ICANN Resolutions » GNSO Locking of a Domain Name Subject to UDRP Proceedings PDP Recommendations

Important note: The Board Resolutions are as reported in the Board Meeting Transcripts, Minutes & Resolutions portion of ICANN's website. Only the words contained in the Resolutions themselves represent the official acts of the Board. The explanatory text provided through this database (including the summary, implementation actions, identification of related resolutions, and additional information) is an interpretation or an explanation that has no official authority and does not represent the purpose behind the Board actions, nor does any explanations or interpretations modify or override the Resolutions themselves. Resolutions can only be modified through further act of the ICANN Board.

GNSO Locking of a Domain Name Subject to UDRP Proceedings PDP Recommendations


Resolution of the ICANN Board
Topic: 
Locking Domain Name Subject to UDRP Proceedings
Summary: 

Board adopts the GNSO Council Policy Recommendations on the Locking of a Domain Name subject to UDRP Proceedings as set forth in the Final Report and directs the President and CEO to develop and complete an implementation plan for these Recommendations.

Category: 
gTLDs
Meeting Date: 
周六, 28 九月 2013
Resolution Number: 
2013.09.28.04 – 2013.09.28.05
Resolution Text: 

Whereas, on 15 December 2011, the GNSO Council launched a Policy Development Process (PDP) on the Locking of a Domain Name subject to UDRP Proceedings addressing five charter questions, set forth at https://community.icann.org/x/ma-bAQ.

Whereas, the PDP followed the prescribed PDP steps as stated in the Bylaws resulting in a Final Report delivered on 5 July 2013.

Whereas, the Locking of a Domain Name subject to UDRP Proceedings Working Group (WG) reached full consensus on the recommendations in relation to the issues outlined in the Charter.

Whereas, the GNSO Council reviewed, and discussed the recommendations of the Locking of a Domain Name subject to UDRP Proceedings WG, and adopted the Recommendations on 1 August 2013 by a Supermajority and unanimous vote (see http://gnso.icann.org/en/council/resolutions#201308).

Whereas, the GNSO Council vote met and exceeded the required voting threshold to impose new obligations on ICANN contracted parties.

Whereas, after the GNSO Council vote, a public comment period was held on the approved recommendations, and the comment received has been summarized and considered (http://www.icann.org/en/news/public-comment/locking-domain-name-recommendations-02aug13-en.htm).

Resolved (2013.09.28.04), the Board adopts the GNSO Council Policy Recommendations on the Locking of a Domain Name subject to UDRP Proceedings as set forth in the Final Report (see http://gnso.icann.org/en/issues/locking/domain-name-final-05jul13-en.pdf).

Resolved (2013.09.28.05), the President and CEO is directed to develop and complete an implementation plan for these Recommendations and continue communication with the community on such work.

Rationale for Resolution: 

Why is the Board addressing this issue now?

Currently there is no requirement to lock names in the period between filing of the complaint and commencement of proceedings, and no definition of 'status quo', which has resulted in different interpretations and confusion of the policy. To address this issue, the GNSO Council decided to initiate a Policy Development Process (PDP) on 15 December 2011. As part of its deliberations, the WG was required to consider the following questions:

{C}1.    Whether the creation of an outline of a proposed procedure, which a complainant must follow in order for a registrar to place a domain name on registrar lock, would be desirable.

{C}2.    Whether the creation of an outline of the steps of the process that a registrar can reasonably expect to take place during a UDRP dispute would be desirable.

{C}3.    Whether the time frame by which a registrar must lock a domain after a UDRP has been filed should be standardized.

{C}4.    a. Whether what constitutes a "locked" domain name should be defined.

b. Whether, once a domain name is 'locked' pursuant to a UDRP proceeding, the registrant information for that domain name may be changed or modified.

{C}5.    Whether additional safeguards should be created for the protection of registrants in cases where the domain name is locked subject to a UDRP proceeding.

The Working Group published its Initial Report for public comment on 15 March 2013, followed by its Final Report on 5 July 2013, which received the unanimous consensus support from the PDP WG as well as the GNSO Council. Following the closing of the public comment period, the next step as outlined in Annex A of the ICANN Bylaws is consideration by the ICANN Board of the recommendations.

 

What is the proposal being considered?

The following recommendations are being considered:

Recommendation #1: In this context, the term “lock” means preventing any changes of registrar and registrant. This “lock” should not impair the resolution of the domain name solely on the basis of the fact that a complaint under the UDRP has been filed or solely on the basis of the fact that that a UDRP proceeding is ongoing.[1]

Recommendation #2: Modify the provision from the UDRP rules that specifies that upon submission of the complaint to the UDRP provider the complainant should also ‘state that a copy of the complaint […] has been sent or transmitted to the respondent’ (section 3, b – xii) and recommend that, as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight. The UDRP Provider will be responsible for informing the respondent once the proceedings have officially commenced. 

Recommendation #3: Following receipt of the complaint, the UDRP Provider will, after performing a preliminary deficiency check[2], send a verification request to the Registrar, including the request to prevent any changes of registrar and registrant for the domain name registration (“lock”). The registrar is not allowed to notify the registrant of the pending proceeding until such moment that any changes of registrar and registrant have been prevented, but may do so once any changes of registrar and registrant have been prevented. In the case of accredited privacy / proxy providers[3] or a privacy / proxy provider affiliated with the registrar, the registrar may contact the accredited / affiliated privacy / proxy provider to allow for the reveal of the proxy customer data. However, such contact may only be established after an initial lock has been applied preventing any changes of registrar and registrant.

Recommendation #4: Within 2 business days[4] at the latest following receipt of the verification request from the UDRP Provider, the Registrar will modify the status of the registration to prevent any changes of registrar and registrant (“lock”). The Registrar must continue to prevent changes through the remaining pendency of the UDRP Proceeding, except in case of the suspension of a UDRP proceeding (see recommendation #10). Pendency is defined as from the moment a UDRP complaint, or relevant document initiating a court proceeding or arbitration, regarding a domain name, has been submitted by the Complainant to the UDRP Provider, as the case may be.  Any updates[5] as a result of a request by the accredited / affiliated privacy / proxy provider to reveal the underlying proxy customer data must be made before the 2 business day timeframe ends or before the registrar verifies the information requested and confirms the lock to the UDRP Provider, which ever occurs first.

A registrar may not permit transfer to another registrant[6] or registrar after a request for verification is received by the Registrar from the UDRP Provider, except in limited situations involving an arbitration not conducted under the Policy or involving litigation as provided by the UDRP Policy Paragraphs 8(a) or 8(b). For the purposes of the UDRP, the Registrant listed in the Whois record at the time of the lock will be recorded as the Respondent(s). Any changes to Whois information during the pendency of the administrative proceeding under the Policy may be permitted or prohibited based on the Registrar’s applicable policies and contracts, however, it is the responsibility of the Registrant (UDRP Rule 2(e) and UDRP Rule 5(b)(ii) to inform the Provider of any relevant updates that may affect Provider notices and obligations to Respondent under the UDRP.

Depending on the terms of service of the Proxy / Privacy service, a Registrar may opt to reveal underlying data as a result of privacy/proxy services to the Provider or in Whois, or both, if it is aware of such. This will not count as a “transfer” in violation of the above, if it occurs in accordance with draft recommendation #2. If a privacy/proxy service is revealed or proxy customer information released after the Lock is applied and the Provider is notified, the Provider is under no obligation to require the Complainant to amend its complaint accordingly, but may do so in its discretion. It is the responsibility of the Registrant (UDRP Rule 2(e) and UDRP Rule 5(b)(ii)) to inform the Provider of any relevant updates that may affect Provider notices and obligations to Respondent under the UDRP and the Provider shall, in accordance with the UDRP, provide Respondent with case information at the details it prefers once the Provider is aware of the update (UDRP 5(b)(iii) requires Provider to send communications to the preferred email address of Respondent, for instance).

Recommendation #5: As a best practice, registrars and UDRP Providers are encouraged to provide a means that allows third parties to identify what their respective opening hours / days are, during which UDRP related tasks can be expected to be carried out.

Recommendation #6: The registrar must confirm to the UDRP Provider within 2 business days following receipt of the verification[7]request from the UDRP Provider that any changes of registrar and registrant have been prevented and will be prevented during the pendency of the proceeding, and the Registrar must verify[8]the information requested by the UDRP Provider.

Recommendation #7: If deemed compliant, the UDRP Provider shall forward the complaint to the Registrar and Respondent and notify them of the commencement of the administrative proceeding no later than 3 business days[9] following receipt of the fees paid by the complainant.

Recommendation #8{C}[10]: Participating UDRP Respondents be granted an express option to request a four day extension should they so choose, with any such received four day extension request to be automatically granted, and the corresponding deadline extended by the UDRP Provider, at no cost to the Respondent. The availability of such automatic four-day extension option on request should also be flagged by the UDRP Provider for the Respondent’s information on commencement of the proceedings and does not preclude any additional extensions that may be granted by the UDRP Provider as per article 5d of the UDRP Rules.

Recommendation #9: If the complaint should remain non-compliant, or fees unpaid, after the period for the administrative deficiency check per UDRP Para 4 has passed, or if the complainant should voluntarily withdraw during that period, the UDRP Provider informs the Registrar that the proceeding is withdrawn. The Registrar shall, within one business day of the transmission of the notice of withdrawal, release the “lock”.

Recommendation #10: As part of its notification to the Registrant (Notification of Complaint – see section 4 of the UDRP Rules), the UDRP Provider informs the Registrant that any corrections to the Registrant’s contact information during the remaining pendency of the proceedings are also required to be communicated to the UDRP Provider as per UDRP Rule 5(ii) and (iii).

Recommendation #11: This notification would also include information that any changes as a result of lifting of proxy / privacy services, following the ‘locking’, would need to be discussed / addressed by the UDRP Panel directly. The WG recommends that this issue is further reviewed as part of the privacy / proxy accreditation program development work.

Recommendation #12: Upon receipt and communication of a decision from the Provider, the Registrar must within 3 business days communicate to each Party, the Provider, and ICANN the date for the implementation of the decision in accordance with the Policy (UDRP Rule 16 and UDRP Paragraphs 4(k) and Paragraph 8(a). If the Complainant has prevailed, the Registrar shall implement the Panel order immediately after 10 business days have elapsed (UDRP Paragraph 4(k)). The Complainant or its authorized representative is required to provide the Registrar with the required information to support the implementation of the Panel decision; this should include the information that should be in the Whois. If the Respondent has prevailed, the Registrar shall prohibit transfer of the domain name to another registrar or registrant for 15 business days from the date the decision is transmitted from the Provider (UDRP Paragraph 8).

Recommendation #13: In the case of suspension of a proceeding (when the parties are trying to reach a settlement), the UDRP Provider informs the Registrar of the Suspension, including the expected duration of the suspension. Should both parties come to a settlement, which would involve a transfer, cancellation or agreement that the registration will remain with the Respondent, the registrar must remove any lock preventing a transfer or cancellation within 2 Business days of confirmation of the settlement by the UDRP Provider, unless the disputed domain name registration is otherwise the subject of a court proceeding that has been commenced concerning that disputed domain name.

Recommendation #14: The settlement process must follow these steps: (1) parties ask for suspension from the UDRP Provider, (2) parties settle, (3) parties submit a standardized “settlement form” to UDRP provider, (4) UDRP provider confirms to the registrar, copying both the Complainant and the Respondent, whether the terms of the settlement indicate Respondent agreement to the transfer or cancellation of the disputed domain name(s) to the complaint, or Complainant agreement that domain name(s) remain with the Respondent (5) settlement agreement is implemented by registrar (6) Complainant confirms the implementation to the UDRP Provider and (7) UDRP Provider dismisses the case.

Recommendation #15: ICANN, in collaboration with UDRP Providers, Registrars and other interested parties, will develop educational and informational materials that will assist in informing affected parties of these new requirements and recommended best practices following the adoption by the ICANN Board of these recommendations.

Which stakeholders or others were consulted?

As required by its charter, the PDP WG was required as ‘as a first step, [to] request public input on this issue in order to have a clear understanding of the exact nature and scope of issues encountered with the locking of a domain name subject to UDRP Proceedings’. As a result, the WG conducted a survey amongst registrar as well as UDRP Providers as outlined in section 5.1. of the Final Report. In addition to specific questions concerning the practices and experiences of registrars and UDRP Providers, respondents were also asked to provide input on the charter questions. Furthermore, the WG opened a public comment forum to obtain community input on 25 July 2012.

In additional to regular updates to the GNSO Council, workshops were organized to inform and solicit the input from the ICANN community at ICANN meetings (see for example http://beijing46.icann.org/node/37193, http://toronto45.icann.org/node/34245 and http://prague44.icann.org/node/31807).

Constituency / Stakeholder Group Statements were requested as well as input from other ICANN Supporting Organizations and Advisory Committees at an early stage of the process. No input was received in response to those requests. The Chair of the PDP Working Group did meet with the ccNSO at the ICANN meeting in Prague for an exchange of views on this topic (see http://ccnso.icann.org/meetings/toronto/summary.htm#neylon-greenberg for further details).

The WG also opened a public comment forum on the Initial Report on 15 March 2013.

All comments received have been reviewed and considered by the Locking of a Domain Name subject to UDRP Proceedings PDP WG (see section 6 of the Final Report).

What concerns or issues were raised by the community?

No community concerns have been raised in relation to the Final Report and its recommendations. All other comments received were reviewed and addressed by the PDP WG as outlined in section 6 of the Final Report.

What significant materials did the Board review?

The Board reviewed the GNSO Council Recommendations Report to the Board, as well as the summary of public comments.

 

What factors the Board found to be significant?

The recommendations were developed following the GNSO Policy Development Process as outlined in Annex A of the ICANN Bylaws and have received the unanimous support from the GNSO Council. As outlined in the ICANN Bylaws, the Council’s unanimous (supermajority) support for the motion obligates the Board to adopt the recommendation unless by a vote of more than 66%, the Board determines that the policy is not in the best interests of the ICANN community or ICANN.

 

Are there positive or negative community impacts?

Adoption of the recommendations is expected to clarify and standardize the process for the locking of a domain name subject to UDRP Proceedings for all parties involved including complainants, respondents, registrars as well as UDRP Providers. Implementation of the recommendations will require certain changes in some registrar processes as currently no standardized process is in place to deal with the locking of a domain name subject to UDRP proceedings, as well as certain modifications to the practices of UDRP Providers. For complainants, the main change is that at the time of filing, the complainant is no longer required to notify the respondent which is expected to reduce the instances of cyberflight (notification of the respondent is carried out by the UDRP Provider at the time of the official commencement of the proceedings). As a result of the change to no longer require notification of the respondent by the complainant at the time of filing, the respondent may see a reduction of informal response time. However, in order to compensate for this potential loss of informal response time, the recommendations foresee that participating UDRP Respondents be granted an express option to request a four day extension should they so choose, with any such received four day extension request to be automatically granted, and the corresponding deadline extended by the UDRP Provider, at no cost to the Respondent.

 

Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

In addition to those changes required in process for registrars and UDRP Providers as outlined above, there will likely be fiscal impacts related to implementation of the policy, but these costs are anticipated to be within the current budget.

 

Are there any security, stability or resiliency issues relating to the DNS?

There are no security, stability, or resiliency issues related to the DNS if the Board approves the proposed recommendations.

 

{C}[1]{C} It should be noted that such a lock should not prevent the renewal of a domain name subject to UDRP proceedings, as per the Expired Domain Deletion Policy (EDDP).

{C}[2]{C} This is an initial check the UDRP Provider performs to ensure it does not concern a bogus complaint. This check should not be confused with the administrative compliance check as described in the UDRP which is performed as per step 4 of this proposal.

 

{C}[3]{C} To apply to accredited privacy / proxy providers following finalization of the privacy / proxy accreditation program by ICANN.

{C}[4]{C} Business days are defined as business days in the jurisdiction of the entity required to undertake the action, in this case the registrar.

{C}[5]{C} The revealed data may only include data held on record by the accredited / affiliated privacy / proxy provider.

{C}[6]{C} For clarity, this includes any transfer to a privacy or proxy service other than reveals of the proxy customer data as provided for in the following paragraph.

{C}[7]{C} The UDRP Provider will send a request to the registrar to verify amongst others that the named Respondent is the actual registrant of the domain name(s) in issue, language of the registration agreement as well as checking the Respondent's contact details.

{C}[8]{C} This verification request relates to the requirement for the Registrar to provide the Provider with a verification of the items requested.

{C}[9]{C} This change to the UDRP Rules (currently it says ‘calendar’ days) is recommended to ensure that this is in line with the 2 business day requirement to lock as otherwise there may be a situation whereby 2 business days are longer than 3 calendar days, not allowing the UDRP Provider to perform the administrative checks within the allocated timeframe.

{C}[10]{C} The rationale for adding this recommendation is to address the concerns expressed during the public comment forum concerning the loss of informal response time as a result of the proposed change to no longer require the Complainant to notify the Respondent at the time of filing and would give those participating Respondents that actually need the extra four days the comfort of cost-neutral certainty where requested, without impacting the UDRP timelines overall.