[gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal to Shift URS review to Phase II)
Corwin, Philip
pcorwin at verisign.com
Fri Apr 27 12:37:02 UTC 2018
Jeff:
Several members of this WG have suggested that the impact of GDPR upon DRP
administration is a significant factor to consider in regard to possible
deferral of URS policy decisions to Phase II of our work. Are they crying
wolf?
The draft letter presumes nothing other than that decisions are being made
in the next few weeks by ICANN, and by individual registrars and registries,
that will impact access to WHOIS data by various parties. The fact that
something is addressed in ICANN's Cookbook will not be determinative of what
actually occurs on or after May 25th.
You may or may not be correct that registrars will continue making
registrant data available to UDRP providers. That of course has no bearing
on URS, where registries are the operative party. In any case, it is not in
this WG's remit to start making inquiries to SGs regarding general GDPR
matters, and the purpose of the letter is to upstream some information to
Council, and through it to ICANN management and DPAs, on this important
subject. I am puzzled that your first communication expressed concern that
we would spend unnecessary time on this subject, yet this new email suggests
that we start engaging in dialogue with registrars (and, by analogy,
registries regarding URS), which could in fact create a significant
diversion from our primary work. The draft letter, by contrast, seeks to
convey information to parties directly involved in considering GDPR
compliance to assure that continued access to registrant data by DRP
administrators does not fall through the cracks.
Kathy and I would be interested in learning whether other members of this WG
share your concerns, as well as any comments on the substance of the letter.
Philip
Philip
Philip S. Corwin
Policy Counsel
VeriSign, Inc.
12061 Bluemont Way
Reston, VA 20190
703-948-4648/Direct
571-342-7489/Cell
"Luck is the residue of design" -- Branch Rickey
-----Original Message-----
From: Jeff Neuman [mailto:jeff.neuman at comlaude.com]
Sent: Friday, April 27, 2018 3:29 AM
To: Corwin, Philip <pcorwin at verisign.com>
Cc: gnso-rpm-wg at icann.org
Subject: [EXTERNAL] Re: Draft Letter on UDRP & URS Utilization of
WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal
to Shift URS review to Phase II)
Phil,
If as you say you cannot assume that all registrars will give dispute
providers the data, then how can you just assume that registrars will not.
As I said I am caucusing with the registrars now to get the group some data.
Rather than crying wolf and sending a letter directly over the heads of the
registrars to the CEO of ICANN, I am just advocating for some direct
dialogue with the registrars. Let's not always assume the worst, but rather
talk to one another first.
Jeff Neuman
> On Apr 26, 2018, at 11:49 PM, Corwin, Philip <pcorwin at verisign.com> wrote:
>
> Jeff:
>
>
>
> While it is good that Com Laude will continue to provide registrant data
to UDRP dispute providers, we cannot assume that every other registrar and
registry will make the same decision in regard to GDPR compliance. We don't
want to see this issue fall through the cracks, and Kathy and I wanted to
follow through on the pledge we made to made in our email of April 6th - and
now we have.
>
>
>
> Further, as the impact of GDPR has been cited as one rationale for
postponing URS decisions to Phase II of our work, and as we will be
discussing that proposal on the next WG call, it seemed useful to ask staff
to aggregate all the relevant UDRP and URS document sections that reference
WHOIS and related matters to have a better informed conversation.
>
>
>
> I don't view this as a side issue nor do I share your concern that it will
have an adverse effect on our other work. Kathy and I have done the heavy
lifting here, and staff prepared material that is useful in another context.
This can be readily and quickly resolved on the email list and members can
suggest edits, and also opine on whether they think the letter should be
transmitted. There's no reason this matter can't be resolved before our next
call.
>
>
>
> Meanwhile, we have made rapid progress on URS matters through judicious
use of sub-teams, and are in position to send out compressive questions next
week to practitioners and providers, and to receive their responses in time
to have well-informed discussions just prior to and in Panama -- all prior
to receipt of answers to the survey questions on TMCH, Trademark Claims, and
Sunrise which are expected back in July. We are operating efficiently and
are on schedule.
>
>
>
> I hope that addresses your concern.
>
>
>
> Philip
>
>
>
> Philip S. Corwin
>
> Policy Counsel
>
> VeriSign, Inc.
>
> 12061 Bluemont Way
> Reston, VA 20190
>
> 703-948-4648/Direct
>
> 571-342-7489/Cell
>
>
>
> "Luck is the residue of design" -- Branch Rickey
>
>
>
> From: Jeff Neuman [mailto:jeff.neuman at comlaude.com]
> Sent: Thursday, April 26, 2018 6:25 PM
> To: Corwin, Philip <pcorwin at verisign.com>
> Cc: gnso-rpm-wg at icann.org
> Subject: [EXTERNAL] RE: Draft Letter on UDRP & URS Utilization of
WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal
to Shift URS review to Phase II)
>
>
>
> Phil,
>
>
>
> Has anyone asked the registries/registrars whether they would continue to
provide the Dispute Resolution Providers with WHOIS information needed for
the implementation of the URS/UDRP. I have not heard any registries or
registrars say that they would cease to provide that information? In fact,
I have heard the opposite from a number of them (including us - Com Laude).
Providing information to dispute providers for the purpose of the
implementation of UDRP / URS does fall under a couple of the GDPR
exceptions.
>
>
>
> It seems to me that we may be spending a lot of time on a letter when
registries and registrars would likely provide that information after the
filing of an applicable dispute. We should be focusing on getting the work
done we have before us rather than delving into these side issues.
>
>
>
> I will also being this issue up in the registrars SG to confirm what I
have been hearing.
>
>
>
> Jeffrey J. Neuman
>
> Senior Vice President |Valideus USA | Com Laude USA
>
> 1751 Pinnacle Drive, Suite 600
>
> Mclean, VA 22102, United States
>
> E: jeff.neuman at valideus.com or jeff.neuman at comlaude.com
>
> T: +1.703.635.7514
>
> M: +1.202.549.5079
>
> @Jintlaw
>
>
>
> From: gnso-rpm-wg <gnso-rpm-wg-bounces at icann.org> On Behalf Of Corwin,
Philip via gnso-rpm-wg
> Sent: Thursday, April 26, 2018 8:58 PM
> To: gnso-rpm-wg at icann.org
> Subject: [gnso-rpm-wg] Draft Letter on UDRP & URS Utilization of
WHOIS-Derived Registrant Data (was Response from the Co-Chairs RE: Proposal
to Shift URS review to Phase II)
> Importance: High
>
>
>
> WG members:
>
>
>
> Following up on the co-chairs email of April 6th, in which we stated--
>
> In regard to the ability of URS and UDRP providers to continue to have
access to the data elements necessary to fulfill their dispute resolution
provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's
CEO noting that such continued access for DRPs is essential to maintaining
these non-judicial alternatives for addressing trademark infringement in the
DNS, and requesting that ICANN raise this important matter in its continuing
discussions with EU Data Protection Authorities. We will work with staff to
prepare this draft letter and then share it with WG members for review and
comment, after which we will coordinate with Council Leadership and the WG
Liaison regarding transmission of a final text to ICANN management. -
>
>
>
> Kathy and I have now prepared a draft letter to the GNSO Council, for
transmission onward to ICANN management and other parties, for your review.
It addresses the subject of the relationship of UDRP and URS administration
based upon registrant data obtained from WHOIS records. In preparing this
letter we relied extensively on the attached listing of UDRP Policy and
Rules and URS Rules and Procedure that mention or are related to registrant
data and WHOIS.
>
>
>
> Please review this attached letter at your earliest opportunity and post
any suggested revisions or additions to the WG email list. As initiation of
GDPR enforcement is now less than one month away time is of the essence in
transmitting this information.
>
>
>
> Thank you and best regards,
>
> Philip & Kathy
>
>
>
>
>
> Philip S. Corwin
>
> Policy Counsel
>
> VeriSign, Inc.
>
> 12061 Bluemont Way
> Reston, VA 20190
>
> 703-948-4648/Direct
>
> 571-342-7489/Cell
>
>
>
> "Luck is the residue of design" -- Branch Rickey
>
>
>
> From: Corwin, Philip
> Sent: Friday, April 06, 2018 11:03 AM
> To: 'john.mcelwaine at nelsonmullins.com' <john.mcelwaine at nelsonmullins.com>;
'gnso-rpm-wg at icann.org' <gnso-rpm-wg at icann.org>
> Subject: Response from the Co-Chairs RE: Proposal to Shift URS review to
Phase II
>
>
>
> Dear John:
>
>
>
> Thank you for your submission regarding a variety of proposed changes to
this Working Group's Charter. Our understanding from discussions with staff
is that, while there is no set requirement for the level of support within a
WG required to request that GNSO Council consider a Charter revision, such
revisions are relatively rare and have in the past been supported by a
substantial majority of WG members in the absence of significant opposition
prior to transmission to Council for its consideration.
>
>
>
> We therefore strongly encourage all WG members to carefully review your
proposal and, regardless of whether one supports or opposes it, to provide
some feedback to the full WG email list so that we can begin to gauge
overall support. Such email discussion can be preliminary to a full WG oral
discussion on a call sometime in late April or early May, if there are
indications of substantial support within the WG and a desire to engage in
further discussion. The full WG will resume its regular Wednesday calls by
mid-April (we anticipate April 18), after the URS Documents, Practitioners
and Providers sub-teams have completed their current work.
>
>
>
> We also note that your proposal raises multiple issues, including:
>
> * Amendment of the WG Charter to move the URS review and
recommendations to Phase II
> * Amendment of the WG Charter to define issues that must, may, and may
not be addressed
> * Adjustment of the WG Charter to provide additional guidance on the
scope of URS and UDRP Review
> * Adjustment of the WG leadership structure for Phase II
> * Potential pause in the start of Phase II keyed to GDPR impact
understanding
>
>
>
> These are all major issues and we encourage WG members to comment on all
of them.
>
>
>
> Finally, regardless of whether there is substantial support within the WG
for any of the elements of your proposal, we agree that the impending
enforcement of GDPR raises substantial WHOIS data access issues for
trademark owners and for URS and UDRP dispute resolution providers. The
issues for trademark owners are currently being discussed within the full
ICANN community regarding interim and final compliance models, the latter
involving accreditation and tiered data access.
>
>
>
> In regard to the ability of URS and UDRP providers to continue to have
access to the data elements necessary to fulfill their dispute resolution
provider (DRP) roles, it is our intent to prepare a draft letter to ICANN's
CEO noting that such continued access for DRPs is essential to maintaining
these non-judicial alternatives for addressing trademark infringement in the
DNS, and requesting that ICANN raise this important matter in its continuing
discussions with EU Data Protection Authorities. We will work with staff to
prepare this draft letter and then share it with WG members for review and
comment, after which we will coordinate with Council Leadership and the WG
Liaison regarding transmission of a final text to ICANN management.
>
>
>
> Best regards,
>
> Philip & Kathy
>
>
>
>
>
>
>
> Philip S. Corwin
>
> Policy Counsel
>
> VeriSign, Inc.
>
> 12061 Bluemont Way
> Reston, VA 20190
>
> 703-948-4648/Direct
>
> 571-342-7489/Cell
>
>
>
> "Luck is the residue of design" -- Branch Rickey
>
>
>
> From: gnso-rpm-wg [mailto:gnso-rpm-wg-bounces at icann.org] On Behalf Of John
McElwaine
> Sent: Thursday, April 05, 2018 9:55 PM
> To: gnso-rpm-wg <gnso-rpm-wg at icann.org>
> Subject: [EXTERNAL] [gnso-rpm-wg] Proposal to Shift URS review to Phase II
>
>
>
> Dear RPM Working Group:
>
>
>
> In our meeting in San Juan, Puerto Rico, I raised the issue of moving the
work set forth in this Working Group's charter relating to the URS to Phase
II. The Chairs asked that I put something in writing detailing the specific
recommendation and reasoning, which I present below and have also attached
hereto in a Word document for your review and consideration.
>
>
>
> Kind regards,
>
>
>
> John
>
>
>
> Proposal to Shift URS from Phase I to Phase II:
>
>
>
> 1. On 15 December 2011, the GNSO Council requested that eighteen (18)
months after the launch of the New gTLD Program ICANN staff prepare and
publish an Issue Report on the state of all rights protection mechanisms
implemented for both existing and new gTLDs, including but not limited to
the UDRP and URS. The Council subsequently agreed to extend the timeline for
a report by a further six (6) months.
>
>
>
> 2. On 9 October 2015, a Preliminary Issues Report was published
discussing the scope of this potential PDP and outlining three possible
options for moving forward. The third option ultimately was elected at that
time:
>
>
>
> The "third option would be to conduct a policy review of all the RPMs in
two phases, with the initial phase being a review only of the RPMs developed
for the New gTLD Program. . . . The second, subsequent phase of work would
be a review of the UDRP, based on the concerns specific to its scope that
were raised in the 2011 GNSO Issue Report and any additional relevant topics
derived from the first phase of work concerning the RPMs developed for the
New gTLD Program."
>
>
>
> 3. On 15 March 2016, the two phase approach was approved in the Charter
for the Review of all Rights Protection Mechanisms (RPMs) in all gTLDs PDP
Working Group ("RPM Working Group"). Phase One was to focus on a review of
all the RPMs that were developed for the New gTLD Program, and Phase Two
will focus on a review of the UDRP.
>
>
>
> 4. The Objective & Goals in the PDP's Charter were to examine (i) the
RPMs effectiveness, (ii) whether the RPMs collectively fulfil their
purposes, and (iii) whether additional policy specific recommendations are
needed, including to clarify and unify the policy goals. RPM Working Group
Charter, at p. 3. The Objectives & Goals in the PDP's Charter were broadly
defined:
>
>
>
> "In addition to an assessment of the effectiveness of each RPM, the PDP
Working Group is expected to consider, at the appropriate stage of its work,
the overarching issue as to whether or not all the RPMs collectively fulfill
the purposes for which they were created, or whether additional policy
recommendations are needed, including to clarify and unify the policy goals.
If such additional policy recommendations are needed, the Working Group is
expected to develop recommendations to address the specific issues
identified. The Working Group is also directed to bear in mind that a
fundamental underlying intention of conducting a review of all RPMs in all
gTLDs is to create a framework for consistent and uniform reviews of these
mechanisms in the future."
>
>
>
> 5. However, the RPM Working Group Charter also contains a lengthy
attachment entitled "LIST OF POTENTIAL ISSUES FOR CONSIDERATION IN THIS PDP"
This "list was derived from various community suggestions in different
forums, they are not listed in any particular order of importance nor has
staff attempted to analyze the merits, relevance or significance of each
issue". This list contains topics that are out of scope when compared with
the Objectives and Goals, including:
>
>
>
> 1. Are generic dictionary words being adequately protected so that they
are available for all to use as allowed under their national laws and
international treaties? E.g. sun, window
> 2. Should monetary damages be awarded?
> 3. Are last names and geographic places adequately protected so that
they are available for all to use as allowed under their national laws, e.g,
Smith, McDonald, Capitol Hill Cafe, Old Town Deli?
> 4. Should injunctive relief be available?
> 5. Now that Reverse Domain Name Hijacking is a regular finding of UDRP
panels, indicating that domain name registrants are being abused by
complaints brought against them in the UDRP process, what penalties and
sanctions should be imposed on Complainants found to be reverse domain name
hijackers? How can those penalties and sanctions be aligned so as to be
fair, as compared to the loss of a domain name taken from a registrant found
to be a "cybersquatter"?
>
>
>
> 6. Issues from this list and other new out of scope issues, complaints
and modifications are causing the work of the RPM Working Group to slow and
are polarizing the members; thus, harming the ability to achieve consensus
in the Working Group. As recommend by the PDP breakout group and discussed
by the Community in attendance at the Sunday gNSO Working Session in San
Juan, it would be particularly useful if working group charters would:
>
>
>
> 1. Define clearly what success for the proposed working group "should
look like". (K. Kleiman reporting on breakout session, Transcript ICANN61
San Juan GNSO Working Session Part 2 Sunday, 11 March 2018 at 10:30 AS
("Transcript") at p. 5).
> 2. Define topics or issues that must be addressed, may be addressed and
may not be addressed. (Transcript at p. 4).
> 3. Have "more defined issues, [be] more bounded, more limited."
(Transcript at p. 5).
> 4. Have a narrower scope and be broken up into separate projects.
(Transcript at p. 5).
> 5. Having a charter drafting team that "that are experts, and that
might mean a legal expert, but we should also have people that have
experience, practical experience." (S. DelBianco reporting on breakout
session, Transcript at p. 5).
>
>
>
> 7. The Trademark Clearinghouse, Sunrise and Trademark Claims Notices
are RPMs relating to the registration process of domain names in the new
gTLDs. The URS is more akin to the UDRP, and like the UDRP is a mandatory
dispute resolution proceeding to recover a domain name that has been clearly
registered in bad faith. Since the URS is intended to be complementary of
the UDRP and will have similar issues it would be more efficient to address
these RPMs in a more cohesive manner.
>
>
>
> 8. With respect to the URS and UDRP, The European Parliament, the
Council of the European Union, and the European Commission have enacted a
new data privacy regulation in 2016 entitled the General Data Protection
Regulation (GDPR) that will likely adversely impact the ability of the URS
and UDRP to function as these policies are currently implemented. The new
regulation is scheduled to take effect on May 25, 2018. Among other ways,
GDRP may adversely impact the URS and the UDRP by:
>
>
>
> 1. Procedure for UDRP/URS:
>
> 1. Possibility that Providers cannot serve the UDRP/URS Complaint if an
email address cannot be obtained.
> 2. Possibility that the Language of the URS proceeding cannot be
determined.
>
> 2. Procedure for URS:
>
> 1. Possibility that the URS provider cannot translate the notice of URS
complaint into the predominant language used in the Registrant's country or
territory.
> 2. Possibility that URS complainants cannot know the language of a
possible response.
> 3. Possibility that URS complainants do not know whether the URS
complaint was translated into the correct language(s) and that proceedings
were administered correctly.
>
> 3. UDRP Element 2 / URS:
>
> 1. Cannot argue that the registrant is not commonly known by the Domain
Name at issue.
> 2. Cannot determine if the registrant has been authorized by the
Trademark holder.
> 3. Cannot determine if the registrant is an authorized reseller of the
Trademark holder's product.
> 4. Cannot determine on what date the domain name was "registered" by
the current domain name holder if it was transferred to this current domain
name holder. (requires being able to see the WhoIs history). This could
prevent baseless claims from being filed.
>
> 4. UDRP Element 3:
>
> 1. Cannot determine if registrant has engaged in a pattern of bad faith
registrations. Rule 4(b)(ii).
> 2. Cannot determine if registrant has been found to engage other
unlawful actions, such as malware, phishing or scams.
> 3. Cannot determine if the registrant is in a particular geographic
region to be better assess the possibility of legitimate co-existence (thus
possibly even foregoing the filing of a case, and response, in the first
place).
> 4. Cannot determine if the registrant is technically a "competitor"
that has registered the Domain Name for the purpose of disrupting the
business of the Complainant. Rule 4(b)(iii).
>
>
>
> 9. Due to GDPR compliance issues, ICANN org is considering substantial
changes to WhoIs, and has published an Interim Model for GDPR Compliance,
e.g. "The CookBook" which proposes to significantly limit the public display
of WhoIs data after May 25, 2018." see:
https://www.icann.org/en/system/files/files/gdpr-compliance-interim-model-08
mar18-en.pdf. Aggressive current timelines for tiered access to WhoIs data
that might provide some fix for the above issues is December 2018. There is
no question that GDPR will require policy consideration relating to the URS
and UDRP that cannot be predicted and analyzed at this time.
>
>
>
> Recommendation:
>
>
>
> 1. The RPM Working Group finishes its already well-advanced work and
issues an Initial Report on the PDDRP, Trademark Clearinghouse, Sunrise, and
Trademark Claims Notices for public comment.
>
> 2. After comments have been analyzed for those elements, that the RPM
Working Group finishes its work and issues its Final Report on the PDDRP,
Trademark Clearinghouse, Sunrise, and Trademark Claims Notices.
>
> 3. The RPM Working Group issues a request through its Appointed
Working Group Liaison to the GNSO Council to amend the RPM Working Group
Charter as follows:
>
> 1. shift the work related to the URS to Phase II and, if necessary,
pause starting Phase II until after the permanent impacts of GDPR on the URS
and UDRP are known;
>
> 2. provide clear guidance to the WG on the issues that (i) must be
addressed, (ii) may be addressed, and (iii) may not be addressed;
>
> 3. provide clear guidance on the scope of the review of the URS and
UDRP.
>
>
>
> Although a separate issue from this proposal, it is also recommended that
Phase II Working Group has one chairperson with appropriate neutrality and
experience in PDP consensus building and parliamentary procedures.
Assistance to the chair can be provided by utilizing vice-chairs and
well-structured sub-teams.
>
>
>
>
>
>
>
>
>
> JOHN C. MCELWAINE PARTNER
>
> john.mcelwaine at nelsonmullins.com
>
> LIBERTY CENTER | SUITE 600
>
> 151 MEETING STREET | CHARLESTON, SC 29401
>
> T 843.534.4302 F 843.722.8700
>
>
>
> 101 CONSTITUTION AVENUE, NW | SUITE 900
>
> WASHINGTON, D.C., 20001
>
> T 202.689.2939 F 202.689.2862
>
>
>
> NELSONMULLINS.COM VCARD VIEW BIO
>
>
>
>
>
> Confidentiality Notice
>
> This message is intended exclusively for the individual or entity to which
it is addressed. This communication may contain information that is
proprietary, privileged, confidential or otherwise legally exempt from
disclosure.
>
> If you are not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you have
received this message in error, please notify the sender immediately either
by phone (800-237-2000) or reply to this e-mail and delete all copies of
this message.
>
More information about the gnso-rpm-wg
mailing list