[Accred-Model] WP29 statement on WHOIS
Scott Austin
SAustin at vlplawgroup.com
Tue May 1 14:20:10 UTC 2018
Rubens:
(My last email response to you was a bit unfinished as I was writing in an airport so I am resending with a completed final paragraph)
First, you reference to an email from me using trademark registration as a basis for my proposal must be referring to someone else. I never mentioned trademark registrations as a model, only DMCA, which relates to copyright and the US copyright office as providing a registry for designated agents for $6 so your cost multiples based on trademark registration are way off and should be based on that $6 figure I provided, if any, which is less than what I have paid for proxy service as an addition to DN registration. In addition the designee need not be a lawyer and could be an existing proxy service as they have plenty of experience receiving and acting upon notice from rightsholders. If Google provides its service for free while others charge perhaps they will be #1 very soon. I suggested the service might be provided without additional charge and here are at least two examples that prove it can.
You wrote: <That contract network can't supersede any applicable laws. Contracts can go only up to what the law allows, and changing civil law requires lawmaker involvement, different from case law.>
Most contracts contain notice and choice of law provisions, which are well within the generally accepted principles of contract law, unless you know of a juridiction where parties cannot not consensually agree on what jurisdiction's law applies and how they should be notified. Most contracts, including ICANN's, include such provisions, so please clarify how providing a contact for notice to be forwarded to (without revealing the registrant's PII) which supports due process, would supersede or require change to applicable law. No rights are being waived. Where is the logic in rendering a registrant unreachable if they have violated someone else's rights, privacy or otherwise. What am I missing?
You wrote: <We don't have to resort to multiple jurisdictions; I don't think Europol has a view much different from FBI, for instance, so they are as able to carry a message of steering the needle towards transparency instead of privacy to lawmakers. But there is a global trend in society towards control of personal data that is overwhelming... so I wouldn't take such amendments for granted, even in less privacy-oriented jurisdictions. Specially after people realise that the sky hasn't fallen.>
The proposed amendment supports privacy in line with GDPR in the EU, a privacy oriented jurisdiction. LEAs (which would include FBI and Interpol) and cybersecurity companies have been some of the most vocal critics concerned with timely access to protected Whois data after GDPR takes effect. I can't speak to the current views of the FBI and Interpol on GDPR, but given the extensive concerns raised by ICANN. stakeholders, and the press covering these issues, the sky is expected to grow very dark, if not fall, for as much as 18 months. I am interested what evidence you have that it wont fall. Some registrar's WHOIS has already begun masking registrant email addresses which has been the primary means for global reach to registrants for notice, including effective service of process for rights protection mechanisms like UDRP. My registrant agent propsal in no way exposes private data, and in fact protects it as the registrant can choose its designee to receive and foward notice. But it also avoids a domain being used as a shroud to place the registrant beyond reach of notice, using privacy protection as subterfuge to avoid or cost prohibitively surcharge effective service via email.
Best regards,
Scott
Sent from my T-Mobile 4G LTE Device
-------- Original message --------
From: Rubens Kuhl <rubensk at nic.br<mailto:rubensk at nic.br>>
Date: 4/30/18 9:37 PM (GMT-05:00)
To: Scott Austin <SAustin at vlplawgroup.com<mailto:SAustin at vlplawgroup.com>>
Cc: "BECKHAM, Brian" <brian.beckham at wipo.int<mailto:brian.beckham at wipo.int>>, Cyntia King <cking at modernip.com<mailto:cking at modernip.com>>, accred-model at icann.org<mailto:accred-model at icann.org>
Subject: Re: [Accred-Model] WP29 statement on WHOIS
On 30 Apr 2018, at 21:59, Scott Austin <SAustin at vlplawgroup.com<mailto:SAustin at vlplawgroup.com>> wrote:
Rubens:
You are correct, new law would have to be made – or existing law amended. But it is a given with the thousands of hours now spent by lawyers, ICANN, privacy officials and governing bodies analyzing GDPR that new law will be made in response to GDPR. My question is whether those laws in response will be made through a patchwork of regulations or statutes in multiple jurisdictions taking effect at different times to protect their unsuspecting citizens from GDPR’sits penalties; or worse, a patchwork of judge-made interpretations of GDPR’s application and scope in challenges of those penalties after they issue against citizens.
We don't have to resort to multiple jurisdictions; I don't think Europol has a view much different from FBI, for instance, so they are as able to carry a message of steering the needle towards transparency instead of privacy to lawmakers.
But there is a global trend in society towards control of personal data that is overwhelming... so I wouldn't take such amendments for granted, even in less privacy-oriented jurisdictions. Specially after people realise that the sky hasn't fallen after May 25th.
And how will that cost compare with my suggestion of a modest amendment to an existing global contract network with existing registries,
That contract network can't supersede any applicable laws. Contracts can go only up to what the law allows, and changing civil law requires lawmaker involvement, different from case law.
which amendment proposes to keep data private but provide reasonable access for notice or service of process to a registrant through a qualified third party, registered designee, with the added benefit of taking effect globally and simultaneously. And given that GDPR is essentially the enactment of government sanctioned proxy protection which may limit if not obviate the need for existing private proxy services, perhaps the privacy/proxy service providers would be willing to transfer their services to fulfill the role of registrant’s agents or their back office.
If that was true, privacy/proxy service would already be an included service in all major registrars. While it's included in Google Domains and Uniregistry, Google is #10 gTLD registrar at this time... so most registrants still to have to pay for a service that is much more simpler than the one you suggest. A good number of those registrar-based proxy services simply turn off privacy in response to any kind of dispute or issue instead of relaying notices to registrants. What you have described is more like the type of proxying provided by law offices, which comes with a price.
BTW, since you mentioned trademark registrations in an earlier e-mail, I converted some local fees to local domain multiples so you can get a feeling of how that would impact pricing:
- Local PTO cost for requesting a trademark registration: 3.5 domains
- How much a lawyer bills for preparing that registration: 42.5 domains
- Local PTO cost for issuing a trademark: 7.5 domains
- Lawyer costs when the trademark is issued for monitoring and challenging future trademark applicants: 10 domains
It's hard to fit any of those into a cost-neutral mechanism.
Rubens
Sent from my T-Mobile 4G LTE Device
-------- Original message --------
From: Rubens Kuhl <rubensk at nic.br>
Date: 4/30/18 9:37 PM (GMT-05:00)
To: Scott Austin <SAustin at vlplawgroup.com>
Cc: "BECKHAM, Brian" <brian.beckham at wipo.int>, Cyntia King <cking at modernip.com>, accred-model at icann.org
Subject: Re: [Accred-Model] WP29 statement on WHOIS
On 30 Apr 2018, at 21:59, Scott Austin <SAustin at vlplawgroup.com<mailto:SAustin at vlplawgroup.com>> wrote:
Rubens:
You are correct, new law would have to be made – or existing law amended. But it is a given with the thousands of hours now spent by lawyers, ICANN, privacy officials and governing bodies analyzing GDPR that new law will be made in response to GDPR. My question is whether those laws in response will be made through a patchwork of regulations or statutes in multiple jurisdictions taking effect at different times to protect their unsuspecting citizens from GDPR’sits penalties; or worse, a patchwork of judge-made interpretations of GDPR’s application and scope in challenges of those penalties after they issue against citizens.
We don't have to resort to multiple jurisdictions; I don't think Europol has a view much different from FBI, for instance, so they are as able to carry a message of steering the needle towards transparency instead of privacy to lawmakers.
But there is a global trend in society towards control of personal data that is overwhelming... so I wouldn't take such amendments for granted, even in less privacy-oriented jurisdictions. Specially after people realise that the sky hasn't fallen after May 25th.
And how will that cost compare with my suggestion of a modest amendment to an existing global contract network with existing registries,
That contract network can't supersede any applicable laws. Contracts can go only up to what the law allows, and changing civil law requires lawmaker involvement, different from case law.
which amendment proposes to keep data private but provide reasonable access for notice or service of process to a registrant through a qualified third party, registered designee, with the added benefit of taking effect globally and simultaneously. And given that GDPR is essentially the enactment of government sanctioned proxy protection which may limit if not obviate the need for existing private proxy services, perhaps the privacy/proxy service providers would be willing to transfer their services to fulfill the role of registrant’s agents or their back office.
If that was true, privacy/proxy service would already be an included service in all major registrars. While it's included in Google Domains and Uniregistry, Google is #10 gTLD registrar at this time... so most registrants still to have to pay for a service that is much more simpler than the one you suggest. A good number of those registrar-based proxy services simply turn off privacy in response to any kind of dispute or issue instead of relaying notices to registrants. What you have described is more like the type of proxying provided by law offices, which comes with a price.
BTW, since you mentioned trademark registrations in an earlier e-mail, I converted some local fees to local domain multiples so you can get a feeling of how that would impact pricing:
- Local PTO cost for requesting a trademark registration: 3.5 domains
- How much a lawyer bills for preparing that registration: 42.5 domains
- Local PTO cost for issuing a trademark: 7.5 domains
- Lawyer costs when the trademark is issued for monitoring and challenging future trademark applicants: 10 domains
It's hard to fit any of those into a cost-neutral mechanism.
Rubens
This message contains information which may be confidential and legally privileged. Unless you are the addressee, you may not use, copy or disclose to anyone this message or any information contained in the message. If you have received this message in error, please send me an email and delete this message. Any tax advice provided by VLP is for your use only and cannot be used to avoid tax penalties or for promotional or marketing purposes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/accred-model/attachments/20180501/db7c5663/attachment.html>
More information about the Accred-Model
mailing list