[Rt4-whois] FW: Reviewing proxy/privacy ideas [SEC=UNCLASSIFIED]
Seth M Reiss
seth.reiss at lex-ip.com
Wed Oct 12 19:25:52 UTC 2011
I see, the good stuff comes right before the conference call!
Clearly this is going to be one of the more interesting areas for our
report. I do like the simplicity of Emily's analysis and perhaps that could
be a beginning for the report discussion, i.e., breaking down the current
practice in terms of the requirements of the RAA.
The balance is arguably policy but nevertheless something I think we should
attempt to deal with, but carefully, in particular so that all options are
set forth logically in an even handed manner. To the extent we can achieve
consensus on some, that would be great. There may be certain
positions/recommendations that would apply to both proxy and privacy; and
others that would not. Some may feel that privacy is inapplicable to
non-commercial organizations and others not. Reaching consensus on all
recommendations may be unlikely but we should see how far we can get.
If we are going to introduce national legal requirements and bias' into this
section, and both US first amendment and EU data protection concepts have
potentially significant implications, then let's try to be non-geocentric
and also, if possible, mention national legal requirements from other parts
of the world to the extent we are aware of them.
Seth
From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On
Behalf Of Kathy Kleiman
Sent: Wednesday, October 12, 2011 7:58 AM
To: Emily Taylor
Cc: rt4-whois at icann.org
Subject: Re: [Rt4-whois] FW: Reviewing proxy/privacy ideas
[SEC=UNCLASSIFIED]
Hi Peter, Emily and All,
I have been giving this a lot of thought too. I have also been doing some
research, and although I have been deeply embedded in the proxy/privacy
issue for some time, there is still so much I don't know!
Here are some of my thoughts:
1) I think you are right in dividing privacy from proxy from privacy
registrations. As you wrote, and as Emily has written below in her recent
email, proxy and privacy services (although spoken in the same breath) are
different. I think our WRT Report can play an important role in laying out
the differences, and sharing why, to us, these differences result in very
clear and differing obligations and responsibilities.
2) I don't think you restrict privacy services to natural persons. As we
have discussed in our meetings, there are many political organizations,
religious groups and even commercial companies that claim privacy rights,
and have legitimate reasons for not wanting to disclose a physical address.
What I do think we can encourage the ICANN Community to develop is a series
of guidelines for appropriate disclosure of the underlying data to law
enforcement and others (called "Reveal" in ICANN parlance). (I also think
the ICANN Community can develop a series of guidelines for appropriate
practices for passing on information to the registrant at his/her/its
address or email to notify them of all legal proceedings, inquiries to
purchase the domain name, etc. -- this might defuse a lot of the existing
tensions ("Relay" in ICANN parlance).
3) I do like the idea of best practices for privacy providers.
4) After great thought, and debate with several people on the Team (tx
you!), I agree with you about proxy providers. I think your #7 is probably
right: that "ICANN should claify that the full rights and responsibilities
of a registrant accrue to the entity identified as the registrant." There
does not seem to be any other way to do it.
5) An additional point: Education. perhaps we can use our recommendations to
encourage clearer education of registrants, the ICANN Community, and the
greater Law Enforcement, Commercial and other Communities. We can lay out
the difference of proxy and privacy providers, and ways the choice of
privacy or proxy might impact the registrants, and parties seeking the
registrant.
6) One more additional point: Tiered Access. I don't know if we should get
into this, but the Whois protocol can be modernized and updated to include
levels of access for data -- e.g., privacy of addresses and telephone
numbers -- and then provide access to those who a) identify themselves, and
b) meet the criteria for access, e.g., law enforcement. In this case, the
Whois information is held by registrar and registries, and thus much closer
to ICANN. It is also far cheaper for registrants (who are currently paying
more for their privacy services per year than their domain name, in many
cases). Finally, it open future options for the registries and registrars to
manage access to the data -- perhaps pursuant to rules ICANN might someday
create. The current Whois protocol can't provide this service, but others
can (Restful DNS, etc). Perhaps a win-win?
Best and tx for all of your leadership in this area, Peter!
Kathy
<< From Emily:
Hi Peter
Thanks for reviving this discussion.
I've been mulling over privacy proxy recommendations, that would be suitable
and not pre-empt the findings of studies.
I think that a route might be to go back to the first principles in the
contract.
1. Proxies are the registrant. Therefore they take the heat if there's any
problem with the domain name, and the onus/responsibility is on them to
prove that there is another party who should be blamed in a timely way.
2. Privacy registrations - on the face of it, these are inaccurate, and
therefore the domain becomes subject to cancellation if the true
registration details are not revealed in a timely manner.
So, the policies are there, the contractual powers are there. There needs
to be more responsiveness on the part of registrars in
cancelling/amending/revealing underlying details where there's a problem.
Thoughts?
Best,
Emily
On 11 October 2011 05:49, Nettlefold, Peter <Peter.Nettlefold at dbcde.gov.au>
wrote:
Hi Kathy,
I wanted to follow up the conversation about proxy services that we began in
MDR.
In particular, I wanted to ask about what you meant by the recommendation:
'Registrars may not knowingly use for their own registrations, or register
the domain names of p/p service providers who do not have contracts with
them'
I'm assuming that a registrar has a contract with every registrant as a
matter of course, so I take it that this is referring to having up front
contracts with p/p providers? My question is would this be separate to a
global ICANN p/p accreditation or registration scheme?
My first intent here is to be really clear on what is intended. Secondly, I
wonder if it would be more efficient and effective to have this kind of
approach run in conjunctions with an ICANN accreditation scheme - i.e. ICANN
would accredit p/p providers in a similar way that it does registrars, and
any registrar could then do business with those providers? Otherwise,
couldn't we would be faced with a range of issues, including registrars
potentially signing contracts with themselves (or their subsidiaries,
affiliates etc) to serve as p/p providers?
I'm still looking forward to feedback from other team members on the
question of whether proxy services should be recognised by ICANN, but wanted
to discuss your proposals in the interim.
Cheers,
Peter
From: "kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>"
<kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>>
Subject: [Rt4-whois] Reviewing proxy/privacy ideas
Date: September 21, 2011 7:26:51 AM PDT
To: RT4 WHOIS <rt4-whois at icann.org<mailto:rt4-whois at icann.org>>, Sharon
Lemon <sharonchallis at aol.com<mailto:sharonchallis at aol.com>>
Reply-To: "kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>"
<kathy at kathykleiman.com<mailto:kathy at kathykleiman.com>>
Hi All,
After good food and great company last night, I awoke with some new ideas
regarding proxy/privacy service providers.
What we know:
- Not too much. Proxy/privacy providers (p/p) are not something we
have studied closely. We know that many people, including very experienced
Net users, do not have a clear distinction. They are generally used in the
same voice at the same time.
- We have no clear data about p/p. The upcoming GNSO studies will
provide a) a study on reveal and relay requests to p/p providers, and b) a
study of what percentage of "bad guys" are under p/p registration. We have
only a study that says that 15-20% of domain names are under p/p, and an
array of comments. We have not actual facts about p/p providers themselves.
- Under US law, there is a strong protection of privacy and even
anonymity in Free Speech, but "no tradition of anonymous commerce in the
US." Let me quote the World Trademark Review, Aug/Sept 2011, article: "Why
Trademark Owners Must lead the fight for accountability in e-commerce." **
"Clearly the First Amendment includes the right to speak anonymously.
Moveover, the First Amendment places anonymous speech on the Internet on the
same footing as other speech. As with other forms of expression, the ability
to speak anonymously on the Internet promotes the robust exchange of ideas
and allows individuals to express themselves without fear of economic or
official retaliation or concern about social ostracism. The importance of
the Internet to the expression of protected speech cannot be overstated..."
Like the International Trademark Association, in some recent legislative
work in the US, let's focus on the conduct we are most concerned about:
- Domain names being used in conjunction with "goods or services
advertised or sold at that [a] website." (International Trademark
Association language as part of promoting a new US Statute for services of
process to domain registrants whose data cannot be found - article above)
For our WRT decisions, let's please not create confusion. The lines between
p/p are difficult and unclear. Let's focus on conduct we know is out there
and bounds that can be quickly established and are likely to help. ** Let me
offer some reflections of yesterday. We all seem to agree that: **
- WE CAN BIND P/P CLOSER TO REGISTRARS, thus a Draft
Recommendation: Registrars may not knowingly use for their own
registrations, or register the domain names of p/p service providers who do
not have contracts with them; do not have clear agreements to gather
accurate Whois data from registrants; do not have clear contractual
obligations to Reveal the underlying registrant data when requested under
law or pursuant to ICANN rules.
- ICANN will rapidly establish a proceeding, with Law Enforcement
and Consumer Communities, as well as privacy and free speech Official and
Experts, to develop a set of Reveal and Relay rules for p/p providers, in
conjunction with the ICANN Community.
- Registrant Declaration: is the domain name being used for goods
or services sold or advertised using the domain name (note: this includes
not only websites, but emails and other forms of domain name use).
(Note: the GNSO might want to wait to set up rules until soon after their
$200,000+ studies are completed within the year)
Overall, separating out p/p providers without much more work and very, very,
very extensive education -- it will be very confusing to ICANN and the
Internet public.
Best, Kathy
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
----------------------------------------------------------------------------
---
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy
all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam,
undesirable content and malicious code. For more information on Axway
products please visit www.axway.com.
----------------------------------------------------------------------------
---
--
<http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif>
76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322
emily at emilytaylor.eu
www.etlaw.co.uk
Emily Taylor Consultancy Limited is a company registered in England and
Wales No. 730471. VAT No. 114487713.
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111012/f70bbd00/attachment.html
More information about the Rt4-whois
mailing list