[At-Large] ICANN Complaint System Circumvented

gbruen at knujon.com gbruen at knujon.com
Tue Mar 14 14:54:20 UTC 2017


Thank you for the detailed response. I want to be clear that my analysis 
concerns the functional process of the ICANN complaint system which is 
now shown to be exploitable and exploited. It is exploited because 
neither the original policy nor the created process accept the 
complexity of the real world. The system as such is focused on ticket 
processing and not issue resolution. No one is served here except the 

Respectfully, Garth

On 3/13/17 10:40 PM, Legal wrote:
> Dear Mr. Garth Bruen
> All domain registration agreements contain provisions for taking 
> action on domains if it contains incomplete whois details or does any 
> illegal activities.
> This form allows Internet users to submit a complaint to ICANN 
> regarding incomplete or incorrect Whois data, including privacy or 
> proxy contact information. The complaint is then forwarded to the 
> sponsoring registrar, who must take reasonable steps to investigate 
> and correct inaccurate data.
> On receipt of a complaint ICANN forwards the complaint to the 
> registrar to investigate the matter.  The complaint may be incorrect 
> or invalid whois details or involved in any cyber crime activity.  On 
> receipt of the complaint the registrar:-
>  1. may not allow any change to the domain or allow transfer of domain
>     to another registrar by  placing the domain on (registrar) locks
>     (4 locks - update, transfer, renew and delete) so that change or
>     transfer does not take place (this is a preliminary step).
>  2. After this the registrar may seek commence investigation on the
>     issue by seeking the registrant to clarify the whois details and
>     call upon the registrant why the domain should not be suspended
>     for incorrect whois details or for involvement in criminal
>     activities which is contrary to the domain registration policy.
>  3. the registrar may perform (a) and (b) with notice to the registry
>     (registry will be kept in of the email) so that registry is aware
>     of the incidents and take necessary action when required.
> (Kind Note:  Once locks are placed the registrant himself may come up 
> and ask the registrar why the domain is placed on locks; this may help 
> LEA (law enforcement agencies) to identify the  registrant and his 
> location to investigate the crime).
> Selling of Opioids may be crime or illegal in certain jurisdictions.   
> In matters where cyber crime is also involved along with incorrect 
> details the requester may also include the law enforcement agencies in 
> cc of his complaint filed before ICANN.   Or else ICANN may forward 
> the complaint to relevant cyber crime unit (national or 
> international).  Example:  CERT, FDA or INTERPOL.
> On the whole when a complaint is filed the complaint (which has cyber 
> crime element in it) may also be marked to the registry, law 
> enforcement agencies so that parallel investigations can be done by 
> the law enforcement agencies simultaneously to ensure that complaint 
> is resolved at the earliest.
> Coming again to the core issue of incorrect details – the registrar 
> will be the first person to take action on the domain by placing the 
> domain on suspension.  Registry will take action if the registrar does 
> not take action.  The registrar and the registry have powers to put 
> the domain on HOLD (the domain will not be deleted or transferred and 
> will be completely controlled i.,e the domain will not resolve).
> By placing the domain on locks as an initial step the transfer of 
> domain from one registrar to another registrar can be avoided.
> In the INDRP process (.IN domain dispute resolution process) which is 
> similar to UDRP process – all 4 server locks are placed by the .IN 
> Registry and all the 4 locks are placed by the .IN Registrar to ensure 
> that the domain is not transferred or changed till the dispute 
> resolution process is completed.
> I humbly submit that at the outset ICANN may not take cognizance of 
> this matter.  It is a matter which has to be resolved by the registrar 
> and the registry. (Kind note: If criminal activities are involved the 
> requester can involve the LEAs also as stated supra).
> The points highlighted by the Mr. Garth are noteworthy (in respect of 
> I feel that the main reason WDPRS could not keep track of the 
> complaint is because the domain is not placed on locks (hence the 
> domain changes from registrar to registrar).   But if the locks are 
> placed (as suggested above) such things can be prevented.
> In this case ICANN could not actually follow up the ticket and had to 
> close the ticket (because the domain can be transferred or changed any 
> moment from one registrar to another).  To circumvent this issue the 
> above method of placing the domain on locks is suggested.
> In my humble opinion the jurisdiction to handle issue relating to 
> incorrect whois details lies with the registrar and the registry in 
> ccTLDs; I hope the same theory applies for gTLDs also.  As such filing 
> complaints before ICANN under WDPRS only overlaps the rights of 
> registrar and registry.
> mention that if the complaint involves issues relating to any cyber 
> crime (drugs, pornography, terrorism or any other cyber crime) in 
> addition to incorrect whois details, the relevant law enforcement 
> agencies of the requester’s jurisdiction or the international law 
> enforcement agnecies may be kept in cc of the email.
> Looking forward to hear from others.
> Regards
> Legal Officer
> National Internet Exchange of India
> Regd. Office: Flat No. 6B, 6th Floor,
> Uppals M6 Plaza,
> Jasola District Centre,
> New Delhi -110025
> Tel: +91-11-48202010 (Direct)
> +91-11-48202000
> Email: legal at nixi.in
> Website: www.nixi.in
> From: <gbruen at knujon.com>
> Sent: Mon, 13 Mar 2017 18:49:22 GMT+0530
> To: Rinalia Abdul Rahim <rinalia.abdulrahim at gmail.com>, Len Felipe 
> Snchez Amba <leonfelipe at sanchez.mx>, Alan Greenberg 
> <alan.greenberg at mcgill.ca>, "at-large at atlarge-lists.icann.org" 
> <at-large at atlarge-lists.icann.org>, 
> "na-discuss at atlarge-lists.icann.org" 
> <na-discuss at atlarge-lists.icann.org>, ALAC Internal List 
> <alac-internal at atlarge-lists.icann.org>
> Subject: [At-Large] ICANN Complaint System Circumvented
> Dear ALAC Leadership and the greater community,
> I am submitting the following memorandum for your consideration:
> http://knujon.com/DONT_analysisoficannwdprs.pdf 
> <//prolinks.rediffmailpro.com/cgi-bin/prored.cgi?red=http%3A%2F%2Fknujon%2Ecom%2FDONT%5Fanalysisoficannwdprs%2Epdf&rediffng=0>
> What you will find in this document is an analysis of the ICANN
> complaint system (WDPRS). The analysis uses one criminally-used domain
> with false WHOIS as an example to better understand the issues with
> ICANN policy and procedure. In short, the ICANN WDPRS has been
> effectively circumvented by the owners of this criminal domain. The
> domain has had 3 different sets of false WHOIS and simply transferred
> their domain each time a complaint was filed. The domain had been
> transferred to 4 different registrars and is currently operating selling
> narcotics.
> In short, the current system has failed in its intent and the criminals
> now know how to get around enforcement. The problem is in the contract
> and in the compliance procedures.
> This is related to the earlier studies I have released to the list. I
> will be presenting at the joint session of the Public Safety Working
> Group (PSWG) and the Verified TLD (vTLD) constituency on Tuesday 14
> March from 18:30 to 19:30 in Hall B4.1. I invite all comments and will
> be talking about this in meetings.
> Apologies for any cross-posting.
> -Garth
> --
> Garth Bruen
> gbruen at knujon.com
> 617-947-3805
> http://www.knujon.com 
> <//prolinks.rediffmailpro.com/cgi-bin/prored.cgi?red=http%3A%2F%2Fwww%2Eknujon%2Ecom&rediffng=0>
> ICANN At-Large Advisory Council
> Author: WHOIS Running the Internet
> http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118679555.html 
> <//prolinks.rediffmailpro.com/cgi-bin/prored.cgi?red=http%3A%2F%2Fwww%2Ewiley%2Ecom%2FWileyCDA%2FWileyTitle%2FproductCd%2D1118679555%2Ehtml&rediffng=0>
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large 
> <//prolinks.rediffmailpro.com/cgi-bin/prored.cgi?red=https%3A%2F%2Fatlarge%2Dlists%2Eicann%2Eorg%2Fmailman%2Flistinfo%2Fat%2Dlarge&rediffng=0>
> At-Large Official Site: http://atlarge.icann.org 
> <//prolinks.rediffmailpro.com/cgi-bin/prored.cgi?red=http%3A%2F%2Fatlarge%2Eicann%2Eorg&rediffng=0>
> -------------------------------------------------------------------------------------------------------------------------------
> [NIXI is on Social-Media too. Kindly follow us at:
> Facebook: https://www.facebook.com/nixiindia & Twitter: @inregistry ]
> This e-mail is for the sole use of the intended recipient(s) and may
> contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender by reply e-mail and destroy
> all copies and the original message. Any unauthorized review, use,
> disclosure, dissemination, forwarding, printing or copying of this email
> is strictly prohibited and appropriate legal action will be taken.
> -------------------------------------------------------------------------------------------------

Garth Bruen
gbruen at knujon.com

ICANN At-Large Advisory Council
Author: WHOIS Running the Internet

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20170314/85c65016/attachment-0001.html>

More information about the At-Large mailing list