[Gnso-ppsai-pdp-wg] Commercial Use - White Paper

Kathy Kleiman kathy at kathykleiman.com
Tue May 13 11:59:10 UTC 2014

I agree with Volker.

> Hi John,
> this seems to be more of a jurisdictional problem than one of the 
> privacy service being in place.
>> Being privacy protected, of course, we can't immediately tell who is 
>> operating the website. Can we get law enforcement or courts in the 
>> registrar's jurisdiction to do anything ---- e.g., go to the 
>> registrar and ask or require them to reveal the identity of the 
>> registrant? No. Try to buy a drug such as Xanax from this website. 
>> This Internet pharmacy will ship anywhere in the world _except_ to 
>> Canada ---- where its registrar and servers are located. To protect 
>> its ability to sell drugs globally, the registrant has sacrificed 
>> sales to a single country, and chosen a registrar and servers there, 
>> to create a safe haven. Consequently, Canadian law enforcement cannot 
>> point to a violation of Canadian law: no drugs are being shipped into 
>> Canada ---- just everywhere else around the world. (Which, we can 
>> infer, is why this registrant removed Canada from their shipping 
>> destinations.) And, the reverse is true ---- a court order or law 
>> enforcement request from outside of Canada can simply be ignored by 
>> the registrar and server companies in Canada. Those who have argued 
>> that the best way to deal with p/p use by illegal actors is simply to 
>> get a court order are not accounting for this quite common scenario.
> As you describe it, as no canadian laws are being broken, no action 
> can be taken. So how is this different from a site not using privacy 
> services operated openly by a canadian resident? What would it help 
> you to know who is operating the site if you cannot get to him?
> What is the difference if the registrant operated an offline mail-oder 
> business from Canada instead?
>> Being able to hide their identity in the Whois record is also the 
>> perfect set up for another reason: many registrars have said in the 
>> past that they only way that they can (or perhaps, will) take action 
>> on a domain name is if the Whois record is falsified. But how would 
>> we know? It is privacy protected. That removes the WDPRS as a 
>> mechanism for dealing with abusive behavior.
> As registrar, it makes it easier to take action, because incorrect 
> whois is proven much more easily than illegal action. But in the end, 
> taking down questionable content using whois complaints is not what 
> the whois complaint system was designed for. It is a crutch, in lieu 
> of better tools, but ultimately, it is abuse of a tool designed for 
> better whois quality.
> We have even seen whois complaints being sent against domain names 
> where the whois is correct. The complainant way be thinking that if 
> they complain often enough, one complaint may be failed to be answered 
> and therefore be cause for a takedown. In te end, all that does is to 
> slow down the process.
>> Does this commercial registrant have a legitimate need for p/p 
>> services? I would argue that that is not the question to be 
>> answered.*The question is: Does a consumer, consumer protection firm, 
>> government agency, etc. have the right to know who is operating this 
>> website?* I would submit to this group that it is incumbent upon us 
>> to recommend a thoughtful, balanced policy that prevents this sort of 
>> "perfect set up" for Internet criminals to hide their identity as 
>> this one has. Keep in mind that, as pointed out in the circulated 
>> paper, no such right exists in the offline world ---- rather, 
>> consumers have the right to know who they are dealing with. Ample 
>> requirements exist for business registrations to do business 
>> transparently. There should be no difference in the online world.
> What is the benefit of knowing the registrant if what he is doing is 
> not breaking any laws where he is situated?
> Also, the offline-online comparison is flawed: Offline, the 
> corresponding rules are made by the governments where the service is 
> being provided. They are called laws and regulations. Online, the same 
> applies. governments make the laws for services operated under their 
> jurisdiction. If I operate a commercial (or oher) site in Germany, I 
> have to have an Impressum, i.e. a page stating who I am and how to 
> reach me. If Canada wanted such a law, they should enact it. If the US 
> wants Canada to enact such a law, they should engage in diplomacy. In 
> the end, it is not our role to make public policy better relegated to 
> the state level.
>> Finally, recall that the Affirmation of Commitments (AoC) requires 
>> "timely, unrestricted and public access to accurate and complete 
>> WHOIS information." The AoC goes on to state that WHOIS policy and 
>> its implementation needs to meet "the legitimate needs of law 
>> enforcement and promote consumer trust." I ask the group, is ICANN 
>> fulfilling its commitment, not only to law enforcement but especially 
>> to promote consumer trust, if it allows websites like this to 
>> continue using p/p services?
> Whois privacy services provide "accurate and complete WHOIS 
> information", therefore I cannot see what you are inferring. Law 
> enforcement of appropriate jurisdiction can contact the service 
> provider and get the data, provided there is a legal basis for that.
> Best,
> Volker
>> On Mon, May 12, 2014 at 11:40 PM, Libby Baney 
>> <libby.baney at fwdstrategies.com 
>> <mailto:libby.baney at fwdstrategies.com>> wrote:
>>     All --
>>     I appreciate the dialogue the group has begun regarding WHOIS
>>     transparency for entities engaged in commercial activity. With
>>     the hope of encouraging discussion on the merits of the issue, I
>>     am pleased to share the attached white paper: /*Commercial Use of
>>     Domain Names: An Analysis of Multiple Jurisdictions. */
>>     As you'll see, the paper addresses the following question: Should
>>     domain name registrants who sell products or services on their
>>     websites should be able to conceal their identity and location in
>>     the domain name registration? The paper argues that they should
>>     not. Rather, the authors find that requiring domain name
>>     registrants engaged in commercial activity to provide transparent
>>     WHOIS information falls squarely in line both with ICANN's
>>     commitment to Internet users and existing global public policy to
>>     keep businesses honest and consumers safe. Accordingly, the paper
>>     recommends an approach that balances personal privacy and
>>     consumer protection rights. On the one hand, domain names used
>>     for non-commercial purposes (e.g., personal blogs) should, the
>>     authors believe, be permitted to utilize privacy or proxy
>>     registration. This reflects a fundamental right to privacy of
>>     domain name registrants not engaged in commerce. However, the
>>     authors do not believe the same right exists for registrants of
>>     websites engaged in commerce -- a conclusion borne out by our
>>     research.
>>     It goes without saying that this group is divided on the issue of
>>     requiring WHOIS transparency for sites engaged in commercial
>>     activity. As some in the PPSAI WG have commented, these issues
>>     may be complicated but they nonetheless merit our full
>>     consideration. We hope the attached white paper stimulates
>>     further thinking and group discussion on the issues.
>>     I look forward to continuing the discussion tomorrow.
>>     Libby
>>     -- 
>>     Libby Baney, JD
>>     President
>>     FWD Strategies International
>>     www.fwdstrategies.com <http://www.fwdstrategies.com>
>>     P: 202-499-2296 <tel:202-499-2296>
>>     _______________________________________________
>>     Gnso-ppsai-pdp-wg mailing list
>>     Gnso-ppsai-pdp-wg at icann.org <mailto:Gnso-ppsai-pdp-wg at icann.org>
>>     https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>> _______________________________________________
>> Gnso-ppsai-pdp-wg mailing list
>> Gnso-ppsai-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140513/b14a289f/attachment.html>

More information about the Gnso-ppsai-pdp-wg mailing list