[Gnso-ppsai-pdp-wg] FW: Draft Grouping of Charter Questions - some edits

Tim Ruiz tim at godaddy.com
Wed Jan 8 15:06:28 UTC 2014 

Thanks John. That's the kind of info that I believe is very helpful. I especially appreciate the Visa/bank example and I agree, it is a very good analogy and something we can/should use.

Tim


On Jan 8, 2014, at 9:59 AM, "John Horton" <john.horton at legitscript.com<mailto:john.horton at legitscript.com>> wrote:

Hi all,

Thanks for the comments. Volker, thanks for your comments, and I should also note that LegitScript has been appreciative of Volker's company's (Key-Systems) approach to anti-abuse issues in the area we deal with. (And, Tim, we think GoDaddy's anti-abuse team is great and work with them closely.)

That said, let me respond on a few points.

First, I'll respond to Tim's question, and Volker's statement about banks. It's simply inaccurate that banks only take action based on legal requirements, law enforcement requests or court orders. LegitScript works closely with Visa and other credit card networks and through them with acquiring banks, so I feel comfortable stating that we know this area pretty well. The very firm position of the credit card networks is that acquirers are bound to ensure that the merchant's activity is legal in the cardholder's network as well as the merchant's network. No credit card network would put up with a bank insisting that they need a court order or law enforcement request. Generally, when that illegal activity is shown, the bank cancels not only the credit card account but the entire account. Without, I again emphasize, a court order or law enforcement request. (I should note here that I'm not talking specifically about disclosure of the merchant's identity but about providing or canceling services in general.)

I think that this is a useful analogy because, like in the ICANN sphere, it's a matter of contract. And it is required (not voluntary on the part of the bank.) Like in the ICANN sphere, we also see a common dynamic where -- I'll use illegal pharma as an example, again because I know it -- an illegal drug seller living in, say, Thailand targeting customers in Germany chooses a bank in the US (where German law enforcement has no jurisdiction), ships the drugs from China, and so forth. If the bank were to argue to Visa, "Well, we're in the US and US laws aren't being broken. Get me a court order from the US." that argument would be immediately rejected and Visa would fine the bank. The reason is that the credit card network sphere is largely governed by contract, because -- just like we see in the ICANN world -- once companies start insisting on local court orders, it gives criminals an opportunity to pick safe havens.

As to search engines (responding to Tim's question about what other industries do, and whether it's voluntary or required), using Google as an example, their voluntary and I think very committed efforts (disclosure: we work closely with them as well as Bing/Yahoo) to stop rogue pharma from using their paid ad services also occurred pursuant to a half a billion (USD) fine and non-prosecution agreement. Microsoft and Yahoo quickly adopted the same standards after seeing what happened. Voluntary? Well, I think required is the better word: it's very clear in the search engine space that if you're running an ad program, it's your responsibility to make sure that the advertiser (again, in my area, rogue pharma) is operating legally both in the country where they are operating and where they are marketing drugs to. Otherwise, you can be held responsible for turning a blind eye to criminal activity and profiting from it.

That said, Volker and others raise entirely valid points -- but the point I'd make is, I think this group needs to achieve balance on all of these considerations, not discount those Gema and I  have raised. For example, Volker (and separately Kathy) have both raised the point that a complainant could be anti-competitive or falsely claiming to be a victim. That's absolutely true. We see that too, and have to deal with it. I just dealt with a situation a few weeks ago where someone claiming to be a victim was, in fact, a rogue Internet pharmacy competitor. (But, we figured it out.) That doesn't take away from the fact that some complainants are, indeed, victims. These are not mutually exclusive, and we need to recognize that both dynamics exist -- not assume that all complainants are victims or are fraudulent.

Coming back to the task at hand, I'd encourage the group to consider those questions. They are just questions, which are, of course, designed to solicit better information and responses. If they can be improved and rewritten, I'm all for it. And don't assume from this that I am suggesting that a complainant (seeming to be a victim) should be immediately told the registrant's identity -- that sounds like a horrible policy. We're only proposing questions here to elicit better information.

I hope that information about credit card networks, banks and search engines is helpful. Please do not hesitate to let me know if I can clarify anything.

John Horton
President, LegitScript
 [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]


Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>


On Wed, Jan 8, 2014 at 6:03 AM, Tim Ruiz <tim at godaddy.com<mailto:tim at godaddy.com>> wrote:
I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation.

Tim


On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:

Hi all,

to respond to John's comments:



  *   When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime.

When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary.

  *   Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk.

Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from.

No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator.

  *   The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot.
  *   Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes.

Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service.

Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same.

John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous.

Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability.

Best,

Volker


Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined.

John Horton
President, LegitScript
 [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]


Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>


On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>> wrote:


From: Kathy Kleiman <kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>>
Date: Tuesday 7 January 2014 16:38
To: Marika Konings <marika.konings at icann.org<mailto:marika.konings at icann.org>>
Subject: Fwd: Draft Grouping of Charter Questions - some edits

Hi Marika, could you post this to our working group?



-------- Original Message --------
Subject:        Draft Grouping of Charter Questions - some edits
Date:   Tue, 07 Jan 2014 10:35:02 -0500
From:   Kathy Kleiman <kathy at kathykleiman.com><mailto:kathy at kathykleiman.com>
To:     gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>


Hi All,
Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted).

Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties).

For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show).

Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list.
Best,
Kathy

:
I will miss the first 30 minutes due to another obligation, but will join as soon as I can.

From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Marika Konings
Sent: Monday, January 06, 2014 4:30 AM
To: gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting

Dear All,

Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC).

Best regards,

Marika

Proposed Agenda - PPSAI PDP WG Meeting - 7 January 2013
1.       Roll Call / SOI
2.       Review & finalise SG/C Template (see revised version attached)
3.       Review & finalise SO/AC Outreach Letter (see revised version attached)
4.       Input to EWG Survey (see attached)
5.       Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX)
6.       Review proposed charter question groupings (see latest version attached)
7.       Next steps & confirm next meeting



_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg




_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg




_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg



--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verf?gung.

Mit freundlichen Gr??en,

Volker A. Greimann
- Rechtsabteilung -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901>
Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851>
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<http://www.twitter.com/key_systems>

Gesch?ftsf?hrer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu<http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur f?r den angegebenen Empf?nger bestimmt. Jede Form der Kenntnisgabe, Ver?ffentlichung oder Weitergabe an Dritte durch den Empf?nger ist unzul?ssig. Sollte diese Nachricht nicht f?r Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann
- legal department -

Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901>
Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851>
Email: vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>

Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>
www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated:
www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>
www.twitter.com/key_systems<http://www.twitter.com/key_systems>

CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP
www.keydrive.lu<http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.





_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140108/dfb4acf5/attachment-0001.html>

More information about the Gnso-ppsai-pdp-wg mailing list