To: Jo Lim
    Chief Policy Officer
    .au Domain Administration

From: Bruce Tonkin, auDA member

Comments on Draft Registrar Agreement
*************************************

I am an employee of Melbourne IT, and a member of auDA.  The following
comments are my personal comments as a member of auDA, and do not
necessarily reflect the view of my employer.

I view the draft Registrar Agreement as the single most important outcome
from auDA to date, as it defines how registrars and resellers must behave in
".au" domain name market in future.  There are parts of this agreement that
raise more general concerns I have about processes and procedures in auDA.

Before my employment at Melbourne IT, I was elected to the Board of
Directors of the Australian Telecommunications Users Group (ATUG) in 1997.
I have learned much about the strengths and weaknesses of the regulatory
process in the telecommunications industry.  Over the past 12 months I have
been actively involved in the processes of ICANN and auDA.  Again I have
learned much about the strengths and weaknesses of both organisations.

auDA, as far as I know, is a relatively unique regulatory model in
Australia.  It has the delegation of directly managing the ".au" space from
IANA (which is managed by ICANN on behalf of the US Dept of Commerce) and
will be directly licensing the registries and registrars with ".au" (ie it
is the policeman).  It also has the responsibility for developing the
policies (such as the names policies and code of conducts) in an industry
self-regulatory manner, which involves broad participation from industry and
consumers (ie it is the law maker).

I think it is very important that the body responsible for licensing and
policing registries and registrars, ensures that it does not end up creating
its own policies and codes against which decisions for licensing and
policing are done.  For example the ACCC is responsible for applying the
Trade Practices Act.  The Trade Practices Act is created and approved within
Parliament.  The police force is responsible for applying laws, it does not
create the laws.  The Australian Communications Authority (ACA) applies the
Telecommunications Act, and can also take input from the Australian
Communications Industry Forum (ACIF) in relation to technical standards and
code of conduct.

Similarly auDA should establish processes that ensure that it separates its
role as regulator from its role as self-regulatory policy body.  An example
of how this process worked well was in the Advisory Panels for the
competition and names policies.  In each case auDA provided secretariat
services to Advisory panels with wide participation.  In each case the Board
of auDA was responsible for ensuring that the panels worked to an
appropriate time-frame, and ensured that an appropriate public discussion
process took place.  The Board was able to monitor whether the Advisory
Panels took into account public comment.  In each case members of the Board
of auDA did not participate in the Advisory Panels.  The Board was able to
approve the outcomes of the advisory panels once they had ensured that an
appropriate process had taken place.  This was good corporate governance.

However since June 2001, I have noticed a gradual change in processes.  For
example, auDA staff and auDA Board members are actively involved in the
development of key documents and do their best to defend the content of
documents in public meetings.  Perhaps a more appropriate process would be
to engage an external advisor to produce an early document for discussion
and to explain the reasoning behind the draft document, and for auDA to
again act in a secretariat role to collect information gained from public
discussions.  In fact auDA's constitution (clause 24.8) states that Advisory
Panels will be the principle mechanism for developing policy
recommendations.  Now of course the temptation is to avoid such processes by
stating that the relevant document is not a policy document, and that it
conforms to a policy document (like the names panel report or competition
panel report).  I strongly disagree with that approach.  With the recent
documents, including the draft registrars agreement, there has been a drift
from some of the recommendations (which may be quite justified provided that
it is subject to the public approval process), and also text that has a
significant impact on the practical operation of the industry that was not
documented in detail in the original policy documents.

I have noticed with some of the language of the draft registrar agreement a
tendency for blurring of the role of regulator and policy body (e.g text
such as clause 15.5 where auDA is entitled to direct the Registrar not to
accept any services from a particular reseller, but no clear guidelines are
listed for making that decision).  In many cases it may just be that the
wording is too open, but it is really a principle between auDA having a
large amount of discretionary decision making, versus decisions made
primarily against a document developed by an Advisory Panel process (and
thus based on broad consumer and industry experience).  For example I would
rather that auDA be able to direct a registrar not to accept any services
from a reseller that has been found to have violated the code of conduct.
It may even be better to have some independent group make the judgement over
whether a reseller has violated the code of conduct, before auDA takes
action.

It is often stated that if anyone has a problem with auDA and its policing
role, then all that needs to happen is for the auDA members to vote for a
new Board.  However this is generally an approach of last resort, and also
generally an approach that takes some time to take effect.  This would be
the equivalent of allowing the police force to act with few supporting laws
or code of conduct, but ensure the population that if they have a problem
then all they need to do is vote for a new Government.  It is nearly always
better to have a clear set of operating procedures for the regulator, and
for those operating procedures to be established by the community as a whole
with wide participation.

I would also like to make clear that as a whole there are few complaints
from consumers about the domain name industry, and nearly all resellers of
domain names have very good relationships with their customers.  This
environment does not warrant a very heavy handed approach to regulation.

Clause 19.1 of the draft registrar agreement states obligations of auDA,
which are partly derived from similar obligations for ICANN.  However these
obligations seem to be open to interpretation.  For example, much
disagreement between Melbourne IT and auDA appears to relate to definitions
of 19.1.1,
with regard to operating in an open and transparent manner. I would like to
see auDA publicly create a set of operating procedures to meet this
statement, before I am comfortable relying on this statement for the
purposes of the registrars agreement.  For example, auDA had published no
Board minutes since May 2001, yet all the important decisions regarding
competition have occurred after that date.  In October 2001, the minutes for
July 2001 were finally published.  In contrast ICANN conducts its Board
meetings in public (both for people attending and an on-line version), and
publishes the minutes from its meetings almost immediately.  This is a
standard that auDA would do well to follow to ensure that there is true
openness and transparency.

The definition of Published Policies in the draft agreement states:
"means those specifications and policies established and published by auDA
from time to time, as the self-regulatory body responsible for the
administration of the ".au" ccTLD, in accordance with its constitution".

I suggest the following phrase be added:
"through the following process:
(1) the adoption of the policy by the auDA Board of Directors, AND
(2) a recommendation that the policy be adopted, by a least a two-thirds
vote of the Advisory Panel set up to advise on the policy, AND
(3) a written report and supporting materials (which must include all
substantive submissions to the Advisory Panel relating to the proposal) that

	(i) documents the extent of agreement and disagreement among
impacted groups
	(ii) documents the outreach process used to seek to achieve adequate
representation of the views of groups that are likely to be impacted,
	(iii) documents the nature and intensity of reasoned support and
opposition to the proposed policy"

This ensures that future policy documents are the outcome of a rigorous
process with a level of independence from the auDA Board and auDA staff, and
that auDA Board and staff will be responsible for regulating the compliance
of registries and registrars/resellers with those policies.  The above text
was based on similar text associated with the definition of "consensus
policies" in the ICANN Registrars agreement.  An example of such a written
report, was the IANA report on the delegation of ".au".

Much effort went into establishing the Advisory Panel procedures
(http://www.auda.org.au/panel.html) and these should be used more often than
they have been over the past 3 months.  For example a more effective process
for developing the draft registrars agreement would have been to select an
Advisory Panel well in advance, and allow the external legal advisors to
create an early draft for review by the Panel.  The legal advisors could
then develop a second draft for consideration.  The advantage of formally
establishing an advisory panel, is that auDA can ensure sufficiently broad
representation without relying on the recent ad-hoc public meetings (that
were predominantly attended by Melbourne based domain name retailers, with
little consumer input).

I do not believe that the above procedures need necessarily create delays in
auDA's decision making.  I do believe however that the procedures will lead
to far better outcomes by engaging a broad level of expertise and
experience, rather than relying on a few individuals with limited time and
their own personal experience to develop policies and procedures on their
own.  

Both the recent public meetings I attended resulted in many constructive
comments being made to the current drafts, and I believe the experience
highlights the need for continued consultation with members of the industry.
Any delays that may result from these meetings could have been avoided
through the earlier involvement of members of industry and consumers.

I would like to conclude by saying that I have high regard for the auDA
staff members and the auDA Board, and my comments are not made against any
individuals.  Each of these people have shown their commitment to creating a
better domain name industry.  I just want to ensure that the procedures
established in other areas of life through many years of experience, with
respect to separation of policy compliance and policy making and good
corporate governance principles, are applied in the domain name industry.

Bruce Tonkin
auDA member

--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 317 subscribers. 
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request§auda.org.au to be removed.