"Figures don't lie, but liars can figure." The last line of the cited report is a particularly egregious example of this. One of the domain owner fields is a for a 'fax' number for contact. If you don't have a fax then, *of*course*, that field is going to be 'incomplete' -- or filled with some registrar 'default', recognizably *invalid*, data -- e.g. (000) 000-000, or (999) 999-999. The '5.14%' number is similarly suspect, _if_ the 'phone numbers' examined include the 'fax phone number' field.
And, unless the GAO restricted the check to domains registered to addresses in the USA, 'defective' and/or 'missing' *ZIPCODE* data is to be expected. Even Canada doesn't have _ZIP_ codes. that said, I figure that this one is a gratuitous error on the part of the person writing the review of the GAO report, rather than a procedural flaw in the GAO analysis.
That said, I expect the GAO report did find evidence of real problems in the registration process. Too much 'trust', and not enough '*trust*but* *verify*'. For U.S.A. based addresses, there is simply no excuse for accepting a registration where the street address and "postal code" do not match. The USPS has an on-line look-up tool where the full ZIP+4 can looked up for any particular address. Now, admittedly, some addresses may have multiple ZIP+4 codes -- e.g. my building has distinct zip+4 for each of several groups of residents, _and_ a 'catch all' ZIP+4 that is valid for any address in the building. I think there may be yet another '+4' that identifies 'some/any building on this block'.
A number of other countries have similar publicly accessible tools for validating addresses, postal codes, and/or the combination thereof.
The fact that registration services do -not- make use of things like that to make even a 'minimal' attempt to keep the database 'clean'
*is* an outrage, and an abomination, no doubt about it.