<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Peter, Emily and All,<br>
I have been giving this a lot of thought too. I have also been doing
some research, and although I have been deeply embedded in the
proxy/privacy issue for some time, there is still so much I don't
know! <br>
<br>
Here are some of my thoughts:<br>
1) I think you are right in dividing privacy from proxy from privacy
registrations. As you wrote, and as Emily has written below in her
recent email, proxy and privacy services (although spoken in the
same breath) are different. I think our WRT Report can play an
important role in laying out the differences, and sharing why, to
us, these differences result in very clear and differing obligations
and responsibilities.<br>
<br>
2) I don't think you restrict privacy services to natural persons.
As we have discussed in our meetings, there are many political
organizations, religious groups and even commercial companies that
claim privacy rights, and have legitimate reasons for not wanting to
disclose a physical address. What I do think we can encourage the
ICANN Community to develop is a series of guidelines for appropriate
disclosure of the underlying data to law enforcement and others
(called "Reveal" in ICANN parlance). (I also think the ICANN
Community can develop a series of guidelines for appropriate
practices for passing on information to the registrant at
his/her/its address or email to notify them of all legal
proceedings, inquiries to purchase the domain name, etc. -- this
might defuse a lot of the existing tensions ("Relay" in ICANN
parlance).<br>
<br>
3) I do like the idea of best practices for privacy providers.<br>
<br>
4) After great thought, and debate with several people on the Team
(tx you!), I agree with you about proxy providers. I think your #7
is probably right: that "ICANN should claify that the full rights
and responsibilities of a registrant accrue to the entity identified
as the registrant." There does not seem to be any other way to do
it. <br>
<br>
5) An additional point: Education. perhaps we can use our
recommendations to encourage clearer education of registrants, the
ICANN Community, and the greater Law Enforcement, Commercial and
other Communities. We can lay out the difference of proxy and
privacy providers, and ways the choice of privacy or proxy might
impact the registrants, and parties seeking the registrant.<br>
<br>
6) One more additional point: Tiered Access. I don't know if we
should get into this, but the Whois protocol can be modernized and
updated to include levels of access for data -- e.g., privacy of
addresses and telephone numbers -- and then provide access to those
who a) identify themselves, and b) meet the criteria for access,
e.g., law enforcement. In this case, the Whois information is held
by registrar and registries, and thus much closer to ICANN. It is
also far cheaper for registrants (who are currently paying more for
their privacy services per year than their domain name, in many
cases). Finally, it open future options for the registries and
registrars to manage access to the data -- perhaps pursuant to rules
ICANN might someday create. The current Whois protocol can't provide
this service, but others can (Restful DNS, etc). Perhaps a win-win?<br>
<br>
Best and tx for all of your leadership in this area, Peter!<br>
Kathy<br>
<br>
<< From Emily:<br>
<br>
Hi Peter<br>
<blockquote
cite="mid:CAKWYFscdofCau139fEq2x7JW5BHedRp+oT808L1J2zSrWeqFXg@mail.gmail.com"
type="cite"><br>
Thanks for reviving this discussion.<br>
<br>
I've been mulling over privacy proxy recommendations, that would
be suitable and not pre-empt the findings of studies.<br>
<br>
I think that a route might be to go back to the first principles
in the contract.<br>
<br>
1. Proxies are the registrant. Therefore they take the heat if
there's any problem with the domain name, and the
onus/responsibility is on them to prove that there is another
party who should be blamed in a timely way.<br>
<br>
2. Privacy registrations - on the face of it, these are
inaccurate, and therefore the domain becomes subject to
cancellation if the true registration details are not revealed in
a timely manner.<br>
<br>
So, the policies are there, the contractual powers are there.
There needs to be more responsiveness on the part of registrars in
cancelling/amending/revealing underlying details where there's a
problem.<br>
<br>
Thoughts?<br>
<br>
Best,<br>
<br>
Emily<br>
<br>
<div class="gmail_quote">On 11 October 2011 05:49, Nettlefold,
Peter <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Peter.Nettlefold@dbcde.gov.au">Peter.Nettlefold@dbcde.gov.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi Kathy,<br>
<br>
I wanted to follow up the conversation about proxy services
that we began in MDR.<br>
<br>
In particular, I wanted to ask about what you meant by the
recommendation:<br>
<br>
'Registrars may not knowingly use for their own registrations,
or register the domain names of p/p service providers who do
not have contracts with them'<br>
<br>
I'm assuming that a registrar has a contract with every
registrant as a matter of course, so I take it that this is
referring to having up front contracts with p/p providers? My
question is would this be separate to a global ICANN p/p
accreditation or registration scheme?<br>
<br>
My first intent here is to be really clear on what is
intended. Secondly, I wonder if it would be more efficient and
effective to have this kind of approach run in conjunctions
with an ICANN accreditation scheme - i.e. ICANN would accredit
p/p providers in a similar way that it does registrars, and
any registrar could then do business with those providers?
Otherwise, couldn't we would be faced with a range of issues,
including registrars potentially signing contracts with
themselves (or their subsidiaries, affiliates etc) to serve as
p/p providers?<br>
<br>
I'm still looking forward to feedback from other team members
on the question of whether proxy services should be recognised
by ICANN, but wanted to discuss your proposals in the interim.<br>
<br>
Cheers,<br>
<br>
Peter<br>
<br>
<br>
<br>
<br>
From: "<a moz-do-not-send="true"
href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a><mailto:<a
moz-do-not-send="true" href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a>>"
<<a moz-do-not-send="true"
href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a><mailto:<a
moz-do-not-send="true" href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a>>><br>
Subject: [Rt4-whois] Reviewing proxy/privacy ideas<br>
Date: September 21, 2011 7:26:51 AM PDT<br>
To: RT4 WHOIS <<a moz-do-not-send="true"
href="mailto:rt4-whois@icann.org">rt4-whois@icann.org</a><mailto:<a
moz-do-not-send="true" href="mailto:rt4-whois@icann.org">rt4-whois@icann.org</a>>>,
Sharon Lemon <<a moz-do-not-send="true"
href="mailto:sharonchallis@aol.com">sharonchallis@aol.com</a><mailto:<a
moz-do-not-send="true" href="mailto:sharonchallis@aol.com">sharonchallis@aol.com</a>>><br>
Reply-To: "<a moz-do-not-send="true"
href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a><mailto:<a
moz-do-not-send="true" href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a>>"
<<a moz-do-not-send="true"
href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a><mailto:<a
moz-do-not-send="true" href="mailto:kathy@kathykleiman.com">kathy@kathykleiman.com</a>>><br>
<br>
Hi All,<br>
After good food and great company last night, I awoke with
some new ideas regarding proxy/privacy service providers.<br>
What we know:<br>
- Not too much. Proxy/privacy providers (p/p) are not
something we have studied closely. We know that many people,
including very experienced Net users, do not have a clear
distinction. They are generally used in the same voice at the
same time.<br>
- We have no clear data about p/p. The upcoming GNSO
studies will provide a) a study on reveal and relay requests
to p/p providers, and b) a study of what percentage of "bad
guys" are under p/p registration. We have only a study that
says that 15-20% of domain names are under p/p, and an array
of comments. We have not actual facts about p/p providers
themselves.<br>
<br>
- Under US law, there is a strong protection of
privacy and even anonymity in Free Speech, but "no tradition
of anonymous commerce in the US." Let me quote the World
Trademark Review, Aug/Sept 2011, article: "Why Trademark
Owners Must lead the fight for accountability in e-commerce."
** "Clearly the First Amendment includes the right to speak
anonymously. Moveover, the First Amendment places anonymous
speech on the Internet on the same footing as other speech. As
with other forms of expression, the ability to speak
anonymously on the Internet promotes the robust exchange of
ideas and allows individuals to express themselves without
fear of economic or official retaliation or concern about
social ostracism. The importance of the Internet to the
expression of protected speech cannot be overstated..."<br>
Like the International Trademark Association, in some recent
legislative work in the US, let's focus on the conduct we are
most concerned about:<br>
<br>
- Domain names being used in conjunction with "goods
or services advertised or sold at that [a] website."
(International Trademark Association language as part of
promoting a new US Statute for services of process to domain
registrants whose data cannot be found - article above)<br>
For our WRT decisions, let's please not create confusion. The
lines between p/p are difficult and unclear. Let's focus on
conduct we know is out there and bounds that can be quickly
established and are likely to help. ** Let me offer some
reflections of yesterday. We all seem to agree that: **<br>
- WE CAN BIND P/P CLOSER TO REGISTRARS, thus a Draft
Recommendation: Registrars may not knowingly use for their own
registrations, or register the domain names of p/p service
providers who do not have contracts with them; do not have
clear agreements to gather accurate Whois data from
registrants; do not have clear contractual obligations to
Reveal the underlying registrant data when requested under law
or pursuant to ICANN rules.<br>
- ICANN will rapidly establish a proceeding, with Law
Enforcement and Consumer Communities, as well as privacy and
free speech Official and Experts, to develop a set of Reveal
and Relay rules for p/p providers, in conjunction with the
ICANN Community.<br>
- Registrant Declaration: is the domain name being
used for goods or services sold or advertised using the domain
name (note: this includes not only websites, but emails and
other forms of domain name use).<br>
<br>
(Note: the GNSO might want to wait to set up rules until soon
after their $200,000+ studies are completed within the year)<br>
<br>
<br>
Overall, separating out p/p providers without much more work
and very, very, very extensive education -- it will be very
confusing to ICANN and the Internet public.<br>
<br>
<br>
<br>
Best, Kathy<br>
<br>
_______________________________________________<br>
Rt4-whois mailing list<br>
<a moz-do-not-send="true" href="mailto:Rt4-whois@icann.org">Rt4-whois@icann.org</a><mailto:<a
moz-do-not-send="true" href="mailto:Rt4-whois@icann.org">Rt4-whois@icann.org</a>><br>
<a moz-do-not-send="true"
href="https://mm.icann.org/mailman/listinfo/rt4-whois"
target="_blank">https://mm.icann.org/mailman/listinfo/rt4-whois</a><br>
<br>
<br>
<br>
-------------------------------------------------------------------------------<br>
<br>
NOTICE: This email message is for the sole use of the intended
recipient(s)<br>
and may contain confidential and privileged information. Any
unauthorized<br>
review, use, disclosure or distribution is prohibited. If you
are not the<br>
intended recipient, please contact the sender by reply email
and destroy all<br>
copies of the original message.<br>
<br>
This message has been content scanned by the Axway MailGate.<br>
MailGate uses policy enforcement to scan for known viruses,
spam, undesirable content and malicious code. For more
information on Axway products please visit <a
moz-do-not-send="true" href="http://www.axway.com"
target="_blank">www.axway.com</a>.<br>
<br>
<br>
-------------------------------------------------------------------------------<br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<br>
<br>
<span style="color:rgb(153, 51, 153)"></span> <img
moz-do-not-send="true"
src="http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif"><br>
<br>
<div style="margin-left:80px"><u style="color:rgb(204, 51, 204)">
</u><br style="color:rgb(153, 51, 153)">
<br>
<span style="color:rgb(153, 153, 153)">76 Temple Road, Oxford
OX4 2EZ UK</span><br style="color:rgb(153, 153, 153)">
<span style="color:rgb(153, 153, 153)">t: +44 (0)1865 582 811 •
m: +44 (0)7540 049 322</span><br style="color:rgb(153, 153,
153)">
<span style="color:rgb(153, 153, 153)"><a moz-do-not-send="true"
href="mailto:emily@emilytaylor.eu" target="_blank">emily@emilytaylor.eu</a>
</span><br style="color:rgb(153, 153, 153)">
<br style="color:rgb(153, 153, 153)">
<b style="color:rgb(153, 153, 153)"><a moz-do-not-send="true"
href="http://www.etlaw.co.uk" target="_blank">www.etlaw.co.uk</a></b><br
style="color:rgb(153, 153, 153)">
<br style="color:rgb(153, 153, 153)">
<span style="color:rgb(153, 153, 153)">Emily Taylor Consultancy
Limited is a company registered in England and Wales No.
730471. VAT No. 114487713.</span><br>
</div>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
</pre>
</body>
</html>