Exclusive: Internet.bs Response to ICANN Breach Notice

I posted a couple of days about the breach notice ICANN had sent to Internet.bs.

Earlier this evening Internet.bs’ CEO Marco Rinaudo reached out to me and asked me to publish a public response to this.

For the record I do not know Mr Rinaudo personally, but I think it is only fair to offer him a an opportunity to address this situation in public.

Here’s his statement where he explains and addresses the matters raised by the ICANN notice:

After all the successful efforts made during the last few years to make sure that our Registrar was not abused by unscrupulous registrants, it is unfortunate that we received such a notice from ICANN especially as it relates to just one single domain name. As such I have decided to comment on the incident to keep our Registrar’s operation fully transparent and accountable.

It should be noted that ICANN is regularly sending Whois Inaccuracy Reports to Registrars and it is not uncommon for a medium size Registrar to process a dozen in a single month. For ten years we have handled 100% of them within the timeframe set by ICANN. ICANN has systematically acknowledged that all the past Whois Inaccuracy Reports were satisfactorily responded to.

Unfortunately, due to human error, for just one Whois Inaccuracy Report, one of our operators moved the corresponding ticket under a deprecated queue, which was no longer monitored. All subsequent notifications, that are processed electronically including faxes and voicemailbox were routed under the same original ticket and consequently disregarded.

 It was only when the Notice of Breach was issued that I personally noticed the message in which I was in copy. While it is an inexcusable human chain of error, it is clear that we had no intention after 10 years of ICANN accreditation to put at risk our business because of a Whois Inaccuracy Report that we routinely handle without any incident. 

Among the different points listed by ICANN, three are all related and to the same Whois Inaccuracy Report, in other words, because we have not handled the Whois Inaccuracy Report for the above explained reasons, ICANN has logically assumed that we were in breach with respect to:

1. Failure to take reasonable steps to investigate claimed Whois inaccuracies, as required by Section 3.7.8 of the RAA;

2. Failure to maintain registration records as required by Section 3.4.2 of the RAA;

and

3. Failure to make registration records available upon request by ICANN, as required by Section 3.4.3 of the RAA.

The above are reasonable assumptions made by ICANN, however the facts are that we had simply not seen their original and subsequent requests. We keep all records and escrow data as regulated by ICANN and as satisfactorily demonstrated to ICANN in a regular basis for similar Whois Inaccuracy Reports.

There are two other potential non-compliance points mentioned by ICANN:

1. Failure to provide a link to, or display on Internet.bs’ website, the fees required by Section 4.1 of the Expired Registration Recovery Policy (“ERRP”); and

2. Failure to provide a description on Internet.bs’ website of methods used to deliver pre- and post-expiration notifications on registrar’s website, as required by Section 4.2 of the ERRP.

We do show our fees and we are surprised that ICANN did not see them, I am adding a link to the WayBack machine to our Pricing page that is in place for many years and it is accessible from the Front Page under the Main Menu (http://www.internet.bs/price.html). The page is also clearly showing the renewal and restoration fees as required by ICANN policies: 

http://web.archive.org/web/20120223003256/http://internetbs.net/price.html

 In order to follow ICANN efforts we have decided to add an extra link at the footer of all our pages so to make sure that nobody could miss our pricing page anymore.

While ICANN is correct that we had not yet added a text to our Terms and Conditions about how we deliver pre- and post-expiration notifications for expiring domains, we have been following ICANN policy and as required by Section4.2 of the ERRP and we have been sending at least two emails to Registrants prior to domain expiration. In order to be formally compliant with ICANN we have today added the following text to our Terms and Conditions:

“With respect to domain name registration services, we will email a renewal notification approximately one (1) month and approximately one (1) week prior to each such domain name’s expiration. In addition, if a domain name is not renewed and the corresponding registry allows a grace period, we will email an additional renewal notification within five (5) days after the expiration of such domain name’s registration. All these renewal reminders will be sent to the registrant contact email address. Additionally we will be sending renewal reminders to the account email address as defined by you once per week starting approximately 45 days before expiration and once per day during the last 7 days, unless you disabled renewal reminders from our Control Panel. It is your sole responsibility to keep the email address accurate and check it regularly.”

Despite the above not previously being included in our Terms and Conditions, we were indeed following the requirement of Section4.2 of the ERRP, so our customers have been treated as required by ICANN.

As you can clearly see, all the points have been corrected besides the Whois Inaccuracy Report. That should be cured by Monday evening, after our investigation will be completed and the relevant report sent to ICANN. From a preliminary investigation, we simply expect that the domain subject to Whois Inaccuracy Report will simply be suspended but we still have to give time for the Registrant to demonstrate that the whois data is correct. If he fails to do so, the domain will be suspended as per our Terms and Conditions and in accordance with the relevant ICANN policy. 

In conclusion, a Notice of Breach is personally a huge disappointment after 10 years of compliant operations and I am very sorry. I can reassure all our customers that this matter will be fully resolved as quickly as humanly possible. I wanted also to point out that I do NOT blame ICANN for our human chain of mistakes that made the Whois Inaccuracy Report and all the subsequent notifications go unnoticed. I assume full responsibility for it and I have already organized our ticketing system, phone and fax to be totally independent from now on, so if a ticket goes under the wrong queue, subsequent notifications coming from different channels cannot go under the same folder.

I publicly submit my personal apologies for the incident and I wish to reiterate that Internet.bs Corp. strives to always be 100% compliant with all ICANN policies and will continue to do so with even more determination.

  

Marco Rinaudo – CEO

Internet.bs Corp.

http://www.internet.bs

http://www.internetbs.net



 

By Michele Neylon

Michele is founder and managing director of Irish domain registrar and hosting company Blacknight. Michele has been deeply involved in domain and internet policy discussions for more than a decade. He also co-hosts the Technology.ie podcast.

5 comments

Comments are closed.

Exit mobile version