InternetNZ, through the Domain Name Commission (DNC), is currently reviewing the Registering, Managing and Cancelling Domain Names policy. An initial call for comments on the policy review resulted in four submissions being received. These can be seen at http://dnc.org.nz/rmc-review. A second call for comments on some of the proposals raised as a result of the initial consultation was undertaken. Nine submissions were received as a result of that and these, together with the consultation paper, can be seen at http://dnc.org.nz. A background paper has also been prepared and can viewed in either.html or.pdf
Proposed changes to the policy relating to operational matters and general updating were accepted by submissions received, by the Registrar Advisory Group and by the .nz Oversight Committee (NZOC) and so have been processed. An amended policy containing these changes has been published.
In respect of the proposals that would involve changes to the registration policy principles, NZOC acknowledged that these represented a radical departure from the current ‘first come, first served’, open registration approach that has been in place in .nz since 1987. Careful consideration of the issues is required. NZOC considers it important that the operational implications are identified and that all parties are given a chance to comment not only on the policy principles but also on the potential time, cost and liability implications of any change to the current registration process.
Two of the initial proposals are not included in this paper. It was considered by NZOC that the proposal to publicly notify new registrations, and have the five day registration grace period act as a notification period for objections, was in conflict with the Zone Transfer Policy. NZOC agreed that there was insufficient reason in the proposal to justify overriding the Zone Transfer Policy so this proposal would not proceed any further. It was also agreed by NZOC that the proposal to require payment in advance of registering a domain name was not commercially practical and will also not proceed.
For the other proposals consulted on, this paper sets out what the operational implications might be of any of the proposed changes.
Specific questions are raised throughout the paper and responses to those are sought. Comments are sought on the general content of the paper, and on any other aspect that people consider is relevant to the RMC policy. Responses should be based on the proposals being applied to all the open .nz second level domains - .co.nz, .net.nz, .org.nz, .maori.nz, .gen.nz, .school.nz, .ac.nz and .geek.nz.
From the submissions received previously, the proposals being consulted on are:
a. General questions
Q. Do you agree or disagree with introducing registration restrictions for open .nz domain names?
Q. If you agree:
Q. What options exist, other than registration restrictions, for dealing with phishing and Internet related fraud?
b. Defining and identifying what is restricted
b.1 Definition of restricted names
In the proposals, reference is made to the Companies Office and checks undertaken on company names. A key distinction is that section 22 of the Companies Act 1993 defines what names are suitable for New Zealand companies. This gives guidance to the Companies Office in what is or isn’t suitable for registration and also provides them with the statutory power and protection if a name is declined.
The .nz domain name space is not governed by a specific law, although it does come under other legislation such as the Fair Trading Act and Intellectual Property statutes. In the absence of specific legislation, any policy to restrict particular names from registration in the .nz domain name space needs to clearly define what is, or isn’t, permissible. This requires clear, objective criteria to be set and, if there is a set list of names that aren’t allowed, this would need to be published. Any names declined, or cancelled, without clear guidelines may result in challenges due to unfair process.
It was proposed that derivatives of corporate names, for example misspelt names, could mislead people and should be prevented. Another proposal was to check applications against defined criteria and to draw up a list of restricted names.
Each of these requires clear guidelines as to what is permitted or not permitted so that a consistent approach can be taken in evaluating each registration and potential registrants are aware of the .nz requirements.
Q. How do you define what is not allowed if registration restrictions are introduced?
b.2 Restrictions and Variations
It is possible that spelling variants of one name make for another quite legitimate name, or that an acronym of an organisation is similar to a variant of other organisation’s name. For example, TEAC Limited, an electronics company and the Teacher Education Accreditation Council. Any policy should not be able to be used to refuse legitimate registrations, so operationally it would not be practicable to say that spelling variants of company names or trademarks are not permitted. A restriction that broad will not only prohibit legitimate registrations, it also raises an issue as to how anyone is meant to know what company or trademark etc is eligible for protection in this way. Is it only New Zealand companies, New Zealand registered trademarks, well known companies or brands? In the absence of the ability to clearly define what isn’t permitted, it may not be reasonable to introduce a restriction.
Q. In respect of developing a list of restricted names, is it proposed that this list be offensive words or trademarks or well known names? Who would decide what is on the list and how would substitute characters (e.g.1 for an I) be managed?
Q. Given any list would need to be published, how should a process be defined for adding or removing names from this list?
b.3 Non-commercial names
A domain name may apply to anything or any purpose on the Internet, and is not just restricted to commercial entities or usage.
Q. As the Internet is widely used, how should the interests of (non-commercial) general users be protected?
b.4 Foreign languages
Another aspect to consider if restricting particular names from the .nz space is how to manage foreign words which may mean the same as a banned English or Māori language word.
Q. Should the focus in restricting particular names just be on English or Māori language words or should the same rules apply to foreign words? If it covers foreign words also, who is responsible for translating the word and at what stage of the process?
b.5 Use of the domain name
One submission proposed that the presence of a particular word in a domain name might be contrary to a law operating in New Zealand. Generally, however, it is not the word itself that renders something against the law but rather how it is used. The example given in the proposal was of ‘bank’, ‘banker’ and ‘banking’ under Section 64 of the Reserve Bank Act. The word ‘bank’ however, is more widely used than just for registered banks. Depending on how restrictions were introduced, it could prevent quite legitimate domain names unrelated to banking services and not confusing to any party. Rather than looking at how they are used, it is not known what particular words are in themselves contrary to law and thus essentially unable to be registered.
Assuming it is possible to develop clear, objective criteria for registration restrictions, the next requirement is to define how to identify domain names that breach those. There were proposals received that related to domain names being used for fraud and how immediate action should be taken on such names. These proposals raise a significant issue that goes further than restricting particular names and it is important to distinguish between what names can, or can’t, be registered and how the name is used.
If considering the actual domain name, then restrictions should be based on the name being registered and whether it fits the criteria for restricted names. It is a different matter to extend restrictions to how it is being used.
Though fraud was proposed as the reason for action, any steps to taking action based on how the name is used would extend beyond this to matters people consider offensive or illegal including pornography etc. Any involvement in taking immediate action based on how a domain name is used would be like the DNC acting as investigator and judge. The DNC has no statutory power so any actions of this nature would increase potential liability and possibly see any decisions bound up in litigation. It would also be a major departure for InternetNZ who has repeatedly confirmed its position that they do not get involved in the use of a .nz domain name.
Consideration would also need to be given to how any requirements would apply to domain names that are used to point to particular websites, including non .nz ones, rather than host actual content themselves.
Q. Should the way a name is used render a domain name ineligible for registration through the DNC? If it should, why?
Q. How should it be determined that a domain name is being used in contravention of the .nz policy?
Q. How would limits on the responsibility of the DNC in matters regarding use of a domain name be put in place?
c. Responsibility to identify and act on what is restricted
Any introduction of registration restrictions requires someone to take responsibility for ensuring that registrations not meeting the requirements do not proceed.
Where the responsibility would fall depends on what stage in the process the restrictions are introduced. There are at least three options if restrictions are implemented:
i. Before the registration is confirmed
ii. Immediately after the registration as part of a standard compliance check
iii. At any stage after the registration following a complaint being received
Checking the compliance of the name prior to completing the registration (as per (i) above), has the advantage of allowing the registrant to be aware of the status of the application and be in a position to select another option should their choice be declined.
However, the responsibility of any regulation at this stage will have to fall on the individual registrars. This will add considerably to the compliance costs of registrars and require changes to current processes as nearly all registrars have automated systems which are not set up to manage a manual validation before finalising the registration. Also of concern is that individual registrars may vary in the extent of checks undertaken potentially leading to different standards being applied. If that were to occur then what registrar a party chooses to use may affect their chance of getting a particular .nz domain name.
Though registrars will be responsible for checking applications against the requirements, it is likely that the DNC will end up handling complaints made in respect of names that have been registered. This is likely to mean that compliance matters end up being addressed with both the registrar and with the DNC.
It would be preferable if any requirement for restrictions in the .nz space did not fall on registrars. For options (ii) and (iii) above, the responsibility for the checks would be on the DNC.
If the checks had to be part of a standard compliance check, DNC resources will need to increase to validate each new name registered. The extent of any increase would depend on the timeframe to complete such checks. More resources would be required if they had to be completed within the existing five day grace period, or less if the grace period was extended (this assumes that the registrant should not have to pay for a new name if it is determined to be against the requirements). Detailed processes would need to be developed around this process, including whether there is any right of appeal against a decision made by the DNC.
Limiting any checks to follow up after a complaint has been received (option (iii) above) would reduce the impact on the DNC but raises issues of natural justice if a domain name can be cancelled after it has been registered for a reasonable period of time. This is also an issue when considering whether any restrictions should be made to apply retrospectively to existing registrations, see below. Any restrictions linked to usage of a domain name can only be applied after registration when the name has been used.
Q. If registration restrictions were introduced, at what stage in the process should they occur? Why?
Q. Should any investigation of how a domain name is used be based on regular monitoring of all names or be done only after a complaint is received?
d. Managing existing registrations
d.1 International trends
There are over 275,000 .nz domain names currently. If registration restrictions were introduced, a decision will need to be made about how to manage registrations existing at the time the new policy came into effect. There is no precedent internationally for this as the general trend for ccTLD operations is to relax registration restrictions.
Q. What specifically is happening in New Zealand that would have the .nz ccTLD go against international trends and introduce registration restrictions?
d.2 Retrospective to current policy
Adding to the issue of existing registrations is the requirement under the .nz policy to give one month’s notice of a change of policy, unless it is deemed a risk to the security and stability of .nz to give such notice. If a month’s notice of any registration restrictions was given, it would allow time for any potential registrants to create new domain names that would not be permitted under the new policy. It is questionable whether this constitutes a risk to the security and stability of .nz so unlikely that the policy could be brought into effect without notice.
If the decision was made that registration restrictions would apply only to new registrations, there would be inconsistent standards across the register with no opportunity to address existing non-compliant names. It might encourage registrants to maintain these registrations, even potentially on selling such names, knowing that they couldn’t be re-registered under the new requirements.
Q. How should restrictions be implemented without creating two different standards of names? Or are different standards an acceptable consequence of introducing restrictions at this stage?
If it was decided that all existing registrations needed to be considered under the revised policy, the responsibility for reviewing all names on the .nz register will be on the DNC. It will take a significant amount of time, and resources, to review all the applications and there are potential issues regarding the right that the DNC would have to cancel domain names deemed not to comply with the revised policy. Legal advice on any proposed changes to the policy would need to be taken before any restrictions could be applied retrospectively.
Reviews of existing registrations would require communication with the registrant advising them of cancellation under the policy. With the number of registrations exceeding 300,000 by the time any revised policy came into effect, a team of up to 40 people would be required to review all names if it was to be done within a year of the policy taking effect. These additional staff would not be doing the new registrations, which would require different, and ongoing, staff. This is likely to come at a significant cost to the DNC Office, which adds to the registry expenses. It would almost certainly mean an increase in the .nz wholesale fee.
Q. How much extra in the way of registration and renewal fees would you be prepared to pay to meet the compliance costs associated with registration restrictions?