[Gnso-ppsai-pdp-wg] Commercial Use - White Paper
Volker Greimann
vgreimann at key-systems.net
Tue May 13 09:09:41 UTC 2014
Hi John,
this seems to be more of a jurisdictional problem than one of the
privacy service being in place.
> Being privacy protected, of course, we can't immediately tell who is
> operating the website. Can we get law enforcement or courts in the
> registrar's jurisdiction to do anything ---- e.g., go to the registrar
> and ask or require them to reveal the identity of the registrant? No.
> Try to buy a drug such as Xanax from this website. This Internet
> pharmacy will ship anywhere in the world _except_ to Canada ---- where
> its registrar and servers are located. To protect its ability to sell
> drugs globally, the registrant has sacrificed sales to a single
> country, and chosen a registrar and servers there, to create a safe
> haven. Consequently, Canadian law enforcement cannot point to a
> violation of Canadian law: no drugs are being shipped into Canada ----
> just everywhere else around the world. (Which, we can infer, is why
> this registrant removed Canada from their shipping destinations.) And,
> the reverse is true ---- a court order or law enforcement request from
> outside of Canada can simply be ignored by the registrar and server
> companies in Canada. Those who have argued that the best way to deal
> with p/p use by illegal actors is simply to get a court order are not
> accounting for this quite common scenario.
As you describe it, as no canadian laws are being broken, no action can
be taken. So how is this different from a site not using privacy
services operated openly by a canadian resident? What would it help you
to know who is operating the site if you cannot get to him?
What is the difference if the registrant operated an offline mail-oder
business from Canada instead?
>
> Being able to hide their identity in the Whois record is also the
> perfect set up for another reason: many registrars have said in the
> past that they only way that they can (or perhaps, will) take action
> on a domain name is if the Whois record is falsified. But how would we
> know? It is privacy protected. That removes the WDPRS as a mechanism
> for dealing with abusive behavior.
As registrar, it makes it easier to take action, because incorrect whois
is proven much more easily than illegal action. But in the end, taking
down questionable content using whois complaints is not what the whois
complaint system was designed for. It is a crutch, in lieu of better
tools, but ultimately, it is abuse of a tool designed for better whois
quality.
We have even seen whois complaints being sent against domain names where
the whois is correct. The complainant way be thinking that if they
complain often enough, one complaint may be failed to be answered and
therefore be cause for a takedown. In te end, all that does is to slow
down the process.
>
> Does this commercial registrant have a legitimate need for p/p
> services? I would argue that that is not the question to be
> answered.*The question is: Does a consumer, consumer protection firm,
> government agency, etc. have the right to know who is operating this
> website?* I would submit to this group that it is incumbent upon us to
> recommend a thoughtful, balanced policy that prevents this sort of
> "perfect set up" for Internet criminals to hide their identity as this
> one has. Keep in mind that, as pointed out in the circulated paper, no
> such right exists in the offline world ---- rather, consumers have the
> right to know who they are dealing with. Ample requirements exist for
> business registrations to do business transparently. There should be
> no difference in the online world.
What is the benefit of knowing the registrant if what he is doing is not
breaking any laws where he is situated?
Also, the offline-online comparison is flawed: Offline, the
corresponding rules are made by the governments where the service is
being provided. They are called laws and regulations. Online, the same
applies. governments make the laws for services operated under their
jurisdiction. If I operate a commercial (or oher) site in Germany, I
have to have an Impressum, i.e. a page stating who I am and how to reach
me. If Canada wanted such a law, they should enact it. If the US wants
Canada to enact such a law, they should engage in diplomacy. In the end,
it is not our role to make public policy better relegated to the state
level.
> Finally, recall that the Affirmation of Commitments (AoC) requires
> "timely, unrestricted and public access to accurate and complete WHOIS
> information." The AoC goes on to state that WHOIS policy and its
> implementation needs to meet "the legitimate needs of law enforcement
> and promote consumer trust." I ask the group, is ICANN fulfilling its
> commitment, not only to law enforcement but especially to promote
> consumer trust, if it allows websites like this to continue using p/p
> services?
Whois privacy services provide "accurate and complete WHOIS
information", therefore I cannot see what you are inferring. Law
enforcement of appropriate jurisdiction can contact the service provider
and get the data, provided there is a legal basis for that.
Best,
Volker
>
> On Mon, May 12, 2014 at 11:40 PM, Libby Baney
> <libby.baney at fwdstrategies.com <mailto:libby.baney at fwdstrategies.com>>
> wrote:
>
> All --
>
> I appreciate the dialogue the group has begun regarding WHOIS
> transparency for entities engaged in commercial activity. With the
> hope of encouraging discussion on the merits of the issue, I am
> pleased to share the attached white paper: /*Commercial Use of
> Domain Names: An Analysis of Multiple Jurisdictions. */
>
> As you'll see, the paper addresses the following question: Should
> domain name registrants who sell products or services on their
> websites should be able to conceal their identity and location in
> the domain name registration? The paper argues that they should
> not. Rather, the authors find that requiring domain name
> registrants engaged in commercial activity to provide transparent
> WHOIS information falls squarely in line both with ICANN's
> commitment to Internet users and existing global public policy to
> keep businesses honest and consumers safe. Accordingly, the paper
> recommends an approach that balances personal privacy and consumer
> protection rights. On the one hand, domain names used for
> non-commercial purposes (e.g., personal blogs) should, the authors
> believe, be permitted to utilize privacy or proxy registration.
> This reflects a fundamental right to privacy of domain name
> registrants not engaged in commerce. However, the authors do not
> believe the same right exists for registrants of websites engaged
> in commerce -- a conclusion borne out by our research.
>
> It goes without saying that this group is divided on the issue of
> requiring WHOIS transparency for sites engaged in commercial
> activity. As some in the PPSAI WG have commented, these issues may
> be complicated but they nonetheless merit our full consideration.
> We hope the attached white paper stimulates further thinking and
> group discussion on the issues.
>
> I look forward to continuing the discussion tomorrow.
>
> Libby
>
> --
> Libby Baney, JD
> President
> FWD Strategies International
> www.fwdstrategies.com <http://www.fwdstrategies.com>
> P: 202-499-2296 <tel:202-499-2296>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org <mailto:Gnso-ppsai-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140513/7c72da51/attachment.html>
More information about the Gnso-ppsai-pdp-wg
mailing list