From:            Rick Shera
Received:     4 August 2014

I make this submission in my personal capacity.

I agree with your predisposition towards letting registrars sort this, since, harking back to the original formulation of the current structure, “registrars are the customers”.

However, ultimately the system must put the interests of registrants first and any proposal should therefore be looked at first from a registrant’s perspective. Here I think the suggested policy needs strengthening. Most registrants will not have any idea whether they are obtaining the domain name through a registrar or a reseller. Nor should they need to know. They should be un-concerned because their rights should not be affected by the distinction. I don’t think the wholesale/retail analogy is particularly apt in this case since the distinction between a reseller and a registrar, while legally relevant, is not very great at all in a practical sense.

Specific suggestions to that end:

+ A requirement that the registrar must take prompt action, subject to the DNC oversight requirements below, when there is a breach.

+ A requirement that the registrar copy any breach notice and subsequent communications between registrar and reseller to the DNC and that the registrar take prompt action whenever there is a breach.

+ A requirement that before the registrar sets any timeframe and process for resolution/consequences with its reseller, that be approved by the DNC.

+ A requirement that in contracts between registrars and resellers, resellers specifically acknowledge that their obligations to registrars may be enforced directly by the DNC (i.e. that contract confers a benefit on and may be enforced by the DNC under the Contracts (Privity) Act 1982).

+ A requirement that all resellers provide all contact details for registrants to their registrar. In theory one can rely on whois details but if a reseller has a better contact list (e.g. of someone higher up the organisational chain than an admin contact), then that would be preferable.

This effectively means the DNC has a similar level of involvement and control as the DNC would have if the problem was with a registrar, but leaves the registrar, subject to the DNC’s oversight, as the primary party to sort out the problem. Without these controls:

(a) The DNC may not have sufficient information flows to be able to keep registrants/the public properly informed and advised;
(b) The registrar may not be sufficiently active and may set an inappropriately long time period for the reseller to sort the problem and the DNC would then have to wait for that to expire before it could do anything. Again, this prejudices registrants of resellers compared to registrants of registrars.
(c) If the registrar fails to take appropriate action, the DNC can step in directly without having to go through the registrar breach procedures in the DNC/registrar contract. Again, from a registrant point of view, it should not have to wait for the registrar/reseller procedure to fail because a registrar fails to take action and then wait further for the DNC to enforce its rights against a registrar. This is obviously a worst case scenario of both the reseller and the registrar failing to perform but since the policy is being amended I’d suggest that it cater for all eventualities.

Further to this last point (and this may be outside this consultation), I wonder if the current regime covers the situation where a registrar gets into difficulty and has resellers. In that instance, does the DNC have the ability to transition those reseller arrangements to another registrar? If not, I’d suggest it should have that right after following some sort of due process.