[Rt4-whois] FW: Reviewing proxy/privacy ideas [SEC=UNCLASSIFIED]
Kathy Kleiman
kathy at kathykleiman.com
Wed Oct 12 17:58:17 UTC 2011
Hi Peter, Emily and All,
I have been giving this a lot of thought too. I have also been doing
some research, and although I have been deeply embedded in the
proxy/privacy issue for some time, there is still so much I don't know!
Here are some of my thoughts:
1) I think you are right in dividing privacy from proxy from privacy
registrations. As you wrote, and as Emily has written below in her
recent email, proxy and privacy services (although spoken in the same
breath) are different. I think our WRT Report can play an important
role in laying out the differences, and sharing why, to us, these
differences result in very clear and differing obligations and
responsibilities.
2) I don't think you restrict privacy services to natural persons. As we
have discussed in our meetings, there are many political organizations,
religious groups and even commercial companies that claim privacy
rights, and have legitimate reasons for not wanting to disclose a
physical address. What I do think we can encourage the ICANN Community
to develop is a series of guidelines for appropriate disclosure of the
underlying data to law enforcement and others (called "Reveal" in ICANN
parlance). (I also think the ICANN Community can develop a series of
guidelines for appropriate practices for passing on information to the
registrant at his/her/its address or email to notify them of all legal
proceedings, inquiries to purchase the domain name, etc. -- this might
defuse a lot of the existing tensions ("Relay" in ICANN parlance).
3) I do like the idea of best practices for privacy providers.
4) After great thought, and debate with several people on the Team (tx
you!), I agree with you about proxy providers. I think your #7 is
probably right: that "ICANN should claify that the full rights and
responsibilities of a registrant accrue to the entity identified as the
registrant." There does not seem to be any other way to do it.
5) An additional point: Education. perhaps we can use our
recommendations to encourage clearer education of registrants, the ICANN
Community, and the greater Law Enforcement, Commercial and other
Communities. We can lay out the difference of proxy and privacy
providers, and ways the choice of privacy or proxy might impact the
registrants, and parties seeking the registrant.
6) One more additional point: Tiered Access. I don't know if we should
get into this, but the Whois protocol can be modernized and updated to
include levels of access for data -- e.g., privacy of addresses and
telephone numbers -- and then provide access to those who a) identify
themselves, and b) meet the criteria for access, e.g., law enforcement.
In this case, the Whois information is held by registrar and registries,
and thus much closer to ICANN. It is also far cheaper for registrants
(who are currently paying more for their privacy services per year than
their domain name, in many cases). Finally, it open future options for
the registries and registrars to manage access to the data -- perhaps
pursuant to rules ICANN might someday create. The current Whois protocol
can't provide this service, but others can (Restful DNS, etc). Perhaps
a win-win?
Best and tx for all of your leadership in this area, Peter!
Kathy
<< From Emily:
Hi Peter
>
> Thanks for reviving this discussion.
>
> I've been mulling over privacy proxy recommendations, that would be
> suitable and not pre-empt the findings of studies.
>
> I think that a route might be to go back to the first principles in
> the contract.
>
> 1. Proxies are the registrant. Therefore they take the heat if
> there's any problem with the domain name, and the onus/responsibility
> is on them to prove that there is another party who should be blamed
> in a timely way.
>
> 2. Privacy registrations - on the face of it, these are inaccurate,
> and therefore the domain becomes subject to cancellation if the true
> registration details are not revealed in a timely manner.
>
> So, the policies are there, the contractual powers are there. There
> needs to be more responsiveness on the part of registrars in
> cancelling/amending/revealing underlying details where there's a problem.
>
> Thoughts?
>
> Best,
>
> Emily
>
> On 11 October 2011 05:49, Nettlefold, Peter
> <Peter.Nettlefold at dbcde.gov.au <mailto:Peter.Nettlefold at dbcde.gov.au>>
> wrote:
>
> Hi Kathy,
>
> I wanted to follow up the conversation about proxy services that
> we began in MDR.
>
> In particular, I wanted to ask about what you meant by the
> recommendation:
>
> 'Registrars may not knowingly use for their own registrations, or
> register the domain names of p/p service providers who do not have
> contracts with them'
>
> I'm assuming that a registrar has a contract with every registrant
> as a matter of course, so I take it that this is referring to
> having up front contracts with p/p providers? My question is would
> this be separate to a global ICANN p/p accreditation or
> registration scheme?
>
> My first intent here is to be really clear on what is intended.
> Secondly, I wonder if it would be more efficient and effective to
> have this kind of approach run in conjunctions with an ICANN
> accreditation scheme - i.e. ICANN would accredit p/p providers in
> a similar way that it does registrars, and any registrar could
> then do business with those providers? Otherwise, couldn't we
> would be faced with a range of issues, including registrars
> potentially signing contracts with themselves (or their
> subsidiaries, affiliates etc) to serve as p/p providers?
>
> I'm still looking forward to feedback from other team members on
> the question of whether proxy services should be recognised by
> ICANN, but wanted to discuss your proposals in the interim.
>
> Cheers,
>
> Peter
>
>
>
>
> From: "kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com><mailto:kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com>>" <kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com><mailto:kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com>>>
> Subject: [Rt4-whois] Reviewing proxy/privacy ideas
> Date: September 21, 2011 7:26:51 AM PDT
> To: RT4 WHOIS <rt4-whois at icann.org
> <mailto:rt4-whois at icann.org><mailto:rt4-whois at icann.org
> <mailto:rt4-whois at icann.org>>>, Sharon Lemon
> <sharonchallis at aol.com
> <mailto:sharonchallis at aol.com><mailto:sharonchallis at aol.com
> <mailto:sharonchallis at aol.com>>>
> Reply-To: "kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com><mailto:kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com>>" <kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com><mailto:kathy at kathykleiman.com
> <mailto:kathy at kathykleiman.com>>>
>
> Hi All,
> After good food and great company last night, I awoke with some
> new ideas regarding proxy/privacy service providers.
> What we know:
> - Not too much. Proxy/privacy providers (p/p) are not
> something we have studied closely. We know that many people,
> including very experienced Net users, do not have a clear
> distinction. They are generally used in the same voice at the same
> time.
> - We have no clear data about p/p. The upcoming GNSO
> studies will provide a) a study on reveal and relay requests to
> p/p providers, and b) a study of what percentage of "bad guys" are
> under p/p registration. We have only a study that says that 15-20%
> of domain names are under p/p, and an array of comments. We have
> not actual facts about p/p providers themselves.
>
> - Under US law, there is a strong protection of privacy
> and even anonymity in Free Speech, but "no tradition of anonymous
> commerce in the US." Let me quote the World Trademark Review,
> Aug/Sept 2011, article: "Why Trademark Owners Must lead the fight
> for accountability in e-commerce." ** "Clearly the First
> Amendment includes the right to speak anonymously. Moveover, the
> First Amendment places anonymous speech on the Internet on the
> same footing as other speech. As with other forms of expression,
> the ability to speak anonymously on the Internet promotes the
> robust exchange of ideas and allows individuals to express
> themselves without fear of economic or official retaliation or
> concern about social ostracism. The importance of the Internet to
> the expression of protected speech cannot be overstated..."
> Like the International Trademark Association, in some recent
> legislative work in the US, let's focus on the conduct we are most
> concerned about:
>
> - Domain names being used in conjunction with "goods or
> services advertised or sold at that [a] website." (International
> Trademark Association language as part of promoting a new US
> Statute for services of process to domain registrants whose data
> cannot be found - article above)
> For our WRT decisions, let's please not create confusion. The
> lines between p/p are difficult and unclear. Let's focus on
> conduct we know is out there and bounds that can be quickly
> established and are likely to help. ** Let me offer some
> reflections of yesterday. We all seem to agree that: **
> - WE CAN BIND P/P CLOSER TO REGISTRARS, thus a Draft
> Recommendation: Registrars may not knowingly use for their own
> registrations, or register the domain names of p/p service
> providers who do not have contracts with them; do not have clear
> agreements to gather accurate Whois data from registrants; do not
> have clear contractual obligations to Reveal the underlying
> registrant data when requested under law or pursuant to ICANN rules.
> - ICANN will rapidly establish a proceeding, with Law
> Enforcement and Consumer Communities, as well as privacy and free
> speech Official and Experts, to develop a set of Reveal and Relay
> rules for p/p providers, in conjunction with the ICANN Community.
> - Registrant Declaration: is the domain name being used
> for goods or services sold or advertised using the domain name
> (note: this includes not only websites, but emails and other forms
> of domain name use).
>
> (Note: the GNSO might want to wait to set up rules until soon
> after their $200,000+ studies are completed within the year)
>
>
> Overall, separating out p/p providers without much more work and
> very, very, very extensive education -- it will be very confusing
> to ICANN and the Internet public.
>
>
>
> Best, Kathy
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> <mailto:Rt4-whois at icann.org><mailto:Rt4-whois at icann.org
> <mailto:Rt4-whois at icann.org>>
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
>
>
> -------------------------------------------------------------------------------
>
> NOTICE: This email message is for the sole use of the intended
> recipient(s)
> and may contain confidential and privileged information. Any
> unauthorized
> review, use, disclosure or distribution is prohibited. If you are
> not the
> intended recipient, please contact the sender by reply email and
> destroy all
> copies of the original message.
>
> This message has been content scanned by the Axway MailGate.
> MailGate uses policy enforcement to scan for known viruses, spam,
> undesirable content and malicious code. For more information on
> Axway products please visit www.axway.com <http://www.axway.com>.
>
>
> -------------------------------------------------------------------------------
>
>
>
>
> --
>
>
>
>
> __
>
> 76 Temple Road, Oxford OX4 2EZ UK
> t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
> emily at emilytaylor.eu <mailto:emily at emilytaylor.eu>
>
> *www.etlaw.co.uk <http://www.etlaw.co.uk>*
>
> Emily Taylor Consultancy Limited is a company registered in England
> and Wales No. 730471. VAT No. 114487713.
>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111012/bcb967c5/attachment.html
More information about the Rt4-whois
mailing list