[Gnso-ppsai-pdp-wg] Commercial Use - White Paper

Michele Neylon - Blacknight michele at blacknight.com
Tue May 13 16:30:41 UTC 2014 

I don't think ICANN should be putting itself in the position of adjudicating over this .. it's more of a matter of national law etc.,

Also in the gTLD world there's very little distinction between registration data collection and display which doesn't help discussions

If you do a port 43 whois lookup on a LOT of ccTLDs - including several of the ccTLDs corresponding to jurisdictions referenced in this document,  you won't get back much data .. That doesn't mean that the data isn't being held, but it's not being shared with the "world"

If law enforcement or another governmental agency want the data they can get it pretty easily ..

Of course if ICANN's handling of domain registration data was actually compliant with EU data privacy law then a lot of these issues would be moot ..



--
Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Domains
http://www.blacknight.co/
http://blog.blacknight.com/
http://www.technology.ie
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces at icann.org [mailto:gnso-ppsai-pdp-wg-bounces at icann.org] On Behalf Of James M. Bladel
Sent: Tuesday, May 13, 2014 2:39 PM
To: John Horton; Volker Greimann
Cc: gnso-ppsai-pdp-wg at icann.org
Subject: Re: [Gnso-ppsai-pdp-wg] Commercial Use - White Paper

IMO, the paper from this weekend makes a very compelling and persuasive case for those already holding these positions.  But, aside from wrongfully presuming that ICANN is authorized to dive in to the role of global content regulator, it does not address the larger cost/benefit questions.  Creating "classes" of registrants, prohibiting some classes from using accredited services for legitimate purposes, and stripping this service from existing customers will not yield comparable benefits in addressing abuse.    Bad actors do not comply with these rules in the first place, so more rules are not the remedy.

J.



From: John Horton <john.horton at legitscript.com<mailto:john.horton at legitscript.com>>
Date: Tuesday, May 13, 2014 at 5:33
To: Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>>
Cc: "gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>" <gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>>
Subject: Re: [Gnso-ppsai-pdp-wg] Commercial Use - White Paper

Hi Volker,

Thanks for your comments. We did try to think through those things, and I think you'll find them addressed in the paper that Libby circulated.

Cheers,

John Horton
President, LegitScript
 [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]



Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>

On Tue, May 13, 2014 at 6:18 PM, Volker Greimann <vgreimann at key-systems.net<mailto:vgreimann at key-systems.net>> wrote:
Hi John,

the problem is that commercial use is a very wide scope. Some courts have held that providing space for Google Ads on your private blog can be held to be commercial use. Or if I linked to an ebay auction I set up and mentioned that in my blog, it could be construed to be commercially used. Does that mean I lose my right to use a privacy service?

What about little work-from-home shops selling self-made stuff online? Do they really have to put their home address on their domain? If I were an activist for religion (or lack thereof), womens rights, abotrion, death penalty and sell stickers promoting my cause in a small webshop, do I suddenly have to tell every nutter out there where I live?

While I agree that there may be abuse of the services provided by whois privacy, I do not agree that commercial activity is where we should draw the line. Illegal activity using such services is what needs to be prohibited, nothing else.

Best,

Volker


I think it's important to note that nobody is currently proposing that commercial entities shouldn't be allowed to use p/p services. (Put aside the text in Bob's email, because I am guessing that is not what he actually meant. Anyway, it's not what's proposed in the paper.) Rather, the proposal is that p/p services should not be allowed for domain names used for commercial purposes. The status of the registrant as a registered business, or as an individual, is irrelevant. For some specific discussion on this point, I'd encourage you to review pages 8-9 of the document that Libby disseminated.

To your specific point, pre-launch trademark searching and clearance wouldn't be "using the domain name" for "commercial activity" as it's contemplated. To be precise, the registrant might be engaged in commercial activity in other ways, but not involving the use of the domain name.  The idea is that if a website is actually selling goods and services, either via the domain name or some website that it points to (e.g., all of the product are listed at example.com<http://example.com>, but it points to paypal.com<http://paypal.com> for transactions), that would be a commercial use of a domain name. If you've just registered a domain name in preparation for the launch of a new brand or product line, but the domain name isn't actually transacting business, I don't think it's commercial use. We're talking about situations where you select a product, put it in your cart, pull out your credit card, and conduct a financial transaction, and I'd argue that Internet users have the right to an accurate, transparent Whois record at that point in time. In any case, I think that these issues are discussed in more detail in the document, and in particular, pages 8-9.

Let me answer your earlier question about medsindia.com<http://medsindia.com>. But first, let me first point out that in numerous cases where we've submitted evidence to registrars about rogue Internet pharmacies, they respond, "We unfortunately cannot take any action unless you prove that the Whois record is inaccurate." (Put aside for a moment any disagreement with this response [I do not think it's accurate]; the point is that it's a common response by some, although not all, registrars.)

So, to your question, there are two possibilities:

  1.  The domain name is accurately registered. Great; now, perhaps, law enforcement or the courts can take action as appropriate.
  2.  Or, it's a falsified or inaccurate Whois. Even if it takes a little leg work, the inaccurate nature of the Whois information can be established, and a WDPRS complaint can be submitted. Either the Whois is corrected, or it isn't and the domain name is suspended.
In other words, if some registrars say, "The only enforcement mechanism we're going to recognize against domain names is a) a court order in our jurisdiction, or b) a false Whois," medsindia.com is an example where all options are off the table. As explained, Canadian law enforcement has no jurisdiction because Canada is the one country where the drugs aren't shipped to; and a WDPRS is off the table because there's no way to prove the Whois is falsified -- it's behind a p/p service.

Hope that helps!

John Horton
President, LegitScript
 [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]



Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>

On Tue, May 13, 2014 at 9:37 AM, McGrady, Paul D. <PMcGrady at winston.com<mailto:PMcGrady at winston.com>> wrote:
Hi Kiran,

I'm not sure how pre-launch trademark searching and clearance isn't  a commercial activity.  Further, Bob's email said:  "This is one of the reasons for keeping whois data public for commercial entities."  There is a big difference between excluding proxy services for commercial entities vs excluding proxy services for websites that resolve and contain commercial content ("This is one of the reasons for keeping whois data public for commercial entities.").

What is actually being proposed?

Best,
Paul


-----Original Message-----
From: Kiran Malancharuvil [mailto:Kiran.Malancharuvil at markmonitor.com<mailto:Kiran.Malancharuvil at markmonitor.com>]
Sent: Tuesday, May 13, 2014 8:31 AM
To: McGrady, Paul D.
Cc: John Horton; gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
Subject: Re: [Gnso-ppsai-pdp-wg] Commercial Use - White Paper

Paul, we've discussed that as well. With the input from several of our clients that engage in this as a best practice, we understand that a pre-launch website would be able to utilize p/p because it is not yet engaging in commercial activity. Once the product/service goes live and is an active offering, it can drop the veil so-to-speak.

K

Kiran Malancharuvil
Internet Policy Counselor
MarkMonitor
415-419-9138<tel:415-419-9138> (m)

Sent from my mobile, please excuse any typos.

> On May 12, 2014, at 5:27 PM, "McGrady, Paul D." <PMcGrady at winston.com<mailto:PMcGrady at winston.com>> wrote:
>
> Thanks Kiran.  Thanks Bob.
>
> The other side of the balancing act on this is, of course, the legitimate need for commercial entities to have access to proxy services.  For example, a brand owner who is trying to roll out a new brand and attempting to secure the corresponding domain names in advance of their first trademark filing in order to cut down on the amount of cybersquatting.
>
> Best,
> Paul
>
>
> -----Original Message-----
> From: Kiran Malancharuvil [mailto:Kiran.Malancharuvil at markmonitor.com<mailto:Kiran.Malancharuvil at markmonitor.com>]
> Sent: Tuesday, May 13, 2014 8:25 AM
> To: McGrady, Paul D.
> Cc: John Horton; gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>
> Subject: Re: [Gnso-ppsai-pdp-wg] Commercial Use - White Paper
>
> Paul,
>
> Agree with Bob. No one expects them to be honest but with the new verification requirements, they will lose the domain name.
>
> K
>
> Kiran Malancharuvil
> Internet Policy Counselor
> MarkMonitor
> 415-419-9138<tel:415-419-9138> (m)
>
> Sent from my mobile, please excuse any typos.
>
> On May 12, 2014, at 4:58 PM, "McGrady, Paul D." <PMcGrady at winston.com<mailto:PMcGrady at winston.com><mailto:PMcGrady at winston.com<mailto:PMcGrady at winston.com>>> wrote:
>
> John,
>
> Setting aside for a moment the specific example below, the part I don't completely understand is why we think that a domain name owner who is using the domain name for a blatantly illegal purpose without regard for the law will somehow be inclined to provide accurate information in their WHOIS records if they are not allowed to contract for a proxy service.
>
> Thanks in advance for your thoughts.
>
> Best,
> Paul
>
>
> Paul D. McGrady Jr.
>
> Partner
>
> Chair, Trademark, Domain Names and Brand Enforcement Practice
>
> Winston & Strawn LLP
> 35 W. Wacker Drive
> Chicago, IL 60601-9703
>
> D: +1 (312) 558-5963<tel:%2B1%20%28312%29%20558-5963>
>
> F: +1 (312) 558-5700<tel:%2B1%20%28312%29%20558-5700>
>
> Bio<http://www.winston.com/en/who-we-are/attorneys/mcgrady-paul-d.html> | VCard<http://www.winston.com/vcards/996.vcf> | Email<mailto:pmcgrady at winston.com<mailto:pmcgrady at winston.com>> | winston.com<http://winston.com><http://www.winston.com>
>
> <image001.jpg>
>
>
> From: gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org><mailto:gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org>> [mailto:gnso-ppsai-pdp-wg-bounces at icann.org<mailto:gnso-ppsai-pdp-wg-bounces at icann.org>] On Behalf Of John Horton
> Sent: Tuesday, May 13, 2014 5:40 AM
> To: gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org><mailto:gnso-ppsai-pdp-wg at icann.org<mailto:gnso-ppsai-pdp-wg at icann.org>>
> Subject: Re: [Gnso-ppsai-pdp-wg] Commercial Use - White Paper
>
> Hi all,
>
> Following up on the white paper that Libby Baney just circulated, and as we wrap up our discussion regarding distinguishing between commercial and non-commercial use, I thought it might be helpful to provide a concrete example of a domain name that (I trust we can all agree) is being used for commercial purposes. Perhaps we can collectively think through whether it makes sense for this domain name to be afforded privacy protection. For simplicity, I am only using one domain name as an example, but there are thousands like this in our database alone. I hope that a concrete example will be helpful to the discussion.
>
> Let's take the domain name medsindia.com<http://medsindia.com><http://medsindia.com>. First, as you can verify with a Whois query, it is using proxy/privacy services.
>
> Registrant Name: General (c/o Rebel.com<http://Rebel.com> Privacy Service) Registrant Organization: Private Domain Services Registrant Street: 300-12 York Street Registrant City: Ottawa Registrant State/Province: ON Registrant Postal Code: K1N 5S6 Registrant Country: CA Registrant Phone: +1.866-497-3235<tel:%2B1.866-497-3235><tel:%2B1.866-497-3235<tel:866-497-3235>>
> Registrant Phone Ext:
> Registrant Fax:
> Registrant Fax Ext:
> Registrant Email: IVP1JQKYRM3LQED1 at rebelprivacy.com<mailto:IVP1JQKYRM3LQED1 at rebelprivacy.com><mailto:IVP1JQKYRM3LQED1 at rebelprivacy.com<mailto:IVP1JQKYRM3LQED1 at rebelprivacy.com>>
>
> How is it being used? It's fairly straightforward: it sells addictive (controlled substances) and other prescription drugs without a valid prescription. But that's not all:
>
>  *   As noted, it sells prescription drugs, including controlled substances, without requiring a valid prescription.
>  *   The drugs are not sold by a pharmacy licensed or otherwise recognized in the patient's jurisdiction, as is the standard requirement.
>  *   The drugs are considered unapproved or falsified, depending on the regulatory language in the jurisdiction. Part of the reason is that they are illegally imported into the customers' jurisdiction and thus unregulated for safety or authenticity.
> To be clear, this domain name is not being used for legal commercial purposes in any jurisdiction. (Despite its claim to be using a licensed pharmacy in India, not even in India, for reasons I can explain separately if anyone wants to know.) I choose this domain name because I do not think its unlawful or dangerous use can be disputed. I would further argue that the use of the p/p protection allows the unlawful actor to continue operating, as I explain below.
>
> Being privacy protected, of course, we can't immediately tell who is operating the website. Can we get law enforcement or courts in the registrar's jurisdiction to do anything -- e.g., go to the registrar and ask or require them to reveal the identity of the registrant? No. Try to buy a drug such as Xanax from this website. This Internet pharmacy will ship anywhere in the world except to Canada -- where its registrar and servers are located. To protect its ability to sell drugs globally, the registrant has sacrificed sales to a single country, and chosen a registrar and servers there, to create a safe haven. Consequently, Canadian law enforcement cannot point to a violation of Canadian law: no drugs are being shipped into Canada -- just everywhere else around the world. (Which, we can infer, is why this registrant removed Canada from their shipping destinations.) And, the reverse is true -- a court order or law enforcement request from outside of Canada can simply be ignored by the registrar and server companies in Canada. Those who have argued that the best way to deal with p/p use by illegal actors is simply to get a court order are not accounting for this quite common scenario.
>
> Being able to hide their identity in the Whois record is also the perfect set up for another reason: many registrars have said in the past that they only way that they can (or perhaps, will) take action on a domain name is if the Whois record is falsified. But how would we know? It is privacy protected. That removes the WDPRS as a mechanism for dealing with abusive behavior.
>
> Does this commercial registrant have a legitimate need for p/p services? I would argue that that is not the question to be answered. The question is: Does a consumer, consumer protection firm, government agency, etc. have the right to know who is operating this website? I would submit to this group that it is incumbent upon us to recommend a thoughtful, balanced policy that prevents this sort of "perfect set up" for Internet criminals to hide their identity as this one has. Keep in mind that, as pointed out in the circulated paper, no such right exists in the offline world -- rather, consumers have the right to know who they are dealing with. Ample requirements exist for business registrations to do business transparently. There should be no difference in the online world.
>
> Finally, recall that the Affirmation of Commitments (AoC) requires "timely, unrestricted and public access to accurate and complete WHOIS information." The AoC goes on to state that WHOIS policy and its implementation needs to meet "the legitimate needs of law enforcement and promote consumer trust." I ask the group, is ICANN fulfilling its commitment, not only to law enforcement but especially to promote consumer trust, if it allows websites like this to continue using p/p services?
>
> Thank you for your consideration.
>
> John Horton
> President, LegitScript
> [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257dc6dfc34.png]
>
>
>
> Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com>  |  Facebook<https://www.facebook.com/LegitScript>  |  Twitter<https://twitter.com/legitscript>  |  YouTube<https://www.youtube.com/user/LegitScript>  |  Blog<http://blog.legitscript.com>  |  Google+<https://plus.google.com/112436813474708014933/posts>
>
> On Mon, May 12, 2014 at 11:40 PM, Libby Baney <libby.baney at fwdstrategies.com<mailto:libby.baney at fwdstrategies.com><mailto:libby.baney at fwdstrategies.com<mailto:libby.baney at fwdstrategies.com>>> wrote:
> All --
>
> I appreciate the dialogue the group has begun regarding WHOIS transparency for entities engaged in commercial activity. With the hope of encouraging discussion on the merits of the issue, I am pleased to share the attached white paper: Commercial Use of Domain Names: An Analysis of Multiple Jurisdictions.
>
> As you'll see, the paper addresses the following question: Should domain name registrants who sell products or services on their websites should be able to conceal their identity and location in the domain name registration? The paper argues that they should not. Rather, the authors find that requiring domain name registrants engaged in commercial activity to provide transparent WHOIS information falls squarely in line both with ICANN's commitment to Internet users and existing global public policy to keep businesses honest and consumers safe. Accordingly, the paper recommends an approach that balances personal privacy and consumer protection rights. On the one hand, domain names used for non-commercial purposes (e.g., personal blogs) should, the authors believe, be permitted to utilize privacy or proxy registration. This reflects a fundamental right to privacy of domain name registrants not engaged in commerce. However, the authors do not believe the same right exists for registrants of websites engaged in commerce - a conclusion borne out by our research.
>
> It goes without saying that this group is divided on the issue of requiring WHOIS transparency for sites engaged in commercial activity. As some in the PPSAI WG have commented, these issues may be complicated but they nonetheless merit our full consideration. We hope the attached white paper stimulates further thinking and group discussion on the issues.
>
> I look forward to continuing the discussion tomorrow.
>
> Libby
>
> --
> Libby Baney, JD
> President
> FWD Strategies International
> www.fwdstrategies.com<http://www.fwdstrategies.com><http://www.fwdstrategies.com>
> P: 202-499-2296<tel:202-499-2296><tel:202-499-2296<tel:202-499-2296>>
>
>
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org><mailto:Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>>
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
>
>
> The contents of this message may be privileged and confidential. Therefore, if this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. ****************************************************************************** Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under the Internal Revenue Code of 1986, as amended.
> _______________________________________________
> Gnso-ppsai-pdp-wg mailing list
> Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org><mailto:Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>>
> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
> The contents of this message may be privileged and confidential. Therefore, if this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. ****************************************************************************** Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under the Internal Revenue Code of 1986, as amended.
The contents of this message may be privileged and confidential. Therefore, if this message has been received in error, please delete it without reading it. Your receipt of this message is not intended to waive any applicable privilege. Please do not disseminate this message without the permission of the author. ****************************************************************************** Any tax advice contained in this email was not intended to be used, and cannot be used, by you (or any other taxpayer) to avoid penalties under the Internal Revenue Code of 1986, as amended.




_______________________________________________

Gnso-ppsai-pdp-wg mailing list

Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>

https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg


_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg at icann.org<mailto:Gnso-ppsai-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/attachments/20140513/120e50d8/attachment-0001.html>

More information about the Gnso-ppsai-pdp-wg mailing list