<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div style="color:rgb(7,55,99);font-size:13.142857551574707px">Hi all,</div><div style="color:rgb(7,55,99);font-size:13.142857551574707px">
<br></div><div style="color:rgb(7,55,99);font-size:13.142857551574707px">I think that the commercial/non-commercial distinction is a valid policy question for the WG to consider. It seems to me that as part of that deliberation, we shouldn't be taking the question of the "...use of the Registered name.." off the table. To be clear, my point in this email isn't to argue what the answer should be on the question of commercial/non-commercial distinction for privacy/proxy se<span style="background-color:rgb(255,255,255)">r</span>vices. Rather, my point is that I think it's a valid (indeed, central) policy question that is worth deliberation <span style="background-color:rgb(255,255,255)">by this group, and that the question necessarily implicates questions relating to the use of the Registered name</span>. </div>
<div class="im" style="color:rgb(7,55,99);font-family:arial,sans-serif;font-size:13.142857551574707px"><div style="color:rgb(7,55,99);font-family:arial,helvetica,sans-serif"><br></div><div style="color:rgb(7,55,99);font-family:arial,helvetica,sans-serif">
Two points in response, if I may:</div></div><div style="font-family:arial,sans-serif;font-size:13.142857551574707px"><ul><li style="margin-left:15px"><font face="arial, helvetica, sans-serif" color="#000000"><u style="font-family:arial"><b>Registrant status vs use of the Registered name</b></u><font face="arial">. As to the suggestion about looking to whether the registrant is a commercial or non-commercial entity (as opposed to the actual use), allow me to argue why that approach<span style="background-color:rgb(255,255,255)"> may not be </span></font><span style="background-color:rgb(255,255,255)">entirely<font face="arial"> effective, again using the example of rogue Internet pharmacies. The concrete problem we see is that the proverbial "guy operating from his basement" who is not a licensed pharmacy (and not a licensed corporation) and is selling fake drugs on the Internet, sometimes leading to illness or death of the customer (or, for example, to non-treatment, e.g., a patient thinking that he or she is treating their cancer when it it only getting worse because the drugs have no active ingredients). In this case, the registrant is only a private individual, but is engaged in commercial activity. In many jurisdictions this triggers consumer protection or other laws. My point here is not to start the debate in this string as to what sort of privacy/proxy protections should or should not be offered. Rather, my point is to argue that these are appropriate questions for this WG to consider and discuss, and to provide an example of why. </font></span></font></li>
<div class="im"><li style="margin-left:15px"><font color="#000000"><u style="font-family:arial"><b>Content/Non-Content</b></u><font style="font-family:arial,helvetica,sans-serif">. To build on the previous bullet, I understand the point about content/non-content (e.g., the difference between a domain name and content on a server), but I think that whether we all agree with it or not, requirements in the RAA, for example, step firmly into the world of use of a domain name and pointed-to content. Provisions in the 2013 RAA, for example, explicitly reference "...use of a Registered name..." and the provisions of the RAA that pertain to illegal activity (e.g., 3.18 and 1.13) certainly, I think, contemplate the content a Registered name points to as the way that a domain name is being "used." We should look at the ramifications of data privacy </font><span style="background-color:rgb(255,255,255)"><span style="font-family:arial">from every angle. </span><font style="font-family:arial,helvetica,sans-serif"> Again, my primary point here is not to argue that ICANN policies implicating content questions are right or wrong; rather, I want to argue that there is no longer any historical precedent suggesting that discussions of content or domain name usage are not, and never have been, within the ambit of ICANN. </font>Indeed, such policy considerations seem necessary to discuss broader implementation of data privacy, and the responsibilities ICANN entrusts to future accredited privacy and proxy services providers.</span></font></li>
</div></ul></div></div><div class="gmail_extra"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:rgb(7,55,99)">Thanks, </div><br clear="all"><div><div dir="ltr"><font color="#073763" face="arial, helvetica, sans-serif">John Horton<br>
President, LegitScript</font><div> <img src="https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png" width="96" height="21"><br><div><div><p style="margin:0.0px 0.0px 0.0px 0.0px;font:12.0px Helvetica">
<br></p><p style="margin:0px;font-style:normal;font-variant:normal;font-size:12px;line-height:normal;font-family:Helvetica"><b><font color="#444444">Follow</font><font color="#0b5394"> </font><font color="#000000">Legit</font><font color="#0b5394">Script</font></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="font-weight:normal" target="_blank"><font color="#cc0000">LinkedIn</font></a> | <a href="https://www.facebook.com/LegitScript" style="font-weight:normal" target="_blank"><font color="#6aa84f">Facebook</font></a> | <a href="https://twitter.com/legitscript" style="font-weight:normal" target="_blank"><font color="#674ea7">Twitter</font></a> | <a href="https://www.youtube.com/user/LegitScript" style="font-weight:normal" target="_blank"><font color="#bf9000">YouTube</font></a> | <font color="#ff9900"><u><a href="http://blog.legitscript.com" target="_blank">Blog</a></u></font> |<font color="#ff9900"> <font style="font-weight:normal"><a href="https://plus.google.com/112436813474708014933/posts" target="_blank">Google+</a></font></font></p>
</div></div></div></div></div>
<br><br><div class="gmail_quote">On Tue, Jan 14, 2014 at 9:56 AM, Stephanie Perrin <span dir="ltr"><<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Totally agree. This is something we have discussed in the EWG somewhat extensively. The internet equivalent of having a garage sale, or letting someone place a commercial sign in your front field or on the side of building, does not turn that registrant into a commercial entity, regardless of how the tax authorities view the matter of the monetary exchange. ICANN has no business going there, nor demanding that registrars try to sort through these inherently inter-jurisdictional nuances.<br>
I totally agree on the more fundamental principle of examining content too.<br>
<span class="HOEnZb"><font color="#888888">Stephanie Perrin<br>
</font></span><div class="HOEnZb"><div class="h5">On 2014-01-14, at 12:33 PM, Tim Ruiz wrote:<br>
<br>
> That's exactly why we shouldn't go there. It is a rabbit hole leading to some crazy, unending debate about use, IMHO. If some due process is undertaken (outside of ICANN) and an appropriate notice/order is given to the p/p provider, they should take whatever course of action they are directed or ordered to take. We don't have to debate what is legal or isn't that is not our task, again IMHO.<br>
><br>
> Tim<br>
><br>
><br>
>> On Jan 14, 2014, at 12:00 PM, "Don Blumenthal" <<a href="mailto:dblumenthal@pir.org">dblumenthal@pir.org</a>> wrote:<br>
>><br>
>> True. However, what if the use is legal but the website content creates<br>
>> questions about the domain¹s commercial/non-commercial designation if the<br>
>> WG recommends differentiation? To steal Gema¹s example in her first<br>
>> message:<br>
>><br>
>> But, what is the difference between them? A hobbyist¹s backyard habitat<br>
>> website and another hobbyist¹s backyard habitat website that has, or later<br>
>> adds, an Amazon affiliate link to defray costs?<br>
>><br>
>> Don<br>
>><br>
>><br>
>><br>
>>> On 1/14/14, 10:11 AM, "Tim Ruiz" <<a href="mailto:tim@godaddy.com">tim@godaddy.com</a>> wrote:<br>
>>><br>
>>> That is an issue with use/content, which is not within ICANN's mission,<br>
>>> as far as I read their mission. How an accredited p/p service responds<br>
>>> when properly notified of illegal content (following due process), should<br>
>>> be the same as what is required of an accredited registrar.<br>
>>> ________________________________________<br>
>>> From: <a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a><br>
>>> <<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a>> on behalf of Campillos Gonzalez,<br>
>>> Gema Maria <<a href="mailto:GCAMPILLOS@minetur.es">GCAMPILLOS@minetur.es</a>><br>
>>> Sent: Tuesday, January 14, 2014 10:01 AM<br>
>>> To: Luc SEUFER<br>
>>> Cc: <a href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a><br>
>>> Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection<br>
>>> ServiceAccreditation Issues Working Group<br>
>>><br>
>>> Thank you for the reminder, Luc. I give another real-world and trickier<br>
>>> instance using the word "registrant".<br>
>>><br>
>>> Has the registrant a commercial purpose when he runs a forum-like website<br>
>>> on which he also offers access to copyrighted works free of charge? In<br>
>>> this case, the registrant leads this activity for the sake of it and<br>
>>> doesn't get any profits at all from it. But, he is causing great damage<br>
>>> to right holders.<br>
>>><br>
>>> I join the conference now.<br>
>>><br>
>>> Regards,<br>
>>><br>
>>> Gema<br>
>>><br>
>>> -----Mensaje original-----<br>
>>> De: Luc SEUFER [mailto:<a href="mailto:lseufer@dclgroup.eu">lseufer@dclgroup.eu</a>]<br>
>>> Enviado el: martes, 14 de enero de 2014 15:33<br>
>>> Para: Campillos Gonzalez, Gema Maria<br>
>>> CC: Jim Bikoff; <a href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a><br>
>>> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection<br>
>>> ServiceAccreditation Issues Working Group<br>
>>><br>
>>> Hello Gema,<br>
>>><br>
>>> Just a kind reminder that ICANN is only dealing with domain names, not<br>
>>> websites. Thus, in my opinion, the distinction should be made on the<br>
>>> registrant type alone.<br>
>>> Hosting services are regulated by ad'hoc laws and those services are<br>
>>> outside of ICANN's scope.<br>
>>><br>
>>> As you know, to serve the EU an online merchant has to abide by Directive<br>
>>> 2000/31 (its national transpositions to be more precise) and must publish<br>
>>> their details on their website. Should they fail to do so, the hosting<br>
>>> provider should be the party that LEA should contact, not the registrar.<br>
>>><br>
>>> Luc<br>
>>><br>
>>><br>
>>><br>
>>> On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria<br>
>>> <<a href="mailto:GCAMPILLOS@minetur.es">GCAMPILLOS@minetur.es</a><mailto:<a href="mailto:GCAMPILLOS@minetur.es">GCAMPILLOS@minetur.es</a>>> wrote:<br>
>>><br>
>>> Dear all,<br>
>>><br>
>>> I agree with commentators that this categorization is clearer than the<br>
>>> previous one.<br>
>>><br>
>>> Although I am aware of your reluctance to introduce variations to the<br>
>>> Charter questions passed by the GNSO Council on 31st October, a doubt has<br>
>>> come up to my mind. Some of the questions rest on the difference between<br>
>>> commercial and non-commercial activities (4, 5 and 6 in the first group<br>
>>> and 4 in the last one). But, what is the difference between them? A<br>
>>> copyright infringing website where video streaming or downloads are free<br>
>>> of charge but which is supported by advertisements or SMS premium<br>
>>> services is a commercial or a non-commercial activity?<br>
>>><br>
>>> Thank you,<br>
>>><br>
>>> Gema<br>
>>><br>
>>> De:<br>
>>> <a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a><mailto:<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann">gnso-ppsai-pdp-wg-bounces@icann</a><br>
>>> .org> [mailto:<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a>] En nombre de Jim<br>
>>> Bikoff Enviado el: lunes, 13 de enero de 2014 23:05<br>
>>> Para: <a href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a><mailto:<a href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a>><br>
>>> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service<br>
>>> Accreditation Issues Working Group<br>
>>><br>
>>> Dear All,<br>
>>><br>
>>> Although the question groupings are still being completed, it may be<br>
>>> helpful to our audience if we grouped the questions in the letters in<br>
>>> some logical, categorical manner, even if that grouping is but a draft.<br>
>>><br>
>>> To address the substantive content of the questions, it seems that the<br>
>>> ultimate issue is set forth in the first question: "What, if any, are the<br>
>>> types of Standard Services Practices that should be adopted and published<br>
>>> by ICANN-accredited privacy/proxy service providers?" The questions<br>
>>> following it address that main issue. Most of the issues and questions<br>
>>> could be subsumed under the following general categories:<br>
>>><br>
>>> * MAINTENANCE of privacy/proxy services; * CONTACT point provided by<br>
>>> each privacy/proxy service; * RELAY of complaints to the privacy/proxy<br>
>>> customer; and * REVEAL of privacy/proxy customers' identities.<br>
>>> If we followed this categorization, the issues and questions would be<br>
>>> grouped as follows:<br>
>>><br>
>>> MAIN ISSUES<br>
>>><br>
>>><br>
>>> 1. What, if any, are the types of Standard Service Practices that<br>
>>> should be adopted and published by ICANN-accredited privacy/proxy service<br>
>>> providers?<br>
>>><br>
>>> 2. Should ICANN distinguish between privacy and proxy services for<br>
>>> the purpose of the accreditation process?<br>
>>><br>
>>> 3. What are the contractual obligations, if any, that, if<br>
>>> unfulfilled, would justify termination of customer access by<br>
>>> ICANN-accredited privacy/proxy service providers? Should there be any<br>
>>> forms of non-compliance that would trigger cancellation or suspension of<br>
>>> registrations? If so, which?<br>
>>><br>
>>> 4. What are the effects of the privacy and proxy service<br>
>>> specification contained in the 2013 RAA? Have these new requirements<br>
>>> improved WHOIS quality, registrant contactability, and service usability?<br>
>>><br>
>>> 5. What should be the contractual obligations of ICANN accredited<br>
>>> registrars with regard to accredited privacy/proxy service providers?<br>
>>> Should registrars be permitted to knowingly accept registrations where<br>
>>> the registrant is using unaccredited service providers that are bound to<br>
>>> the same standards as accredited service providers?<br>
>>><br>
>>><br>
>>> MAINTENANCE<br>
>>><br>
>>><br>
>>> 1. Should ICANN-accredited privacy/proxy service providers be<br>
>>> required to label WHOIS entries to clearly show when a registration is<br>
>>> made through a privacy/proxy service?<br>
>>><br>
>>> 2. Should ICANN-accredited privacy/proxy service providers be<br>
>>> required to conduct periodic checks to ensure accuracy of customer<br>
>>> contact information; and if so, how?<br>
>>><br>
>>> 3. What rights and responsibilities should customers of<br>
>>> privacy/proxy services have? What obligations should ICANN-accredited<br>
>>> privacy/proxy service providers have in managing these rights and<br>
>>> responsibilities? Clarify how transfers, renewals, and PEDNR policies<br>
>>> should apply.<br>
>>><br>
>>> 4. Should ICANN-accredited privacy/proxy service providers<br>
>>> distinguish between domain names registered or used for commercial with<br>
>>> those registered or used for personal purposes? Specifically, is the use<br>
>>> of privacy/proxy services appropriate when a domain name is registered or<br>
>>> used for commercial purposes?<br>
>>><br>
>>> 5. Should there be a difference in the data fields to be displayed<br>
>>> if the domain name is registered or used for a commercial purpose or by a<br>
>>> commercial entity instead of a natural person?<br>
>>><br>
>>> 6. Should the use of privacy/proxy services be restricted only to<br>
>>> registrants who are private individuals using the domain name for<br>
>>> non-commercial purposes?<br>
>>><br>
>>><br>
>>> CONTACT<br>
>>><br>
>>><br>
>>> 1. What measures should be taken to ensure contactability and<br>
>>> responsiveness of the providers?<br>
>>><br>
>>> 2. Should ICANN-accredited privacy/proxy service providers be<br>
>>> required to maintain dedicated points of contact for reporting abuse? If<br>
>>> so, should the terms be consistent with the requirements applicable to<br>
>>> registrars under Section 3.18 of the RAA?<br>
>>><br>
>>> 3. Should full WHOIS contact details for ICANN-accredited<br>
>>> privacy/proxy service providers be required?<br>
>>><br>
>>> 4. What forms of malicious conduct, if any, should be covered by a<br>
>>> designated published point of contact at an ICANN-accredited<br>
>>> privacy/proxy service provider?<br>
>>><br>
>>><br>
>>> RELAY<br>
>>><br>
>>> 1. What, if any, baseline minimum standardized relay processes<br>
>>> should be adopted by ICANN-accredited privacy/proxy service providers?<br>
>>><br>
>>> 2. Should ICANN-accredited privacy/proxy service providers be<br>
>>> required to forward to the customer all allegations of illegal activities<br>
>>> they receive relating to specific domain names of the customer?<br>
>>><br>
>>><br>
>>> REVEAL<br>
>>><br>
>>><br>
>>> 1. What, if any, baseline minimum standardized reveal processes<br>
>>> should be adopted by ICANN-accredited privacy/proxy service providers?<br>
>>><br>
>>> 2. Should ICANN-accredited privacy/proxy service providers be<br>
>>> required to reveal customer identities for the specific purpose of<br>
>>> ensuring timely service of cease and desist letters?<br>
>>><br>
>>> 3. What forms of alleged malicious conduct, if any, and what<br>
>>> evidentiary standard would be sufficient to trigger such disclosure? What<br>
>>> specific violations, if any, would be sufficient to trigger such<br>
>>> disclosure?<br>
>>><br>
>>> 4. What safeguards, if any, should be put in place to ensure<br>
>>> adequate protections for privacy and freedom of expression? Should these<br>
>>> standards vary depending on whether the website is being used for<br>
>>> commercial or non-commercial purposes? What safeguards or remedies should<br>
>>> be available in cases where publication is found to have been unwarranted?<br>
>>><br>
>>> 5. What circumstances, if any, would warrant access to registrant<br>
>>> data by law enforcement agencies?<br>
>>><br>
>>> 6. What clear, workable, enforceable and standardized processes<br>
>>> should be adopted by ICANN-accredited privacy/proxy services in order to<br>
>>> regulate such access (if such access is warranted)?<br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> Please let me know if this categorization is helpful.<br>
>>><br>
>>> Jim<br>
>>><br>
>>> James L. Bikoff<br>
>>> Silverberg, Goldman & Bikoff, LLP<br>
>>> 1101 30th Street, NW<br>
>>> Suite 120<br>
>>> Washington, DC 20007<br>
>>> Tel: 202-944-3303<br>
>>> Fax: 202-944-3306<br>
>>> <a href="mailto:jbikoff@sgbdc.com">jbikoff@sgbdc.com</a><mailto:<a href="mailto:jbikoff@sgbdc.com">jbikoff@sgbdc.com</a>><br>
>>><br>
>>><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Gnso-ppsai-pdp-wg mailing list<br>
>>> <a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><mailto:<a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a>><br>
>>> <a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
>>><br>
>>><br>
>>> ________________________________<br>
>>><br>
>>> --------------------------------------------------------<br>
>>><br>
>>> This e-mail and any attached files are confidential and intended solely<br>
>>> for the use of the individual or entity to whom they are addressed. If<br>
>>> you have received this e-mail by mistake, please notify the sender<br>
>>> immediately and delete it from your system. You must not copy the message<br>
>>> or disclose its contents to anyone.<br>
>>><br>
>>> Think of the environment: don't print this e-mail unless you really need<br>
>>> to.<br>
>>><br>
>>> --------------------------------------------------------<br>
>>> _______________________________________________<br>
>>> Gnso-ppsai-pdp-wg mailing list<br>
>>> <a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
>>> <a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
>>> _______________________________________________<br>
>>> Gnso-ppsai-pdp-wg mailing list<br>
>>> <a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
>>> <a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
>><br>
> _______________________________________________<br>
> Gnso-ppsai-pdp-wg mailing list<br>
> <a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
> <a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
<br>
_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
</div></div></blockquote></div><br></div></div>