<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<div class="moz-cite-prefix">Hi John,<br>
<br>
this seems to be more of a jurisdictional problem than one of the
privacy service being in place. <br>
</div>
<blockquote
cite="mid:CADW+eusLGzTiF_OUPhT7ZkpGb-S66e4VLOdDPGgHV4hqRf9xxw@mail.gmail.com"
type="cite">
<div dir="ltr"><font color="#073763" face="arial, helvetica,
sans-serif">Being privacy protected, of course, we can’t
immediately tell who is operating the website. Can we get law
enforcement or courts in the registrar’s jurisdiction to do
anything –– e.g., go to the registrar and ask or require them
to reveal the identity of the registrant? No. Try to buy a
drug such as Xanax from this website. This Internet pharmacy
will ship anywhere in the world <u>except</u> to Canada ––
where its registrar and servers are located. To protect its
ability to sell drugs globally, the registrant has sacrificed
sales to a single country, and chosen a registrar and servers
there, to create a safe haven. Consequently, Canadian law
enforcement cannot point to a violation of Canadian law: no
drugs are being shipped into Canada –– just everywhere else
around the world. (Which, we can infer, is why this registrant
removed Canada from their shipping destinations.) And, the
reverse is true –– a court order or law enforcement request
from outside of Canada can simply be ignored by the registrar
and server companies in Canada. Those who have argued that the
best way to deal with p/p use by illegal actors is simply to
get a court order are not accounting for this quite common
scenario.</font></div>
</blockquote>
As you describe it, as no canadian laws are being broken, no action
can be taken. So how is this different from a site not using privacy
services operated openly by a canadian resident? What would it help
you to know who is operating the site if you cannot get to him?<br>
What is the difference if the registrant operated an offline
mail-oder business from Canada instead?<br>
<blockquote
cite="mid:CADW+eusLGzTiF_OUPhT7ZkpGb-S66e4VLOdDPGgHV4hqRf9xxw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default">
<div class="gmail_default"><font color="#073763" face="arial,
helvetica, sans-serif"><br>
</font></div>
<div class="gmail_default"><font color="#073763" face="arial,
helvetica, sans-serif">Being able to hide their identity
in the Whois record is also the perfect set up for another
reason: many registrars have said in the past that they
only way that they can (or perhaps, will) take action on a
domain name is if the Whois record is falsified. But how
would we know? It is privacy protected. That removes the
WDPRS as a mechanism for dealing with abusive behavior. <br>
</font></div>
</div>
</div>
</blockquote>
<font color="#073763"><font face="arial, helvetica, sans-serif">As
registrar, it makes it easier to take action, because incorrect
whois is proven much more easily than illegal action. But in the
end, taking down questionable content using whois complaints is
not what the whois complaint system was designed for. It is a
crutch, in lieu of better tools, but ultimately, it is abuse of
a tool designed for better whois quality. <br>
We have even seen whois complaints being sent against domain
names where the whois is correct. The complainant way be
thinking that if they complain often enough, one complaint may
be failed to be answered and therefore be cause for a takedown.
In te end, all that does is to slow down the process.<br>
</font></font>
<blockquote
cite="mid:CADW+eusLGzTiF_OUPhT7ZkpGb-S66e4VLOdDPGgHV4hqRf9xxw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default">
<div class="gmail_default"><font color="#073763" face="arial,
helvetica, sans-serif"><br>
</font></div>
<div class="gmail_default"><font color="#073763" face="arial,
helvetica, sans-serif">Does this commercial registrant
have a legitimate need for p/p services? I would argue
that that is not the question to be answered.<b> The
question is: Does a consumer, consumer protection firm,
government agency, etc. have the right to know who is
operating this website?</b> I would submit to this group
that it is incumbent upon us to recommend a thoughtful,
balanced policy that prevents this sort of “perfect set
up” for Internet criminals to hide their identity as this
one has. Keep in mind that, as pointed out in the
circulated paper, no such right exists in the offline
world –– rather, consumers have the right to know who they
are dealing with. Ample requirements exist for business
registrations to do business transparently. There should
be no difference in the online world. <br>
</font></div>
</div>
</div>
</blockquote>
<font color="#073763"><font face="arial, helvetica, sans-serif">What
is the benefit of knowing the registrant if what he is doing is
not breaking any laws where he is situated?<br>
<br>
Also, the offline-online comparison is flawed: Offline, the
corresponding rules are made by the governments where the
service is being provided. They are called laws and regulations.
Online, the same applies. governments make the laws for services
operated under their jurisdiction. If I operate a commercial (or
oher) site in Germany, I have to have an Impressum, i.e. a page
stating who I am and how to reach me. If Canada wanted such a
law, they should enact it. If the US wants Canada to enact such
a law, they should engage in diplomacy. In the end, it is not
our role to make public policy better relegated to the state
level.<br>
<br>
</font></font>
<blockquote
cite="mid:CADW+eusLGzTiF_OUPhT7ZkpGb-S66e4VLOdDPGgHV4hqRf9xxw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default">
<div class="gmail_default"><font color="#073763" face="arial,
helvetica, sans-serif">Finally, recall that the
Affirmation of Commitments (AoC) requires "timely,
unrestricted and public access to accurate and complete
WHOIS information." The AoC goes on to state that WHOIS
policy and its implementation needs to meet "the
legitimate needs of law enforcement and promote consumer
trust." I ask the group, is ICANN fulfilling its
commitment, not only to law enforcement but especially to
promote consumer trust, if it allows websites like this to
continue using p/p services?</font></div>
</div>
</div>
</blockquote>
<font color="#073763" face="arial, helvetica, sans-serif">Whois
privacy services provide "accurate and complete WHOIS information"</font>,
therefore I cannot see what you are inferring. Law enforcement of
appropriate jurisdiction can contact the service provider and get
the data, provided there is a legal basis for that. <br>
<br>
Best,<br>
<br>
Volker<br>
<blockquote
cite="mid:CADW+eusLGzTiF_OUPhT7ZkpGb-S66e4VLOdDPGgHV4hqRf9xxw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, May 12, 2014 at 11:40 PM,
Libby Baney <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:libby.baney@fwdstrategies.com"
target="_blank">libby.baney@fwdstrategies.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>All --</div>
<div><br>
</div>
<div>I appreciate the dialogue the group has begun
regarding WHOIS transparency for entities engaged
in commercial activity. With the hope of
encouraging discussion on the merits of the issue,
I am pleased to share the attached white paper: <i><b>Commercial
Use of Domain Names: An Analysis of Multiple
Jurisdictions. </b></i></div>
<div><br>
</div>
<div>As you'll see, the paper addresses the
following question: Should domain name registrants
who sell products or services on their websites
should be able to conceal their identity and
location in the domain name registration? The
paper argues that they should not. Rather, the
authors find that requiring domain name
registrants engaged in commercial activity to
provide transparent WHOIS information falls
squarely in line both with ICANN’s commitment to
Internet users and existing global public policy
to keep businesses honest and consumers safe.
Accordingly, the paper recommends an approach that
balances personal privacy and consumer protection
rights. On the one hand, domain names used for
non-commercial purposes (e.g., personal blogs)
should, the authors believe, be permitted to
utilize privacy or proxy registration. This
reflects a fundamental right to privacy of domain
name registrants not engaged in commerce. However,
the authors do not believe the same right exists
for registrants of websites engaged in commerce –
a conclusion borne out by our research. </div>
<div><br>
</div>
</div>
<div>It goes without saying that this group is divided
on the issue of requiring WHOIS transparency for
sites engaged in commercial activity. As some in the
PPSAI WG have commented, these issues may be
complicated but they nonetheless merit our full
consideration. We hope the attached white paper
stimulates further thinking and group discussion on
the issues. </div>
<div>
<div><br>
</div>
<div>I look forward to continuing the discussion
tomorrow.</div>
<div><br>
</div>
<div>Libby</div>
</div>
</div>
<div>
<div><br>
</div>
-- <br>
<div dir="ltr"><font face="trebuchet ms, sans-serif">Libby
Baney, JD</font>
<div>
<font face="trebuchet ms, sans-serif">President</font></div>
<div><font face="trebuchet ms, sans-serif">FWD
Strategies International</font></div>
<div><font face="trebuchet ms, sans-serif"><a
moz-do-not-send="true"
href="http://www.fwdstrategies.com"
target="_blank">www.fwdstrategies.com</a></font></div>
<div>
<font face="trebuchet ms, sans-serif">P: <a
moz-do-not-send="true" href="tel:202-499-2296"
value="+12024992296" target="_blank">202-499-2296</a></font></div>
<div><br>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a moz-do-not-send="true"
href="mailto:Gnso-ppsai-pdp-wg@icann.org"
target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg"
target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><br>
</blockquote>
</div>
<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gnso-ppsai-pdp-wg mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a></pre>
</blockquote>
<br>
</body>
</html>