate “agent” contact information. Requests for AUTH codes and other notices, or any other interaction required to comply with policy, will use the superordinate contact email.

Given the importance of data quality and the various levels of automation and technical proficiency in various CoCCA registrars, the changes allow the registry to be more proactive in verifying the accuracy of information inserted by the registrar and also provide a direct channel for registrants to maintain various aspects of their contact information. These changes also extend the availability (and format) of registrant information to be delivered to the general public. This document is meant to be a practical guide to adoption of the CoCCA best practice policy framework for administration code Top Level Domains (ccTLDs).

Assumptions:

The framework assumes the ccTLD operates as a shared registry, and that policy development, operation of the central registry, and commercial activities are viewed as discrete activities - even if carried out by related entities. Implementing these policies in the CoCCA software requires upgrading to version 3.01 or later.
The framework also assumes that the ccTLD manager desires to ensure the use of the ccTLD remains consistent with local culture, customs and legislation, and wishes to employ a model that includes registry-level suspensions.
The use of a domain is subject at all times to an AUP that addresses cybercrime, prohibited content, intellectual property abuses and other issues of interest to internet users.

Registration Agreement

– This collateral agreement binds the registrant to ccTLD Acceptable Use, Privacy & WHOIS policy and the Complaint Resolution Service.

Acceptable Use Policy

– This policy is incorporated by reference into the Registration Agreement and defines the acceptable use of domains and the ccTLD manager’s network.

Privacy & WHOIS Policy

This policy is incorporated by reference into the Registration Agreement and describes the registry’s privacy and WHOIS policy.