Discussion Paper on Transfer of Sponsorship of Registrations Between Registrars
By Elana Broitman, register.com
28 August 2001
ALLOWING CONSUMER CHOICE BY ENSURING CONSUMER PROTECTION
The Importance of Consumer Protection
The registrar community is the interface between registries and consumers (or registrants). Many registrants do not have a good understanding of the various players in the domain name registration industry, and there have been accusations of misleading solicitations and slamming. It is incumbent on the registrar community to provide minimum levels of consumer protection for registrants.
While many registrars take consumer protection very seriously, there have also been examples of registrars and resellers that do not. Ultimately, consumer protection builds the reputation of the domain name industry, supports ICANN's charge to protect the stability and security of the domain name system, and furthers the registrar community's interest in self-regulation and protection of domain name consumers.
At the same time, the registrar market operates best on the principles of fair and open competition and a level playing field. Consumers should be able to work with their registrar of choice. Therefore, while registrars must ensure that transfers are in fact authorized by the Domain Name holders or their authorized representatives, thereby protecting consumers, they must do so in a manner that avoids establishing unreasonable barriers and is designed to promote the goal of implementing the consumers' wishes.
The goal of accurately reflecting consumers' wishes will be best achieved by registrars adhering to minimum standards of transfer authorization, so that such transfer requests can be appropriately authorized.
Diverse Registrar Practices
In working to achieve this goal, it is important to recognize that registrars have a variety of different business models and are located in and service registrants from a variety of markets, with different languages, legal frameworks and cultures. Some registrars rely on direct relationships with registrants, while others predominantly work through ISPs, hosting companies, telecommunications providers or other resellers. Any standards of transfer authorization and verification to be implement across the industry can and should flexibly accommodate these various models in order to promote consumer choice. However, regardless of these differences, all registrars must be responsible for imposing certain minimum standards to ensure proper authorization and consumer choice. The industry's reputation depends on all registrants being treated to an equally high standard of protection.
ICANN Letter to Registry on Registrar Transfer Process
On August 27, 2001, the ICANN Vice President and General Counsel sent a letter in response a letter from the VeriSign Global Registry Services. ICANN published this letter together with a statement regarding Registration Transfer Rules. These documents provide further clarification regarding the treatment of registrar transfers in Exhibit B of Registry-Registrar Agreement ("RRA"). The letter states that
"under the [ "Policy on Transfer of Sponsorship of Registrations Between Registrars" that appears as Part A of Exhibit B of the Registry-Registrar Agreement],the gaining registrar is responsible for obtaining "express authorization from an individual who has the apparent authority to legally bind the Registered Name holder", to "retain a record of reliable evidence of the authorization", and to provide the losing registrar "a copy of the authorization if and when requested." The policy provides that the losing registrar should approve or deny the transfer as appropriate in the circumstances. The policy states four instances in which a transfer may be denied, but indicates that those are only illustrations of a losing registrar's more general ability to deny transfers in appropriate circumstances.
From the language of the policy, it seems apparent that:
1. The responsibility for ensuring that a Registered Name Holder authorizes the transfer lies with the gaining registrar, not the losing registrar.
2. This allocation of responsibility should not prevent the losing registrar, as an additional measure, from seeking to inform Registered Name Holders of impending transfers and affording them an opportunity to express their objection.
3. The allocation of responsibility does indicate, however, that the losing registrar may not deny a transfer request that the gaining registrar has verified merely because the losing registrar has not verified it. Thus, a losing registrar should not deny a transfer request simply because it has notified the Registered Name Holder of the request and has not received a response.
4. The losing registrar may, however, deny the transfer request where it has an adequate reason for believing that the Registered Name Holder has not authorized the transfer. In some instances, the failure of the Registered Name Holder to respond to a notification may form one element of the reason. Because the policy allocates the verification responsibility to the gaining registrar, however, the lack of such a response is not by itself an adequate reason to deny the transfer. Additional elements of an adequate reason may include information relating to the Registered Name Holder (such as prior communications) or the authorization practices followed by the gaining registrar."
The accompanying statement posted by ICANN further states that
>"that letter explains the legal interpretation of the current policy, but also notes that there is a significant opportunity for codes of practice or agreements between or among registrars to promote a more certain, better understood, transfer mechanism."
In the spirit of following up on these statement and letter, we are recommending the following principles for registrar transfers.
Principles of a Registrar Transfer Authorization System
True consumer choice will only be achieved in the context of registrar transfers if registrars uphold minimum standards of transfer authorization and verification, which provide for consumer protection. The current point of debate within the registrar constituency regarding transfer policy centers on what constitutes proper authorization practices on the part of a gaining registrar such that the losing registrar should not deny a transfer request even in the absence of express authorization from its customer.
Attached hereto as Exhibit A is a list of factors to be used in determining whether a registrar maintains proper authorization practices for transfers. Additional factors may be added from time to time based upon discussions within the registrar constituency, but the key is that a gaining registrar must retain and be able to produce a written or electronic copy of reliable evidence of authorization from an individual who has the apparent authority to legally bind the Registered Name Holder that demonstrates such individual's understanding that a registrar transfer is taking place. A losing registrar may verify with a registrant that it is the registrant's intent to transfer its domain name to such gaining registrar.
When a gaining registrar maintains such proper authorization practices, a losing registrar should not deny a transfer request unless it receives an express objection from an individual who has the apparent authority to legally bind the Registered Name Holder. Conversely, when a gaining registrar does not maintain proper authorization practices, a losing registrar should deny a transfer request unless it receives the express authorization from an individual who has the apparent authority to legally bind the Registered Name holder.
Factors to be used in determining whether a registrar maintains proper authorization practices for transfers
Documentation and Review
Form of Reliable Evidence of Authorization
While the Registrar Accreditation Agreement and Exhibit B of the RRA are based on the gaining registrar at minimum obtaining and storing reliable evidence of transfer authorization and such evidence should be written or electronic, the authorization and verification may take a variety of forms in order to accommodate the divergent jurisdictions, cultures, and business models of registrars.
Any of the following provides the minimum standard of what would suffice as reliable evidence of authorization: