[Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED]

Smith, Bill bill.smith at paypal-inc.com
Thu Sep 1 16:20:52 UTC 2011 

Comments inline below:

On Aug 19, 2011, at 5:03 PM, James M. Bladel wrote:

Peter, Emily, and Team:

Thanks for getting this thread started.  I have numerous comments on this chapter, and have organized them in to two categories (below).  I look forward to a longer discussion of this (and other) chapters between now and our meeting in MdR.

Thanks--

J.



Concerns with the Approach:
*  This chapter represents an unbalanced perspective of the Privacy/Proxy issue.  It emphasizes the views of governments, law enforcement, and others opposed to P&P services, while marginalizing the positions of those supporting, offering, or using these services.

<wcs>

Have we received comments supporting those positions? Specifics?

</wcs>


*  It proceeds from the default LE & Gov't position that some registrants, under certain conditions, have legitimate needs for privacy.  While the civil tradition in most democracies (and on the Internet) is that privacy is a right enjoyed by everyone unless/until their conduct abuses this.

<wcs>

As I pointed out in my comments on Milton Mueller's paper, privacy is not absolute. When one registers a business, a car, to practice certain trades, identifying information must be displayed to the public or provided to a member of the public on request (in the case of an auto accident(.

Tradition in the "real world" is mixed, depending on the *choices* one makes (to register a car, to operate a business, to practice a trade). In the virtual world, as evidenced by the RFCs Mueller references indicates tradition should be that public disclosure of identifying information is the norm.

</wcs>


*  The ICANN Policy that resolves conflicts between WHOIS requirements and local law is a protection for Registries and Registrars---not for Registrants.  For Registrants, their only option to enhanced privacy protection (beyond that required by their local laws) is to engage a P&P service.

*  It is not appropriate to cite a 2009 study by ICANN without noting that more specific studies have been approved by the Board (at Singapore) and may or may not be completed in time for their findings to be referenced by this report.

<wcs>

Respectfully, I disagree. We presently have facts. Current or future studies that might offer a different set of facts are not our concern.

</wcs>


*  It is not appropriate to cite a study by Knujon, or any other commercially-interested third-party that is engaged in the promotion of their products & services.

<wcs>

If broadly applied, we would be unable to include any studies, papers, etc. For example, ICANN is itself "commercially-interested" even though it is a non-profit. Without the fees it receives from registrations, it would cease to exist. Martin Mueller is similarly commercially interested; his current livelihood is dependent on Internet Governance and controversies surrounding it.

</wcs>


*  The quotes by Law Enforcement do not include those who have neutral or uncritical views of P&P services, or those in LE who frequently and publicly make the distinction between the "good" or "model" P&P operators, versus the "bad actors."

<wcs>

You should feel free to solicit them.

</wcs>


*  Proxy registrations do not "hide" or "shield" registrant contact data. The proxy service IS the registrant.  Law Enforcement & Gov'ts and other interested parties are, in effect, demanding disclosure of the business relationship between the Proxy provider and its customer(s).


Concerns with the Recommendations:

*  Overall:  Many of these recommendations exceed "Policy Review" and fall in to the realm of "Policy Recommendation."

*  Rec #1: Because it is not a regulator, ICANN cannot prohibit services offered by firms with which it does not have a contract.  And it cannot compel business to enter in to contracts unless there is a clear incentive for them to do so.

*  Rec #2: ICANN could offer a voluntary accreditation program for P&P providers.  But it would by necessity be a voluntary program, so there should be clear benefits for P&P providers to gain ICANN accreditation, and clear benefits for registrars to use accredited P&P services.

* Rec #3: Accredited Registrars could use Accredited P&P Providers, presuming they were -aware- when a non-accredited service was being used.  For example, if I contact my lawyer and ask him to register a domain name on my behalf, I do not expect the registrar to know that the lawyer is functioning as a Proxy for me in this example.

*  Rec #4: It is not within ICANN's mission to examine how a domain name is used.  Domain names are not synonymous with websites.  Registrars are often, but not necessarily, the web content hosts for the names they manage. As an organization, ICANN is and must remain "content neutral."

*  Rec #5 - #7: These recommendations seem to ouline the charter of a desired Policy Development Process (PDP), which is beyond the remit of this review team.




-------- Original Message --------
Subject: Re: [Rt4-whois] Report input - privacy/proxy 'gaps'
[SEC=UNCLASSIFIED]
From: Emily Taylor <emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>>
Date: Wed, August 17, 2011 6:17 am
To: "Nettlefold, Peter" <Peter.Nettlefold at dbcde.gov.au<http://Peter.Nettlefold@dbcde.gov.au/>>
Cc: "rt4-whois at icann.org<mailto:rt4-whois at icann.org>" <rt4-whois at icann.org<mailto:rt4-whois at icann.org>>

Dear Peter,

Many thanks for your work on this draft.  I really like the way that you have based your commentary on a bottom-up analysis of what the comments said.  It shows that we have been listening to, and carefully analysing the inputs that people have taken the trouble to give us.

I'm sure we'll be discussing it on today's call, and it's a pity that the scheduling prevents you joining us.  I hope we will be able to have you on our next call after this one, and we'll ensure that we have a good turn out.

My question in reading the proxy/privacy section is - apart from NCUC which you referenced - did we have contrary views.  We have a lot of references from law enforcement and IP constituency, but nothing at all from registry/registrars or NCUC apart from that one quote.  I'm keen to ensure that we present a balanced view of the inputs received, because it will give a range of views.

All - please can we look out our notes of our face-to-face meetings.   I for one took away a strong message from our call with the IPC that they had *good* experiences of data release from a number of the larger providers, and (while in a perfect world they may not want proxy/privacy services) were able to live with them if they could have a predictable outcome.  This is well captured in one of the recommendations, but doesn't quite come through in the supporting text yet.

For the more radical recommendations - I'm not sure that I heard them being asked for, even by the communities that you would expect to support them, and therefore we need much more argumentation in the text to justify some of the recommendations (if, indeed, the team can reach consensus on them).

Thank you again for a thorough and thoughtful piece of work Peter.  It provides us with an excellent first draft on which to focus our discussions.

Kind regards

Emily

Kind regards

Emily


On 17 August 2011 10:16, Mikhail Yakushev <m.yakushev at corp.mail.ru<mailto:m.yakushev at corp.mail.ru>> wrote:
Dear Peter, colleagues,
I have carefully reviewed Peter’s draft and mostly agree with the provided analysis.  I also would mostly agree with the suggested recommendations – but I think we need to discuss each of them separately to achieve the highest possible level of consensus within our team.
Kind regards,
Michael

From: rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org>] On Behalf Of Nettlefold, Peter
Sent: Tuesday, August 16, 2011 11:48 AM
To: rt4-whois at icann.org<mailto:rt4-whois at icann.org>
Subject: [Rt4-whois] Report input - privacy/proxy 'gaps' [SEC=UNCLASSIFIED]

Hello all,

Attached is the first section of the draft ‘gaps’ chapter, for review and comment.

As you’ll see, this section covers accessibility and privacy issues, and it still has some gaps.

I’ve also drafted and included some recommendations on this issue, building on the public and law enforcement input and our own discussions. I hope these are helpful.

As you’ll see, I’ve drawn a distinction between proxy and privacy services in the draft chapter, and this will need some further work (but I didn’t want to delay getting this out to you any further while I worked on this). I’ve tried to unpack this distinction in the draft chapter, but also wanted to also explain my thinking to you.

The main challenge identified by responses to our consultation processes, and in our own discussions, is to find a way to balance any legitimate privacy concerns with the interests of other stakeholders. The position I’ve put forward in the draft chapter is that this can be achieved through the regulated use of privacy services (i.e. services that make the identity of the registrant known, but limit availability to other personal data – at least in the first instance). Proxy services, which replace the name of the registrant with that of another entity, are quite different in nature, and I think that these services raise serious questions about ICANN’s ability to enforce its AoC obligations.

I have drafted the chapter with this distinction in mind, although some parts of the argument need a bit more work.

I’m aiming to circulate the next section of the draft chapter - on accuracy - in a day or two, and the section on compliance shortly after that.

Unfortunately the next call is now scheduled for 1am my time, so I won’t be attending.

I look forward to discussing this further as we work towards our Marina del Ray meeting.

Cheers,

Peter



-------------------------------------------------------------------------------
The information transmitted is for the use of the intended recipient only and may contain confidential and/or legally privileged material. Any review, re-transmission, disclosure, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited and may result in severe penalties.

If you have received this e-mail in error please notify the Security Advisor of the Department of Broadband, Communications and the Digital Economy, 38 Sydney Ave, Forrest ACT 2603, telephone (02) 6271-1376 and delete all copies of this transmission together with any attachments.

Please consider the environment before printing this email.

-------------------------------------------------------------------------------

_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois




--


   [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif]



76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>

www.etlaw.co.uk<http://www.etlaw.co.uk/>

Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.

________________________________
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois

More information about the Rt4-whois mailing list