[Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns

Mary Wong mary.wong at icann.org
Sat Mar 7 19:03:14 UTC 2015

Hello everyone,

Staff had actually tried to update the draft disclosure text following the
Tuesday WG call and the subsequent on-list discussions. I attach the draft
revised text to this email, noting that the WG chairs have not yet had a
chance to review it. Hopefully it captures the gist of the current
discussions and can serve as a further basis for email deliberations as well
as the next call.

In relation to Kathy¹s follow up on the DMCA, we note that in addition to
the non-codified industry practice that Kathy mentions there have been
several court cases in the United States where judges have touched on the
scope and necessary details that a requestor must include in a take-down
request. As none of these details and practices are expressly codified in
the statute but rather have evolved through usage and experience, perhaps
the WG could consider what the appropriate level of detail the final policy
text should contain, and what might be included either as implementation
guidelines to be incorporated into the Initial and Final Reports.

Thanks and cheers

Mary Wong
Senior Policy Director
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4892
Email: mary.wong at icann.org

From:  Kathy Kleiman <kathy at kathykleiman.com>
Date:  Saturday, March 7, 2015 at 09:59
To:  "Williams, Todd" <Todd.Williams at turner.com>, Phil Corwin
<psc at vlaw-dc.com>, Carlton Samuels <carlton.samuels at gmail.com>
Cc:  PPSAI <gnso-ppsai-pdp-wg at icann.org>
Subject:  Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards -
some comments and concerns

> Hi Todd and Val,
> Tx you for the discussion! I appreciate it and am glad to know to know there
> are ways to address some of the concerns with clarifying language. Val, thanks
> in particular for your guidance on wording. All, I will sit down tomorrow,
> "track changes" and pen in hand, and edit a version that hopefully clarifies
> communications and defaults per our joint understanding!
> Re: Supoenas, the story seems to be a bit more complicated. I've done some
> outreach this week to attorneys who spend a lot of time with copyright
> identity disclosure supoenas. What they say is that, yes, courts in the US
> rapidly issue a "reveal" subpoena, but that is only the beginning of the
> story.  The Provider who receives the subpoena notifies its Customer. The
> Providers provide time - generally 30 days or more -- for the the Customer to
> respond. The Customers can then file on their own behalf in court - a request
> to quash -- and/or the Provider can file in court to.
> The following quote comes from Mitch Stoltz, Attorney with the Electronic
> Frontier Foundation, and he summarizes his thoughts on the "state of play" of
> copyright and similar subpoenas:
> ==>There is an emerging consensus among courts around the U.S. that merely
> accusing one who speaks anonymously on the Internet of some violation of law
> (be it trademark, libel, or another law) doesn¹t strip the speaker of their
> right to speak anonymously. The right of free expression requires a balancing
> of interests by an impartial judge before anonymity can be stripped away.
> Because Internet sites, and their domain names, are the preeminent medium of
> free expression in the 21st century, the ability to register and maintain a
> domain name anonymously is an essential part of freedom of expression that
> must be protected through a similar balancing of interests and a fair, neutral
> decisionmaking process. An accusation that is legally deficient, vague,
> pretextual, or harassing should not result in the identification of an
> anonymous domain registrant, even if the registrant does not respond.
> Best,
> Kathy
> :
>> Let me add my thanks Kathy for circulating your thoughts, which I thought
>> stimulated a good discussion on Tuesday.  As I mentioned on that call, I
>> think most if not all of what you¹ve outlined goes to basic drafting
>> revisions/clarifications, rather than to substantive disagreements.  So with
>> the goal of moving the process forward in anticipation of next Tuesday¹s
>> call, perhaps we as a WG can go through some of your substantive comments (I
>> don¹t have an issue with your general comments) point-by-point.  I¹ll start:
>> ·        Misrepresentations.  Both FN1 and the Annex address possible methods
>> of resolving Provider claims of false statements/misrepresentations.
>> Certainly we as a WG should discuss the various options in the Annex further.
>> But that discussion would presumably relate to the method, not to the actual
>> sanctions.  I¹m not sure that it¹s within our ambit as a WG (or ICANN¹s?) to
>> proscribe what the sanctions would be.
>> ·        ³Higher bar.²  In terms of the ³much higher bar² ­ what would you
>> propose?  You mentioned using the DMCA § 512(h) as a go-by, but I think
>> that¹s actually a lower standard, not a higher one.  Not to get too into the
>> weeds of the DMCA (which we¹re only really referencing here as a go-by), but
>> my basic understanding is that § 512(h)(4) says that as long as the notice,
>> subpoena, and declaration are in proper form, the clerk ³shall expeditiously
>> issue² the subpoena, and that § 512(h)(5) says that the provider must then
>> ³expeditiously disclose² the information required by the subpoena.  So the
>> whole process is automatic: there¹s no discretion or substantive review by
>> either the clerk or by the provider.  Conversely, the process outlined in
>> III(B) of the proposal that we¹re considering gives the P/P Provider
>> discretion to either: 1) disclose; 2) refuse to disclose (and provide it¹s
>> reasons why); or 3) ask for more time.
>> ·        Default.  As I mentioned on the call, I don¹t read III(B) as
>> requiring disclosure in cases of default.  Rather, if there is a default
>> (³after the time for Customer¹s response has passed²), the P/P Provider can
>> either: 1) disclose; 2) refuse to disclose (and provide it¹s reasons why); or
>> 3) ask for more time.  If the Provider chooses Option (2) and the Requestor
>> doesn¹t like the reasons the Provider gives as to why, the Requestor can then
>> request reconsideration under III(F).  And if the Provider still refuses, the
>> matter can go to the ICANN-approved dispute resolution process referenced in
>> FN4.  But nowhere does Section III contemplate automatic disclosure after
>> default.  I think that¹s relatively clear from the way that Section III is
>> drafted and structured, but if you want to propose clarifying language to
>> make that point more clear, please do.
>> ·        Third-party independent review.  Section III(F) and FN4 already
>> contemplate this.  So I don¹t think the question on the table is whether the
>> proposal should allow for this (it does), but under what circumstances.  As
>> Michele noted on the call on Tuesday, requiring third-party independent
>> review too often, or otherwise making the process too convoluted, isn¹t going
>> to help, because P/P Providers (who, as Michele noted, typically don¹t charge
>> very much for the service) are just going to draft their Terms of Service to
>> say ³if we get a complaint about X then we¹re going to terminate the service²
>> rather than going through the independent review.  In light of that, I think
>> the proposal strikes the right balance on the third-party independent review
>> (basically, it¹s available, but only for the tough cases in which the
>> Provider has twice refused to disclose).  But if you think there is a way to
>> adjust that balance, while still accounting for Michele¹s cost concern, let
>> us know.
>> ·        Privacy of communication b/w Providers and Customers.  As I
>> mentioned on the call, I don¹t read III(E) as requiring Providers to pass on
>> communications from Customers to Requestors verbatim; it just says that the
>> Requestor must be informed of the reasons for the objection by the Customer.
>> But if you want to add a clause to III(E) to make that more clear, that¹s
>> fine.  Would this tweak do it: ³If refusal to disclose is based on objection
>> to disclosure by the Customer, Provider must inform Requestor of the reasons
>> for objection, though Provider need not do so by relaying Customer¹s
>> objection verbatim.²?
>> Looking forward to the call on Tuesday.  Thanks.
>> Todd.
>> From: gnso-ppsai-pdp-wg-bounces at icann.org
>> <mailto:gnso-ppsai-pdp-wg-bounces at icann.org>
>> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Phil Corwin
>> Sent: Tuesday, March 03, 2015 9:53 AM
>> To: Carlton Samuels; Kathy Kleiman
>> Cc: PPSAI
>> Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards -
>> some comments and concerns
>> Good observations, Kathy. Worthy of discussion.
>> Philip S. Corwin, Founding Principal
>> Virtualaw LLC
>> 1155 F Street, NW
>> Suite 1050
>> Washington, DC 20004
>> 202-559-8597/Direct
>> 202-559-8750/Fax
>> 202-255-6172/cell
>> Twitter: @VlawDC
>> "Luck is the residue of design" -- Branch Rickey
>> From: gnso-ppsai-pdp-wg-bounces at icann.org
>> <mailto:gnso-ppsai-pdp-wg-bounces at icann.org>
>> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of Carlton Samuels
>> Sent: Tuesday, March 03, 2015 9:35 AM
>> To: Kathy Kleiman
>> Cc: PPSAI
>> Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards -
>> some comments and concerns
>> Thanks for the heavy lifting here Kathy.  I belatedly read the document and I
>> can tell you now your arguments are compelling.
>> -Carlton
>> ==============================
>> Carlton A Samuels
>> Mobile: 876-818-1799
>> Strategy, Planning, Governance, Assessment & Turnaround
>> =============================
>> On Mon, Mar 2, 2015 at 5:59 PM, Kathy Kleiman <kathy at kathykleiman.com> wrote:
>> Hi All,
>> First, thank you, Steve, Graeme and All. I know a lot of people have spent a
>> lot of time in the IP and Registrar Communities working on this draft. Tx you
>> ­ and appreciate your invitation to comments and concerns!
>> I have reviewed the Draft carefully and have some initial comments to share.
>> Although I spoke with people in the WG while preparing them, these comments
>> are my own.(If there is problem with the formatting below, please let me
>> know.)
>> 1.       General Comments
>> a.       `Let¹s make the wording more neutral. Let¹s add ³alleged² or
>> ³claimed² in all references of infringement (e.g., trademarks, copyrights of
>> domain names/websites. Another good term would be ³claimed infringement² --
>> which is the one used in similar sections of the Digital Millennium Copyright
>> Act to the sections we are working on here.
>> 2.       More substantive comments
>> a.       Are we missing levels of protections for the Customer/Registrant?
>> In the Digital Millennium Copyright Act (DMCA), there were two levels of
>> protections for the ³users.²
>>                                                                i.     The
>> first was sanctions for misrepresentation. Basically, any company which
>> knowingly materially misrepresents that material or activity is infringing is
>> liable for damages, including costs and attorney fees caused from injury
>> resulting from the misrepresentation. Don¹t we need similar sanctions here?
>>                                                              ii.     A much
>> higher bar for revealing the identity of the alleged infringer. The DMCA
>> allows rapid takedown based on statements very similar to the one we
>> proposing, but Reveal is a whole different story.  The standard is much
>> higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a
>> subpoena to reveal data:
>> a.       [Section 512] ³(h) SUBPOENA TO IDENTIFY INFRINGER-
>> `(1) REQUEST- A copyright owner or a person authorized to act on the owner's
>> behalf may request the clerk of any United States district court to issue a
>> subpoena to a service provider for identification of an alleged infringer in
>> accordance with this subsectionŠ
>> Shouldn¹t we have a higher standard too?  It seems important to balance the
>> rights of both sides, including whether the Allegation of Illegality
>> sufficiently outweighs the Privacy Interests and Rights of the Battered
>> Women¹s Shelter, Online Magazine or Bloggers posting unpopular views of
>> corruption. 
>>                                                          iii.      A deep
>> concern about default. As I read the rules, if you don¹t respond, you lose
>> and your data is revealed.  But this is a problem because we can think of
>> many reasons why Customers/Registrants would not respond. For example:
>> a.       Request came at the beginning of August,
>> b.      Request disappeared into spam;
>> c.       Registrant/Customer is unable to respond (perhaps language
>> barriers); and/or
>> d.      Registrant/Customer is scared to respond.
>> 2.      I would submit that in something as important as revealing identity
>> and physical locations, there should be no automatic default. It is
>> completely possible that a) the allegations are incorrect on their face (no
>> jurisdictional overlap, for example), or b) that there are clear defenses on
>> ³its face,² e.g., on the website.
>> Thus, an anti-bullying group may post the copyrighted logo of a gang engaging
>> in bullying (or worse) in a local school or neighborhood; is so, the gang¹s
>> allegation of copyright infringement could be clearly weighed against the
>> ³safe neighborhoods for all² activity taking place on the website.
>> Similarly, an online publication in Europe may have every right to use the
>> logo and trademark of a large multinational it is criticizing, or the image
>> of Mohammed, without having its identity and address revealed without due
>> process. 
>> Ditto for a battered women¹s shelter posting a copyright logo, motto or
>> design and urging women to watch for it and those bearing it.
>> Due process is not automatic default, but a full and fair review of the
>> website and other reachable information, even if the Customer/Registrant is
>> unable to respond for herself or himself.
>> 3.       Option: we might consider Third Party or Independent Review. This is
>> something that Steve and Graeme¹s draft have already suggested for rejections
>> of IP Owner Requests. It could serve Customers too by creating a review of
>> default situations ­ or perhaps an independent forum for Service Providers
>> who choose to outsource this difficult evaluation.
>>                                                            iv.     Privacy of
>> communication between Customers and their Providers . The rules of Section
>> III(A) seem to bar private communication with your Provider. Everything a
>> Customer/Registrant might write to their Provider must be passed on verbatim
>> (if I read this correctly).  But that¹s a problem for those with English as a
>> second language (or third) or those without lawyers, and those simply trying
>> to explain in clear and informal language to explain this situation. 0What
>> will happen, I am concerned, is that whatever informal response a Customer
>> provides to its Provider will operate (unintended) as an Admission Against
>> Interest or an unintended Waiver.
>> Further, the Customer/Registrant might inadvertently reveal a bit about their
>> identity or even location ­ trying to explain their position clearly to the
>> Provider ­ and this should not be passed on to the Requester automatically
>> either.  I am not sure of th answer here as IP Owners should know something
>> about the response, but not necessarily the full communication of the
>> Customer (e.g., he is stalking me).
>> Thanks for reading!
>> Best,
>> Kathy 
>> On 3/2/2015 9:54 AM, Metalitz, Steven wrote:
>>> PPSAI WG members,
>>> Attached please find an updated version of the document Graeme and I
>>> circulated prior to last week¹s meeting.  This updated version includes
>>> three or four wording tweaks, intended to reflect the discussion on last
>>> week¹s call.  Looking forward to further discussion on tomorrow¹s call.
>>> Steve Metalitz 
>>> From: <Metalitz>, Steven <met at msk.com>
>>> Date: Monday, February 23, 2015 at 11:57
>>> To: "'PPSAI (gnso-ppsai-pdp-wg at icann.org)'" <gnso-ppsai-pdp-wg at icann.org>
>>> Subject: Re: [Gnso-ppsai-pdp-wg] Category F -- updated status report and
>>> text for discussion
>>>> PPSAI WG members,
>>>> This follows up on our note of Feb. 3 providing a status report on subgroup
>>>> discussions among some IP interests and p/p service providers regarding p/p
>>>> disclosure standards.  To reiterate, the group¹s work is not meant to
>>>> obviate or displace the work of the larger PPSAI WG on this issue ­ rather,
>>>> it is meant to constructively contribute to the discussion by producing one
>>>> proposal on this issue for the larger group¹s consideration.
>>>> In light of further consideration and of the need to move forward the WG
>>>> discussion on Category F, we present the attached document that we hope
>>>> will help provide a framework for discussion of the disclosure issue in the
>>>> WG.  We emphasize that this is not a proposal from IPC, the Registrar
>>>> Stakeholder Group, or any subset of either, and that we fully anticipate
>>>> the text to be modified and improved through further discussion at the WG
>>>> level. (We also acknowledge that the WG may find the proposal wholly
>>>> unsatisfactory but hope that it will at least help advance debate.)
>>>> The attached is put forward as a starting point, to use intellectual
>>>> property infringement complaints as one illustrative example of minimum
>>>> disclosure standards, in a framework that addresses  (1) a service provider
>>>> process for intake of requests; (2) general templates that requests would
>>>> have to meet in order to trigger service provider action; and (3)
>>>> principles governing service provider action in response to a conforming
>>>> request.  
>>>> We look forward to the discussion of this document among WG members.
>>>> Graeme Bunton
>>>> Steve Metalitz
>>>> From: Metalitz, Steven
>>>> Sent: Tuesday, February 03, 2015 3:57 PM
>>>> To: PPSAI (gnso-ppsai-pdp-wg at icann.org)
>>>> Subject: Category F -- status report
>>>> Dear WG colleagues,
>>>> As you know, several PPSAI Working Group members, including representatives
>>>> of the IPC and privacy and proxy service providers, have endeavored to
>>>> develop a collaborative proposal on the minimum standards for disclosure
>>>> (Category F). The group¹s work is not meant to obviate or displace the work
>>>> of the larger group on this issue ­ rather, it is meant to constructively
>>>> contribute to the discussion by producing one proposal on this issue for
>>>> the larger group¹s consideration. This is an update on this sub-group¹s
>>>> progress.
>>>> But first, a little background: At the face-to-face meeting of the PPSAI
>>>> Working Group in Los Angeles on October 10, 2014, one important topic was
>>>> minimum standards for disclosure of contact information of customers of
>>>> privacy/proxy services who may or may not be using their private domain
>>>> name registrations to carry out infringing or other abusive activities.
>>>> Prior to the face-to-face meeting, IPC participants in the Working Group
>>>> circulated a proposal on this topic.  A responsive redline was circulated
>>>> to the WG by Volker Greimann.
>>>> Following extensive discussion of these proposals and of the topic in
>>>> general at the face-to-face meeting, a sub-group of WG participants have
>>>> continued this discussion.  The sub-group includes participants from the
>>>> IPC and privacy/proxy service providers. Meeting by teleconference and
>>>> working over e-mail, the sub-group has sought to develop a text that could
>>>> be jointly presented to the PPSAI Working Group as a framework for further
>>>> discussion on the issue of standards for disclosure.
>>>> Some progress has been made, and the sub-group is continuing its efforts
>>>> with the goal of producing a document for presentation to the PPSAI Working
>>>> Group as soon after the Singapore ICANN meeting as feasible.  If such a
>>>> document is completed, it is hoped that it would be a constructive
>>>> contribution to eventual WG approval of a set of recommendations on
>>>> ³Category F² for inclusion in the Draft Report of the WG.
>>>> Unlike the documents discussed by the full WG last October, the framework
>>>> under discussion does not purport to establish a single general policy for
>>>> when disclosure of contact information in cases of alleged abusive
>>>> activities would be available.  Instead, it seeks to focus more narrowly on
>>>> intellectual property infringement complaints as one illustrative example
>>>> of minimum disclosure standards.  The framework would describe (1) a
>>>> service provider process for intake of requests; (2) general templates that
>>>> requests would have to meet in order to trigger service provider action;
>>>> and (3) principles governing service provider action in response to a
>>>> conforming request.  While considerable progress has been made in the first
>>>> two areas, a number of critical issues remain to be resolved in the third
>>>> area, and discussion has not been concluded on any of the areas.
>>>> The expressed common goal of the discussion group participants is a
>>>> framework that would give requestors a higher degree of certainty and
>>>> predictability as to if, when and how they could obtain what level of
>>>> disclosure; that would preserve for service providers a sufficient degree
>>>> of flexibility and discretion in acting upon requests for disclosure; and
>>>> that would include reasonable safeguards and procedures to protect the
>>>> legitimate interests of customers of accredited proxy/privacy service
>>>> providers.  Of course, balancing these interests is the difficult task
>>>> before our working group. As stated, participants in the discussion group
>>>> hope to be able to make a constructive contribution to the WG¹s efforts to
>>>> do so. 
>>>> Graeme Bunton
>>>> Steve Metalitz
>>> _______________________________________________
>>> Gnso-ppsai-pdp-wg mailing list
>>> Gnso-ppsai-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>> _______________________________________________
>> Gnso-ppsai-pdp-wg mailing list
>> Gnso-ppsai-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>> No virus found in this message.
>> Checked by AVG - www.avg.com <http://www.avg.com>
>> Version: 2015.0.5646 / Virus Database: 4299/9172 - Release Date: 02/24/15
>> Internal Virus Database is out of date.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20150307/189c4c4a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Draft Disclosure text v3 - 5 Mar 2015.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 155574 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20150307/189c4c4a/DraftDisclosuretextv3-5Mar2015-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5044 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20150307/189c4c4a/smime-0001.p7s>

More information about the Gnso-ppsai-pdp-wg mailing list