[Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns

Kathy Kleiman kathy at kathykleiman.com
Sat Mar 7 14:59:37 UTC 2015

Hi Todd and Val,
Tx you for the discussion! I appreciate it and am glad to know to know 
there are ways to address some of the concerns with clarifying language. 
Val, thanks in particular for your guidance on wording. All, I will sit 
down tomorrow, "track changes" and pen in hand, and edit a version that 
hopefully clarifies communications and defaults per our joint 

Re: Supoenas, the story seems to be a bit more complicated. I've done 
some outreach this week to attorneys who spend a lot of time with 
copyright identity disclosure supoenas. What they say is that, yes, 
courts in the US rapidly issue a "reveal" subpoena, but that is only the 
beginning of the story.  The Provider who receives the subpoena notifies 
its Customer. The Providers provide time - generally 30 days or more -- 
for the the Customer to respond. The Customers can then file on their 
own behalf in court - a request to quash -- and/or the Provider can file 
in court to.

The following quote comes from Mitch Stoltz, Attorney with the 
Electronic Frontier Foundation, and he summarizes his thoughts on the 
"state of play" of copyright and similar subpoenas:

==>There is an emerging consensus among courts around the U.S. that 
merely accusing one who speaks anonymously on the Internet of some 
violation of law (be it trademark, libel, or another law) doesn’t strip 
the speaker of their right to speak anonymously. The right of free 
expression requires a balancing of interests by an impartial judge 
before anonymity can be stripped away. Because Internet sites, and their 
domain names, are the preeminent medium of free expression in the 21st 
century, the ability to register and maintain a domain name anonymously 
is an essential part of freedom of expression that must be protected 
through a similar balancing of interests and a fair, neutral 
decisionmaking process. An accusation that is legally deficient, vague, 
pretextual, or harassing should not result in the identification of an 
anonymous domain registrant, even if the registrant does not respond.


> Let me add my thanks Kathy for circulating your thoughts, which I 
> thought stimulated a good discussion on Tuesday.  As I mentioned on 
> that call, I think most if not all of what you’ve outlined goes to 
> basic drafting revisions/clarifications, rather than to substantive 
> disagreements.  So with the goal of moving the process forward in 
> anticipation of next Tuesday’s call, perhaps we as a WG can go through 
> some of your substantive comments (I don’t have an issue with your 
> general comments) point-by-point.  I’ll start:
> ·_Misrepresentations_.  Both FN1 and the Annex address possible 
> methods of resolving Provider claims of false 
> statements/misrepresentations.  Certainly we as a WG should discuss 
> the various options in the Annex further.  But that discussion would 
> presumably relate to the method, not to the actual sanctions.  I’m not 
> sure that it’s within our ambit as a WG (or ICANN’s?) to proscribe 
> what the sanctions would be.
> ·_“Higher bar.”_ In terms of the “much higher bar” – what would you 
> propose?  You mentioned using the DMCA § 512(h) as a go-by, but I 
> think that’s actually a lower standard, not a higher one.  Not to get 
> too into the weeds of the DMCA (which we’re only really referencing 
> here as a go-by), but my basic understanding is that § 512(h)(4) says 
> that as long as the notice, subpoena, and declaration are in proper 
> form, the clerk “shall expeditiously issue” the subpoena, and that § 
> 512(h)(5) says that the provider must then “expeditiously disclose” 
> the information required by the subpoena.  So the whole process is 
> automatic: there’s no discretion or substantive review by either the 
> clerk or by the provider. Conversely, the process outlined in III(B) 
> of the proposal that we’re considering gives the P/P Provider 
> discretion to either: 1) disclose; 2) refuse to disclose (and provide 
> it’s reasons why); or 3) ask for more time.
> ·_Default_. As I mentioned on the call, I don’t read III(B) as 
> requiring disclosure in cases of default.  Rather, if there is a 
> default (“after the time for Customer’s response has passed”), the P/P 
> Provider can */either/*: 1) disclose; 2) refuse to disclose (and 
> provide it’s reasons why); or 3) ask for more time.  If the Provider 
> chooses Option (2) and the Requestor doesn’t like the reasons the 
> Provider gives as to why, the Requestor can then request 
> reconsideration under III(F).  And if the Provider still refuses, the 
> matter can go to the ICANN-approved dispute resolution process 
> referenced in FN4.  But nowhere does Section III contemplate automatic 
> disclosure after default.  I think that’s relatively clear from the 
> way that Section III is drafted and structured, but if you want to 
> propose clarifying language to make that point more clear, please do.
> ·_Third-party independent review_. Section III(F) and FN4 already 
> contemplate this.  So I don’t think the question on the table is 
> */whether/* the proposal should allow for this (it does), but under 
> what circumstances.  As Michele noted on the call on Tuesday, 
> requiring third-party independent review too often, or otherwise 
> making the process too convoluted, isn’t going to help, because P/P 
> Providers (who, as Michele noted, typically don’t charge very much for 
> the service) are just going to draft their Terms of Service to say “if 
> we get a complaint about X then we’re going to terminate the service” 
> rather than going through the independent review.  In light of that, I 
> think the proposal strikes the right balance on the third-party 
> independent review (basically, it’s available, but only for the tough 
> cases in which the Provider has twice refused to disclose).  But if 
> you think there is a way to adjust that balance, while still 
> accounting for Michele’s cost concern, let us know.
> ·_Privacy of communication b/w Providers and Customers_. As I 
> mentioned on the call, I don’t read III(E) as requiring Providers to 
> pass on communications from Customers to Requestors verbatim; it just 
> says that the Requestor must be informed of the reasons for the 
> objection by the Customer. But if you want to add a clause to III(E) 
> to make that more clear, that’s fine.  Would this tweak do it: “If 
> refusal to disclose is based on objection to disclosure by the 
> Customer, Provider must inform Requestor of the reasons for objection, 
> though Provider need not do so by relaying Customer’s objection 
> verbatim.”?
> Looking forward to the call on Tuesday.  Thanks.
> Todd.
> *From:*gnso-ppsai-pdp-wg-bounces at icann.org 
> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] *On Behalf Of *Phil Corwin
> *Sent:* Tuesday, March 03, 2015 9:53 AM
> *To:* Carlton Samuels; Kathy Kleiman
> *Cc:* PPSAI
> *Subject:* Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure 
> standards - some comments and concerns
> Good observations, Kathy. Worthy of discussion.
> *Philip S. Corwin, Founding Principal*
> *Virtualaw LLC*
> *1155 F Street, NW*
> *Suite 1050*
> *Washington, DC 20004*
> *202-559-8597/Direct*
> *202-559-8750/Fax*
> *202-255-6172/cell*
> **
> *Twitter: @VlawDC*
> */"Luck is the residue of design" -- Branch Rickey/*
> *From:*gnso-ppsai-pdp-wg-bounces at icann.org 
> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] *On Behalf Of *Carlton 
> Samuels
> *Sent:* Tuesday, March 03, 2015 9:35 AM
> *To:* Kathy Kleiman
> *Cc:* PPSAI
> *Subject:* Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure 
> standards - some comments and concerns
> Thanks for the heavy lifting here Kathy.  I belatedly read the 
> document and I can tell you now your arguments are compelling.
> -Carlton
> ==============================
> Carlton A Samuels
> Mobile: 876-818-1799
> /Strategy, Planning, Governance, Assessment & Turnaround/
> =============================
> On Mon, Mar 2, 2015 at 5:59 PM, Kathy Kleiman <kathy at kathykleiman.com 
> <mailto:kathy at kathykleiman.com>> wrote:
> Hi All,
> First, thank you, Steve, Graeme and All. I know a lot of people have 
> spent a lot of time in the IP and Registrar Communities working on 
> this draft. Tx you – and appreciate your invitation to comments and 
> concerns!
> I have reviewed the Draft carefully and have some initial comments to 
> share.  Although I spoke with people in the WG while preparing them, 
> these comments are my own.(If there is problem with the formatting 
> below, please let me know.)
> 1.       General Comments
> a.       `Let’s make the wording more neutral. Let’s add “alleged” or 
> “claimed” in all references of infringement (e.g., trademarks, 
> copyrights of domain names/websites. Another good term would be 
> “claimed infringement” -- which is the one used in similar sections of 
> the Digital Millennium Copyright Act to the sections we are working on 
> here.
> 2.       More substantive comments
> a.       Are we missing levels of protections for the 
> Customer/Registrant?  In the Digital Millennium Copyright Act (DMCA), 
> there were two levels of protections for the “users.”
> i.The first was sanctions for misrepresentation. Basically, any 
> company which knowingly materially misrepresents that material or 
> activity is infringing is liable for damages, including costs and 
> attorney fees caused from injury resulting from the misrepresentation. 
> Don’t we need similar sanctions here?
> ii.A much higher bar for revealing the identity of the alleged 
> infringer. The DMCA allows rapid takedown based on statements very 
> similar to the one we proposing, but Reveal is a whole different 
> story.  The standard is much higher and goes through Court. Thus US 
> Copyright Code, Sec 512(h), requires a subpoena to reveal data:
> `(1) REQUEST- A copyright owner or a person authorized to act on the 
> owner's behalf may request the clerk of any United States district 
> court to issue a subpoena to a service provider for identification of 
> an alleged infringer in accordance with this subsection…
> Shouldn’t we have a higher standard too?  It seems important to 
> balance the rights of both sides, including whether the Allegation of 
> Illegality sufficiently outweighs the Privacy Interests and Rights of 
> the Battered Women’s Shelter, Online Magazine or Bloggers posting 
> unpopular views of corruption.
> iii.      A deep concern about default. As I read the rules, if you 
> don’t respond, you lose and your data is revealed.  But this is a 
> problem because we can think of many reasons why Customers/Registrants 
> would not respond. For example:
> a.Request came at the beginning of August,
> b.Request disappeared into spam;
> c.Registrant/Customer is unable to respond (perhaps language 
> barriers); and/or
> d.Registrant/Customer is scared to respond.
> 2.I would submit that in something as important as revealing identity 
> and physical locations, there should be no automatic default. It is 
> completely possible that a) the allegations are incorrect on their 
> face (no jurisdictional overlap, for example), or b) that there are 
> clear defenses on “its face,” e.g., on the website.
> Thus, an anti-bullying group may post the copyrighted logo of a gang 
> engaging in bullying (or worse) in a local school or neighborhood; is 
> so, the gang’s allegation of copyright infringement could be clearly 
> weighed against the “safe neighborhoods for all” activity taking place 
> on the website.
> Similarly, an online publication in Europe may have every right to use 
> the logo and trademark of a large multinational it is criticizing, or 
> the image of Mohammed, without having its identity and address 
> revealed without due process.
> Ditto for a battered women’s shelter posting a copyright logo, motto 
> or design and urging women to watch for it and those bearing it.
> Due process is not automatic default, but a full and fair review of 
> the website and other reachable information, even if the 
> Customer/Registrant is unable to respond for herself or himself.
> 3.       Option: we might consider Third Party or Independent Review. 
> This is something that Steve and Graeme’s draft have already suggested 
> for rejections of IP Owner Requests. It could serve Customers too by 
> creating a review of default situations – or perhaps an independent 
> forum for Service Providers who choose to outsource this difficult 
> evaluation.
> iv.Privacy of communication between Customers and their Providers . 
> The rules of Section III(A) seem to bar private communication with 
> your Provider. Everything a Customer/Registrant might write to their 
> Provider must be passed on verbatim (if I read this correctly).  But 
> that’s a problem for those with English as a second language (or 
> third) or those without lawyers, and those simply trying to explain in 
> clear and informal language to explain this situation. 0What will 
> happen, I am concerned, is that whatever informal response a Customer 
> provides to its Provider will operate (unintended) as an Admission 
> Against Interest or an unintended Waiver.
> Further, the Customer/Registrant might inadvertently reveal a bit 
> about their identity or even location – trying to explain their 
> position clearly to the Provider – and this should not be passed on to 
> the Requester automatically either.  I am not sure of th answer here 
> as IP Owners should know something about the response, but not 
> necessarily the full communication of the Customer (e.g., he is 
> stalking me).
> Thanks for reading!
> Best,
> Kathy
> On 3/2/2015 9:54 AM, Metalitz, Steven wrote:
>     PPSAI WG members,
>     Attached please find an updated version of the document Graeme and
>     I circulated prior to last week’s meeting.  This updated version
>     includes three or four wording tweaks, intended to reflect the
>     discussion on last week’s call.  Looking forward to further
>     discussion on tomorrow’s call.
>     Steve Metalitz
>     *From: *<Metalitz>, Steven <met at msk.com <mailto:met at msk.com>>
>     *Date: *Monday, February 23, 2015 at 11:57
>     *To: *"'PPSAI (gnso-ppsai-pdp-wg at icann.org
>     <mailto:gnso-ppsai-pdp-wg at icann.org>)'"
>     <gnso-ppsai-pdp-wg at icann.org <mailto:gnso-ppsai-pdp-wg at icann.org>>
>     *Subject: *Re: [Gnso-ppsai-pdp-wg] Category F -- updated status
>     report and text for discussion
>         PPSAI WG members,
>         This follows up on our note of Feb. 3 providing a status
>         report on subgroup  discussions among some IP interests and
>         p/p service providers regarding p/p disclosure standards.  To
>         reiterate, the group’s work is not meant to obviate or
>         displace the work of the larger PPSAI WG on this issue –
>         rather, it is meant to constructively contribute to the
>         discussion by producing one proposal on this issue for the
>         larger group’s consideration.
>         In light of further consideration and of the need to move
>         forward the WG discussion on Category F, we present the
>         attached document that we hope will help provide a framework
>         for discussion of the disclosure issue in the WG.  We
>         emphasize that this is not a proposal from IPC, the Registrar
>         Stakeholder Group, or any subset of either, and that we fully
>         anticipate the text to be modified and improved through
>         further discussion at the WG level. (We also acknowledge that
>         the WG may find the proposal wholly unsatisfactory but hope
>         that it will at least help advance debate.)
>         The attached is put forward as a starting point, to use
>         intellectual property infringement complaints as one
>         illustrative example of minimum disclosure standards, in a
>         framework that addresses  (1) a service provider process for
>         intake of requests; (2) general templates that requests would
>         have to meet in order to trigger service provider action; and
>         (3) principles governing service provider action in response
>         to a conforming request.
>         We look forward to the discussion of this document among WG
>         members.
>         Graeme Bunton
>         Steve Metalitz
>         *From:*Metalitz, Steven
>         *Sent:* Tuesday, February 03, 2015 3:57 PM
>         *To:* PPSAI (gnso-ppsai-pdp-wg at icann.org
>         <mailto:gnso-ppsai-pdp-wg at icann.org>)
>         *Subject:* Category F -- status report
>         Dear WG colleagues,
>         As you know, several PPSAI Working Group members, including
>         representatives of the IPC and privacy and proxy service
>         providers, have endeavored to develop a collaborative proposal
>         on the minimum standards for disclosure (Category F). The
>         group’s work is not meant to obviate or displace the work of
>         the larger group on this issue – rather, it is meant to
>         constructively contribute to the discussion by producing one
>         proposal on this issue for the larger group’s consideration.
>         This is an update on this sub-group’s progress.
>         But first, a little background: At the face-to-face meeting of
>         the PPSAI Working Group in Los Angeles on October 10, 2014,
>         one important topic was minimum standards for disclosure of
>         contact information of customers of privacy/proxy services who
>         may or may not be using their private domain name
>         registrations to carry out infringing or other abusive
>         activities.
>         Prior to the face-to-face meeting, IPC participants in the
>         Working Group circulated a proposal on this topic.  A
>         responsive redline was circulated to the WG by Volker Greimann.
>         Following extensive discussion of these proposals and of the
>         topic in general at the face-to-face meeting, a sub-group of
>         WG participants have continued this discussion.  The sub-group
>         includes participants from the IPC and privacy/proxy service
>         providers. Meeting by teleconference and working over e-mail,
>         the sub-group has sought to develop a text that could be
>         jointly presented to the PPSAI Working Group as a framework
>         for further discussion on the issue of standards for disclosure.
>         Some progress has been made, and the sub-group is continuing
>         its efforts with the goal of producing a document for
>         presentation to the PPSAI Working Group as soon after the
>         Singapore ICANN meeting as feasible.  If such a document is
>         completed, it is hoped that it would be a constructive
>         contribution to eventual WG approval of a set of
>         recommendations on “Category F” for inclusion in the Draft
>         Report of the WG.
>         Unlike the documents discussed by the full WG last October,
>         the framework under discussion does not purport to establish a
>         single general policy for when disclosure of contact
>         information in cases of alleged abusive activities would be
>         available.  Instead, it seeks to focus more narrowly on
>         intellectual property infringement complaints as one
>         illustrative example of minimum disclosure standards.  The
>         framework would describe (1) a service provider process for
>         intake of requests; (2) general templates that requests would
>         have to meet in order to trigger service provider action; and
>         (3) principles governing service provider action in response
>         to a conforming request.  While considerable progress has been
>         made in the first two areas, a number of critical issues
>         remain to be resolved in the third area, and discussion has
>         not been concluded on any of the areas.
>         The expressed common goal of the discussion group participants
>         is a framework that would give requestors a higher degree of
>         certainty and predictability as to if, when and how they could
>         obtain what level of disclosure; that would preserve for
>         service providers a sufficient degree of flexibility and
>         discretion in acting upon requests for disclosure; and that
>         would include reasonable safeguards and procedures to protect
>         the legitimate interests of customers of accredited
>         proxy/privacy service providers.  Of course, balancing these
>         interests is the difficult task before our working group. As
>         stated, participants in the discussion group hope to be able
>         to make a constructive contribution to the WG’s efforts to do so.
>         Graeme Bunton
>         Steve Metalitz
>     _______________________________________________
>     Gnso-ppsai-pdp-wg mailing list
>     Gnso-ppsai-pdp-wg at icann.org  <mailto:Gnso-ppsai-pdp-wg at icann.org>
>     https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org <mailto:Gnso-ppsai-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> ------------------------------------------------------------------------
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 2015.0.5646 / Virus Database: 4299/9172 - Release Date: 02/24/15
> Internal Virus Database is out of date.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20150307/0d135d41/attachment-0001.html>

More information about the Gnso-ppsai-pdp-wg mailing list