[Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED]

Nettlefold, Peter Peter.Nettlefold at dbcde.gov.au
Mon Aug 22 06:42:11 UTC 2011 

Hello again all,

Attached is a revised draft to fill out some of the more obvious gaps (including the argument around proxy services, and the references to ICANN’s consensus procedure), and to address some of the points raised by James.

There is clearly still more work to be done to balance the argument in places, and to incorporate diverse/alternate viewpoints, but I hope this revised version addresses some of the gaps and questions about the positions.

I’ve also inserted responses to James’ comments below, and would be welcome further comments on how to take this issue forward.

Cheers,

Peter



From: James M. Bladel [mailto:jbladel at godaddy.com]
Sent: Saturday, 20 August 2011 10:03 AM
To: Emily Taylor
Cc: rt4-whois at icann.org; Nettlefold, Peter
Subject: RE: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED]

Peter, Emily, and Team:

Thanks for getting this thread started.  I have numerous comments on this chapter, and have organized them in to two categories (below).  I look forward to a longer discussion of this (and other) chapters between now and our meeting in MdR.

Thanks--

J.



Concerns with the Approach:
*  This chapter represents an unbalanced perspective of the Privacy/Proxy issue.  It emphasizes the views of governments, law enforcement, and others opposed to P&P services, while marginalizing the positions of those supporting, offering, or using these services.
I agree that more balance is needed. I simply did not have time to build in more viewpoints in the first draft.

*  It proceeds from the default LE & Gov't position that some registrants, under certain conditions, have legitimate needs for privacy.  While the civil tradition in most democracies (and on the Internet) is that privacy is a right enjoyed by everyone unless/until their conduct abuses this.
I don’t believe that there is a default LE and government position as such. Both of James’ formulations suggest that privacy is important and should be acknowledged. The draft chapter also acknowledges this. However, it is also important to acknowledge that choosing to participate in certain public processes often requires a degree of public disclosure and visibility.

*  The ICANN Policy that resolves conflicts between WHOIS requirements and local law is a protection for Registries and Registrars---not for Registrants.  For Registrants, their only option to enhanced privacy protection (beyond that required by their local laws) is to engage a P&P service.
The ICANN consensus procedure is to resolve conflicts with national privacy laws. These laws protect people’s privacy, including registrants. I agree that privacy services may offer additional comfort, and the draft chapter recommends extending privacy protections beyond the consensus procedure, through the use of regulated privacy services.

*  It is not appropriate to cite a 2009 study by ICANN without noting that more specific studies have been approved by the Board (at Singapore) and may or may not be completed in time for their findings to be referenced by this report.
I agree, and expect that the ongoing studies could be acknowledged either here or elsewhere in the report. However, it seems that no results from these studies will be available to inform our work. Plans for future studies do not diminish the relevance of the 2009 study.

*  It is not appropriate to cite a study by Knujon, or any other commercially-interested third-party that is engaged in the promotion of their products & services.
I disagree. Many if not all respondents to our discussion paper have vested interests, and I expect that we will be happy to quote their views (I certainly have in the draft). If there are problems with the methodology or other questions about a particular study, or a need to otherwise caveat our references to a third-party study, then that is a different matter and I would entirely agree. But I can see no reason to dismiss a study out of hand because of a bias against a particular stakeholder.

*  The quotes by Law Enforcement do not include those who have neutral or uncritical views of P&P services, or those in LE who frequently and publicly make the distinction between the "good" or "model" P&P operators, versus the "bad actors."
I agree that more balance could always be included.

*  Proxy registrations do not "hide" or "shield" registrant contact data. The proxy service IS the registrant.  Law Enforcement & Gov'ts and other interested parties are, in effect, demanding disclosure of the business relationship between the Proxy provider and its customer(s).
I agree (with the first two sentences). However, several respondents to the discussion paper suggested that a distinction between the ‘proxy-as-registrant’ and the ‘underlying/licensed-registrant’ was being gamed and exploited. I agree that ICANN can’t ‘ban’ proxy services, and accept that it can’t be expected to even know about every side agreement with third parties.

I think the confusion arises by ICANN trying to acknowledge ‘proxy services’ in the first place. Once someone becomes a registrant, then they should accept all the rights and responsibilities that come with that. If they have an agreement with another party for some reason, then this should have no effect on their rights and responsibilities as a registrant from ICANN’s perspective. This is what I was trying to suggest – i.e. similar to Nominet’s approach, that ICANN simply not acknowledge them as anything other than the actual registrant, and hence remove the gaming and legal uncertainty that arises from that recognition.

With this in mind, I’ve redrafted some text and recommendations in the revised chapter, as James’ points have highlighted ways to improve the wording.


Concerns with the Recommendations:

*  Overall:  Many of these recommendations exceed "Policy Review" and fall in to the realm of "Policy Recommendation."

*  Rec #1: Because it is not a regulator, ICANN cannot prohibit services offered by firms with which it does not have a contract.  And it cannot compel business to enter in to contracts unless there is a clear incentive for them to do so.

*  Rec #2: ICANN could offer a voluntary accreditation program for P&P providers.  But it would by necessity be a voluntary program, so there should be clear benefits for P&P providers to gain ICANN accreditation, and clear benefits for registrars to use accredited P&P services.

* Rec #3: Accredited Registrars could use Accredited P&P Providers, presuming they were -aware- when a non-accredited service was being used.  For example, if I contact my lawyer and ask him to register a domain name on my behalf, I do not expect the registrar to know that the lawyer is functioning as a Proxy for me in this example.

*  Rec #4: It is not within ICANN's mission to examine how a domain name is used.  Domain names are not synonymous with websites.  Registrars are often, but not necessarily, the web content hosts for the names they manage. As an organization, ICANN is and must remain "content neutral."

*  Rec #5 - #7: These recommendations seem to ouline the charter of a desired Policy Development Process (PDP), which is beyond the remit of this review team.



-------- Original Message --------
Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps'
[SEC=UNCLASSIFIED]
From: Emily Taylor <emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>>
Date: Wed, August 17, 2011 6:17 am
To: "Nettlefold, Peter" <Peter.Nettlefold at dbcde.gov.au<http://Peter.Nettlefold@dbcde.gov.au>>
Cc: "rt4-whois at icann.org<mailto:rt4-whois at icann.org>" <rt4-whois at icann.org<mailto:rt4-whois at icann.org>>

Dear Peter,

Many thanks for your work on this draft.  I really like the way that you have based your commentary on a bottom-up analysis of what the comments said.  It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us.

I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us.  I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out.

My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views.  We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote.  I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views.

All - please can we look out our notes of our face-to-face meetings.   I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome.  This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet.

For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them).

Thank you again for a thorough and thoughtful piece of work Peter.  It provides us with an excellent first draft on which to focus our discussions.

Kind regards

Emily

Kind regards

Emily

On 17 August 2011 10:16, Mikhail Yakushev <m.yakushev at corp.mail.ru<mailto:m.yakushev at corp.mail.ru>> wrote:
Dear Peter, colleagues,
I have carefully reviewed Peter’s draft and mostly agree with the provided analysis.  I also would mostly agree with the suggested recommendations – but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team.
Kind regards,
Michael

From: rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org>] On Behalf Of Nettlefold, Peter
Sent: Tuesday, August 16, 2011 11:48 AM
To: rt4-whois at icann.org<mailto:rt4-whois at icann.org>
Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED]

Hello all,

Attached is the first section of the draft ‘gaps’ chapter, for review and comment.

As you’ll see, this section covers accessibility and privacy issues, and it still has some gaps.

I’ve also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful.

As you’ll see, I’ve drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn’t want to delay getting this out to you any further while I worked on this). I’ve tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you.

The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I’ve put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data – at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN’s ability to enforce its AoC obligations.

I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work.

I’m aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that.

Unfortunately the next call is now scheduled for 1am my time, so I won’t be attending.

I look forward to discussing this further as we work towards our Marina del Ray meeting.

Cheers,

Peter



-------------------------------------------------------------------------------
The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties.

If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments.

Please consider the environment before printing this email.

-------------------------------------------------------------------------------

_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois



--


   [cid:~WRD259.jpg]


76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>

www.etlaw.co.uk<http://www.etlaw.co.uk>

Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.

________________________________
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois


-------------------------------------------------------------------------------


The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties.


If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments.


Please consider the environment before printing this email.


-------------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20110822/0960ab47/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD259.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD259.jpg
Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110822/0960ab47/WRD259.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Final Report - privacy proxy version 2.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 45205 bytes
Desc: Final Report - privacy proxy version 2.docx
Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20110822/0960ab47/FinalReport-privacyproxyversion2.docx

More information about the Rt4-whois mailing list