Skip to main content

Contractual Compliance Monthly Update | Issue 7

This Newsletter aims to inform readers and encourage community dialogue regarding contractual compliance matters.

To ensure the continual improvement of the Contractual Compliance Program and the Contractual Compliance Newsletter, please provide your comments at To subscribe to this Newsletter, simply click on the link below and provide the requested information:

1. WDPRS Compliance Reviews

In an effort to improve Whois accuracy, ICANN will undertake a review of Whois Data Problem Report System (WDPRS) claims and the follow-up actions taken. The WDPRS was implemented in 2002 to assist registrars in complying with their Registrar Accreditation Agreement (RAA) obligation to investigate and correct Whois inaccuracies pursuant to Section 3.7.8. This system allows the public to register domain name Whois inaccuracy reports and those reports are forwarded to registrars for investigation. After a 45-day period, reporters are asked to provide information on whether the Whois data has been corrected or remains unchanged.

After consulting with representatives from ICANN's Registrar Constituency and Intellectual Property Constituency regarding the proposed methodology for such reviews, ICANN will begin reviewing all reports 45 days after submission. Of particular interest are those reports indicating “no change” to the Whois data. It is ICANN's objective to assess whether registrars receiving these reports are taking reasonable steps to investigate Whois inaccuracy claims. As part of ICANN's review, ICANN proposes to initially examine Whois inaccuracy claims to ensure that the claims identify a Whois data field where accuracy is required in the RAA (i.e., administrative contact, technical contact, registrant name and e-mail address). ICANN will then examine the current Whois records associated with Whois inaccuracy reports filed by reporters that indicate “no change” in the Whois data to determine if the Whois record was changed in some way, i.e. the data was corrected. This second examination will also assess whether the registrars of record have taken action by placing the domain names on some type of “hold” status or if they have cancelled the registration.

If there is clear indication that registrars took action, those reports will not be forwarded to registrars. Registrars will be sent a request for information only in cases where:

  • The Whois inaccuracy claim pertains to Whois data inaccuracy in a field required by agreement;
  • The Whois data remains unchanged after 45 days; and
  • The registrar has not taken any action to change the Whois data, place the domain name on “hold” or cancel the registration.

Registrars will be asked to provide evidence that they took reasonable steps to investigate these claims. If they do not satisfy ICANN that such steps were taken, the issue will be escalated. Changes to the proposed methodology will be considered following further input from the Registrar Constituency and the Intellectual Property Constituency.

CANN encourages registrars to timely investigate all Whois inaccuracy claims as required by Section 3.7.8 of the RAA.

2. Contractual Compliance Department Welcomes New Staff

The Contractual Compliance Department welcomed two additions in the month of November, David Giza and William McKelligott. David Giza joined ICANN as Senior Director, Contractual Compliance Programs.

David is working in ICANN's Marina del Rey office. In this new, senior level position he will be responsible for the strategic leadership and continuing development of ICANN¹s global contractual compliance program. Most recently David served as Director, Global Compliance for Hewlett-Packard where he was responsible for the development and implementation of worldwide compliance programs. His work included new contractual, public sector business, privacy and data protection risk assessments and related compliance programs implemented inside multiple global business units. Previously David was responsible for the operation and management of the corporate Ethics and Compliance Program for Snap-on Inc. He began his career with W.W. Grainger Inc. in a variety of legal positions, up to and including, Assistant General Counsel.

David holds a J.D. from The John Marshall Law School and a Bachelors degree from DePaul University.

William McKelligott joined ICANN as an Auditor within the Contractual Compliance Department. William brings a solid track record of conducting audit and evaluation work for a variety of organizations including the U.S. Government Accountability Office (GAO) in Washington, DC, the United Nations Educational, Scientific and Cultural Organization (UNESCO) in Paris, France, and the National Institutes of Health (NIH) in Bethesda, MD. He has also had contractual assignments for the United Nations Children's Fund (UNICEF) and BearingPoint (formerly KPMG Consulting). William was born and later lived in Bogotá, Colombia for over 16 years, where graduated with a degree in Political Science from the Universidad de Los Andes. He attended graduate school at the University of Chicago where he studied Political Economy (A.M.) and Public Policy (M.P.P.).

William is currently receiving training at ICANN's Marina del Rey office. William will be permanently working from ICANN's Washington, D.C. office beginning January 2009.

3. Recent AIPLA Conference in Washington, D.C. and Whois Accuracy Compliance

ICANN's Contractual Compliance staff participated in the American Intellectual Property Law Association's (AIPLA) annual conference in Washington, D.C. on 23-24 October 2008. In a session titled, “Is the Domain Name System Working? Current ICANN-Related Issues” Stacy Burnette, ICANN's Director of Contractual Compliance, made a presentation entitled, “Whois Behind the Domain Name? Insuring the Integrity of Registrant Identification and Contact Data.” Ms. Burnette shared information with conference attendees concerning ICANN's structure, the scope of its authority and the organization's efforts to improve Whois accuracy, including details regarding a Whois accuracy investigation audit, ICANN's Whois Accuracy Study, recent Whois related enforcement actions and the hiring of additional staff to focus on Whois projects.

Other conference session speakers included Steven J. Metalitz, Mitchell Silberberg & Knupp, LLP, who spoke about new gTLDs; Elisabeth Roth Escobar, Marriott International, Inc., who spoke about cyber squatting and recent trends such as domain name kiting, tasting and front-running; and Simone Bittencourt de Menezes, Momsen Leonardos & Cia, who spoke about the proliferation of domain name infringement in Brazil. Approximately 100 conference attendees attended this session and several conference attendees asked questions following the presentations.

It is ICANN's aim to participate in a variety of domain name related events to provide information to the public and to encourage participation in ICANN's bottom-up, transparent, consensus building process.

4. Update Regarding WDPRS Redesign

ICANN has undertaken a redesign of its WDPRS to accommodate bulk problem report submissions, to improve functionality and to incorporate a compliance review component. The redesign plans are being vetted by Registrar Constituency and Intellectual Property Constituency representatives and other interested parties to ensure that the redesign meets community needs. ICANN anticipates that the new system will be available for public use by December 2008.

5. Summary of Whois Data Accuracy Study Developments

For the past five months, ICANN has collaborated with a renowned research institution, the National Opinion Research Center, to design the most comprehensive Whois Accuracy study to date. ICANN and NORC representatives (the team) set out to design a sample methodology and a methodology to verify registrant information.

To date, the team has designed a multistage sample intended to yield a 95% confidence level and 5% error bar. The sample methodology balances the cost of conducting the study with maintaining the statistical integrity of the study. On 10 October 2008, the team pulled a Whois study sample (selected domain names for testing) from the five gTLDs that contain 98% of all domain name registrations. Next, ICANN will attempt to determine whether registrant names and addresses in the sample are accurate.

Prior to moving forward, ICANN seeks to ensure that the verification methodology provides the most defensible accuracy estimate of Whois information to date. The methodology must measure how non-responders will ultimately affect the final accuracy estimate and anticipate other statistical flaws.

Unlike the Government Accountability Office (GAO) study and similar proposed studies, ICANN seeks to employ a verification methodology that focuses on verifying the accuracy of registrant information in the sample. The GAO study determined whether a percentage of Whois information appeared patently false on its face. Other studies attempted verify Whois information against publicly available U.S. databases (i.e. phone records, etc.). ICANN's study will determine whether registrant names and addresses are accurate.

ICANN continues to vet the verification methodology. Thus far, the team has identified key areas, which the team will work to strengthen. Prior to finalizing the verification methodology, ICANN will seek input from various constituencies.

6. 2008 Whois Related Enforcement Statistics

When ICANN identifies potential non-compliance, Contractual Compliance staff: (i) establish the facts and relevance to ICANN's contracts; (ii) attempt to resolve the issue, where possible; (iii) escalate when necessary; and (iv) follow up in all cases. The following statistics reflect compliance actions taken from 1 January 2008 through 30 September 2008 regarding one area of the contractual compliance -- Whois accuracy. As reflected in the statistics below, most registrar non-compliance matters are resolved informally without the need for escalated compliance action by ICANN.

Action Taken by ICANN Reason for Action Total
Enforcement Notices Non-Compliance regarding Whois Matters 72
Notices of Concern Whois Accuracy Investigation 10
Notices of Breach Whois Accuracy Non-Compliance 2

As reflected above, two registrars were sent breach notices regarding Whois accuracy non-compliance in October 2008, and ICANN analyzed both registrars' responses to ICANN's notice of breach and found that appeared to take reasonable steps to investigate the Whois inaccuracy claims provided. Conversely, was found non-compliant, as it failed to take reasonable steps to investigate the Whois inaccuracies indentified by ICANN. Consistent with RAA requirements, cured the cited breach within 15 days to avoid termination by ICANN. However, in an effort to ensure that complies with the registrar Whois accuracy requirements set forth in Section 3.7.8 of the RAA, ICANN developed a remediation plan that requires to provide monthly reports indentifying, among other things, exactly what steps were taken to investigate each Whois inaccuracy claim sent to via the WDPRS. has agreed to remain on ICANN's remediation plan for six months.

7. Upcoming Events

ICANN's Contractual Compliance program will be discussed at the following events:

ICANN's Registrar/Registry Regional Gathering, Rome, Italy, 22-23 January 2009.

International Trademark Association's 2009 Trademark Law and the Internet conference, San Francisco, CA, 9-10 February 2009.

International Quality & Productivity Center's 2nd Annual Trademark & Copyright Protection conference, New York City, NY, 26-28 January 2009.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."