From Peter.Nettlefold at dbcde.gov.au Mon Nov 28 01:29:45 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Mon, 28 Nov 2011 12:29:45 +1100 Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] In-Reply-To: <022c01ccac5a$21da4ad0$658ee070$@reiss@lex-ip.com> References: <636771A7F4383E408C57A0240B5F8D4A333E1F2F65@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E1F3D11@EMB01.dept.gov.au> <022c01ccac5a$21da4ad0$658ee070$@reiss@lex-ip.com> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333E24138E@EMB01.dept.gov.au> Hello all, Thanks to Susan and Seth for keeping this important conversation moving. It seems clear that this is one of the most difficult parts of our report, in part because we are having to consider and balance two important, high-profile and sometimes conflicting needs. I've put comments directly into your email Susan, in a different font and colour, to try to explain my thinking on your points. I've tried to do this as simply and clearly as possible, and hope that by being so direct we can get closer to the heart of the issue. I hope this explains where I'm coming from, and helps to move this conversation forward. Cheers, Peter From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Sunday, 27 November 2011 3:41 AM To: 'Susan Kawaguchi'; Nettlefold, Peter; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Susan If the chain of legal responsibilities were clarified, don't you think there would be an immediate chilling effect on the industry? Only those registrars willing to go out of business as a result of entering into a retail proxy relationship with a naughty registrant would continue the retail proxy practice. The responsible ones I would expect to stop the practice. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Friday, November 25, 2011 7:24 PM To: Nettlefold, Peter; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello Peter, I am not proposing to change the privacy service recommendations although I did use language from the agreed upon recommendation since I thought it was a good place to start. Also I do not understand why there is concern with regulating proxy registrations and no concern with regulating privacy registrations. To my mind, in important ways these two types of services are quite distinct. In the case of a privacy service, it should be clear from the WHOIS record (inaccuracy aside) who is legally responsible for a domain from the outset. There should be no question as to finding a responsible entity on who to serve notice etc, as this data is not hidden/withheld with a privacy service. What a privacy service should instead do is restrict sensitive personal information about that responsible entity from general public availability. With a proxy service, in the current regime, the identity of the responsible entity is not clear, and it appears that this aspect has been gamed or otherwise abused. It is also not clear to me what the situation would be even if this were more tightly regulated. As soon as we say, 'you're responsible, except...', it seems that we risk some form of uncertainty, delay and gaming. If we want to do that, we would need to be very careful about how we address those risks. I did raise this before the November 9th call but was not able to participate on that call so I understand your concern that is this may appear last minute. II have given this so much thought over the last 6 months and you saw how uncomfortable I was with not addressing the proxy issues in our discussions in Dakar. My concern with the 'last minute' issue is not that it hasn't come up (I hope I didn't suggest that), and as you know I am very interested to make sure we get this right. It's just that we're discussing actual text very late in the piece - and again, I want to make sure we get it right. I simply do not feel that recommending to ICANN that they completely ignore the proxy issue is the way we should be proceeding. I don't think we're proposing that ICANN 'ignore' proxies. We all acknowledge that they will likely exist in one form or another regardless of what we do: the question is on what basis. In Dakar, we agreed that we would recommend that ICANN not only remove the current provisions which endorse proxies, but also make an affirmative statement to clarify the legal chain of responsibilities - i.e. from ICANN's point of view, the buck stops with the registered name holder. Rather than ignoring, I would see this as saying something like: 'if you're out there doing this, ICANN sees you as legally responsible'. My aim with this recommendation is to target the proxy services run by a registrar. They have a direct contractual relationship with ICANN. The argument that we do not understand all the contractual agreements involved in a proxy service makes sense for deeply integrated proxy services where the registrant and service have agreed upon contractual elements. The "retail" proxy service which is offered to anyone who will pay and agreed to the TOS for the most part are owned or controlled by a registrar. Although, we have to be careful to not try and regulate any other business the registrar may enter into the proxy service directly relates to the most critical information of the domain name registration which should be controlled by ICANN. I'm interested in whether a 'retail' proxy service would continue to offer the same sorts of service if they were held responsible for the domain. What would a registrar do if a domain they had registered in their own name was used for criminal purposes, and the RAA no longer explicitly offered the option of pointing the finger elsewhere, but instead affirmatively stated that they were responsible? The NORC study estimates that proxy registrations may be used in as much as 25% of the .com registrations. That is a significant number. Currently, several registrars run proxy services that are responsive and professional. GoDaddy is the gold standard from my experience. They have very well defined processes and when you run into a proxy registration that is a concern I know exactly what I have to do to request the information. The registrant is protected but if they are acting badly then there is a standardized process for receiving the website owners information. Below I pulled out from your email "Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective." Clarifying the chain of legal responsibilities leaves little recourse for someone impacted by a domain name serving content with a proxy service registration on the WHOIS. If the proxy service provider does not want to reveal the information ( as many refuse to do now) then the only recourse is to file litigation against the proxy service provider. If we went ahead with our Dakar recommendations, I expect that filing against the registered name holder would be the first action instead of the last recourse. Then when the WHOIS record changes midstream, they are forced to go back to court to amend the complaint. It is extremely burdensome and expensive. Would this still be the case? If ICANN clarified that the responsible entity was the registered name holder, and removed any caveats etc, what would be the basis for changing the WHOIS record midstream? There has been some litigation that has held the proxy service provider legally responsible but nothing that has had a chilling effect on the industry. If in the current ambiguous contractual environment some proxy service providers have been held legally responsible, wouldn't what we have proposed significantly increase the likelihood of that? Wouldn't this in turn have a flow on 'chilling' effect on the use of proxies? I cannot open James document on my laptop but once I have a copy I will review his latest revisions. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Thursday, November 24, 2011 9:59 PM To: Emily Taylor Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Thanks Emily, that's very useful, and I think I understand where its coming from. I have a few follow on questions, as I'm trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I'm a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I'm not opposed, just cautious. In terms of questions: is the intention to retain our 'privacy' recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, 'known' proxies, and 'unknown' proxies? I ask this because if we are to recommend the establishment of parallel 'known proxy' and 'privacy' regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns. Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant's identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that: * the full rights and responsibilities of the registrant should accrue to the registered name holder; and * ICANN should endorse and regulate 'privacy' services which could limit the availability of sensitive personal data, without completely obfuscating the registrant's identity. This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities. Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative? I hope I'm not making this unnecessarily complicated - I just want to make sure that we don't make a rushed change that has not been fully discussed. I look forward to the views of other team members on this issue. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, 24 November 2011 8:30 PM To: Nettlefold, Peter Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days. My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic. What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations. I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up. Thanks Emily On 24 November 2011 02:32, Nettlefold, Peter > wrote: Hi Susan and all, Thanks very much to all who worked on this new series of recommendations. I'm sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly. In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a 'proxy' is being used) then some special rules apply? Or to put it another way, will we be recommending that there should be special new rules for 'known' proxies (however defined), and in all other cases we do not acknowledge proxies? I'm sorry if this was discussed this morning, but I'm just trying to understand the position. As there isn't a recording up yet that I've seen, any advice on whether other team members have already commented on this would be appreciated. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, 24 November 2011 6:18 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc Hello All, I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy's revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I. I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [cid:image001.jpg at 01CCADAE.162FAE00] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/3b534fe6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/3b534fe6/image001.jpg From susank at fb.com Mon Nov 28 02:15:21 2011 From: susank at fb.com (Susan Kawaguchi) Date: Mon, 28 Nov 2011 02:15:21 +0000 Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333E24138E@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333E1F2F65@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E1F3D11@EMB01.dept.gov.au> <022c01ccac5a$21da4ad0$658ee070$@reiss@lex-ip.com> <636771A7F4383E408C57A0240B5F8D4A333E24138E@EMB01.dept.gov.au> Message-ID: Hi Peter, I appreciate your comments. In my experience, the current language in the 2009 RAA 3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm. has not been tested in the US courts as far as I know let alone in every major jurisdiction in the world. If we move forward with the recommendation that we agreed upon in Dakar my opinion is that the best we can expect is for litigation to clarify this in a local court. There will be no urgency or incentive for a proxy service provider to change behavior and act responsibly. The proxy service provider is considered the Registered Name Holder now and most do not respond promptly to a request for the licensee's contact information so if the following is removed from 3.7.7.3 unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm Also what is the definition of "reasonable evidence of actionable harm" ? I think that would differ by jurisdiction I do not have any faith that it will change the status quo. I wish I was able to argue this more eloquently in Dakar but I feel that since most proxy services are controlled by an ICANN accredited registrar they should be held to at least the most minimum standard to respond within a specified time to an inquiry. I sent the following revised language to Kathy and James earlier today for their input. Proxy Recommendation >From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Definitions Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Recommendation 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. A retail proxy service provider should follow best practice guidelines developed by the community (ICANN, GNSO or whatever group would be most likely to address this issue) . The best practices may include the following: a. standardised relay and reveal processes and timeframes; a.1) establish a standardized process for requesting contact information for a proxy registration a.2) 24 hour response to provide requested contact information when requested by Law Enforcement; a.3) 5 day business response when requested by a non LE third party[j1] [j1] b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. retail proxy service providers to validate registrant contact information. a clear definition of the meaning of the proxy - Proxy Services register the domain name, is the registered name holder but license it to another for use 2. Now 4? The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 3. Now 5? ICANN should develop an incentive for the retail proxy service providers that adopt the best practice guidelines within a specified time frame. I have also included comments under your comments below. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Sunday, November 27, 2011 5:30 PM To: Seth M Reiss; Susan Kawaguchi; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello all, Thanks to Susan and Seth for keeping this important conversation moving. It seems clear that this is one of the most difficult parts of our report, in part because we are having to consider and balance two important, high-profile and sometimes conflicting needs. I've put comments directly into your email Susan, in a different font and colour, to try to explain my thinking on your points. I've tried to do this as simply and clearly as possible, and hope that by being so direct we can get closer to the heart of the issue. I hope this explains where I'm coming from, and helps to move this conversation forward. Cheers, Peter From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Sunday, 27 November 2011 3:41 AM To: 'Susan Kawaguchi'; Nettlefold, Peter; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Susan If the chain of legal responsibilities were clarified, don't you think there would be an immediate chilling effect on the industry? Only those registrars willing to go out of business as a result of entering into a retail proxy relationship with a naughty registrant would continue the retail proxy practice. The responsible ones I would expect to stop the practice. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Friday, November 25, 2011 7:24 PM To: Nettlefold, Peter; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello Peter, I am not proposing to change the privacy service recommendations although I did use language from the agreed upon recommendation since I thought it was a good place to start. Also I do not understand why there is concern with regulating proxy registrations and no concern with regulating privacy registrations. To my mind, in important ways these two types of services are quite distinct. In the case of a privacy service, it should be clear from the WHOIS record (inaccuracy aside) who is legally responsible for a domain from the outset. There should be no question as to finding a responsible entity on who to serve notice etc, as this data is not hidden/withheld with a privacy service. What a privacy service should instead do is restrict sensitive personal information about that responsible entity from general public availability. With a proxy service, in the current regime, the identity of the responsible entity is not clear, and it appears that this aspect has been gamed or otherwise abused. It is also not clear to me what the situation would be even if this were more tightly regulated. As soon as we say, 'you're responsible, except...', it seems that we risk some form of uncertainty, delay and gaming. If we want to do that, we would need to be very careful about how we address those risks. I did raise this before the November 9th call but was not able to participate on that call so I understand your concern that is this may appear last minute. II have given this so much thought over the last 6 months and you saw how uncomfortable I was with not addressing the proxy issues in our discussions in Dakar. My concern with the 'last minute' issue is not that it hasn't come up (I hope I didn't suggest that), and as you know I am very interested to make sure we get this right. It's just that we're discussing actual text very late in the piece - and again, I want to make sure we get it right. I simply do not feel that recommending to ICANN that they completely ignore the proxy issue is the way we should be proceeding. I don't think we're proposing that ICANN 'ignore' proxies. We all acknowledge that they will likely exist in one form or another regardless of what we do: the question is on what basis. In Dakar, we agreed that we would recommend that ICANN not only remove the current provisions which endorse proxies, but also make an affirmative statement to clarify the legal chain of responsibilities - i.e. from ICANN's point of view, the buck stops with the registered name holder. Rather than ignoring, I would see this as saying something like: 'if you're out there doing this, ICANN sees you as legally responsible'. Many courts around the world do not care what ICANN considers legal or illegal, ICANN cannot create law. My aim with this recommendation is to target the proxy services run by a registrar. They have a direct contractual relationship with ICANN. The argument that we do not understand all the contractual agreements involved in a proxy service makes sense for deeply integrated proxy services where the registrant and service have agreed upon contractual elements. The "retail" proxy service which is offered to anyone who will pay and agreed to the TOS for the most part are owned or controlled by a registrar. Although, we have to be careful to not try and regulate any other business the registrar may enter into the proxy service directly relates to the most critical information of the domain name registration which should be controlled by ICANN. I'm interested in whether a 'retail' proxy service would continue to offer the same sorts of service if they were held responsible for the domain. What would a registrar do if a domain they had registered in their own name was used for criminal purposes, and the RAA no longer explicitly offered the option of pointing the finger elsewhere, but instead affirmatively stated that they were responsible? The NORC study estimates that proxy registrations may be used in as much as 25% of the .com registrations. That is a significant number. Currently, several registrars run proxy services that are responsive and professional. GoDaddy is the gold standard from my experience. They have very well defined processes and when you run into a proxy registration that is a concern I know exactly what I have to do to request the information. The registrant is protected but if they are acting badly then there is a standardized process for receiving the website owners information. Below I pulled out from your email "Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective." Clarifying the chain of legal responsibilities leaves little recourse for someone impacted by a domain name serving content with a proxy service registration on the WHOIS. If the proxy service provider does not want to reveal the information ( as many refuse to do now) then the only recourse is to file litigation against the proxy service provider. If we went ahead with our Dakar recommendations, I expect that filing against the registered name holder would be the first action instead of the last recourse. Filing litigation against a registrant is always the last resort. I have been involved with domain name enforcement actions for over 12 years but only involved in 2 litigations. Currently we have a typo squatting litigation and with over 100 domain name registrations that are proxy registrations. Just a few of the proxy service providers have been beating down our doors to provide the licensee contact information. Then when the WHOIS record changes midstream, they are forced to go back to court to amend the complaint. It is extremely burdensome and expensive. Would this still be the case? If ICANN clarified that the responsible entity was the registered name holder, and removed any caveats etc, what would be the basis for changing the WHOIS record midstream? There has been some litigation that has held the proxy service provider legally responsible but nothing that has had a chilling effect on the industry. If in the current ambiguous contractual environment some proxy service providers have been held legally responsible, wouldn't what we have proposed significantly increase the likelihood of that? Wouldn't this in turn have a flow on 'chilling' effect on the use of proxies? I cannot open James document on my laptop but once I have a copy I will review his latest revisions. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Thursday, November 24, 2011 9:59 PM To: Emily Taylor Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Thanks Emily, that's very useful, and I think I understand where its coming from. I have a few follow on questions, as I'm trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I'm a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I'm not opposed, just cautious. In terms of questions: is the intention to retain our 'privacy' recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, 'known' proxies, and 'unknown' proxies? I ask this because if we are to recommend the establishment of parallel 'known proxy' and 'privacy' regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns. Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant's identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that: * the full rights and responsibilities of the registrant should accrue to the registered name holder; and * ICANN should endorse and regulate 'privacy' services which could limit the availability of sensitive personal data, without completely obfuscating the registrant's identity. This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities. Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative? I hope I'm not making this unnecessarily complicated - I just want to make sure that we don't make a rushed change that has not been fully discussed. I look forward to the views of other team members on this issue. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, 24 November 2011 8:30 PM To: Nettlefold, Peter Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days. My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic. What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations. I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up. Thanks Emily On 24 November 2011 02:32, Nettlefold, Peter > wrote: Hi Susan and all, Thanks very much to all who worked on this new series of recommendations. I'm sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly. In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a 'proxy' is being used) then some special rules apply? Or to put it another way, will we be recommending that there should be special new rules for 'known' proxies (however defined), and in all other cases we do not acknowledge proxies? I'm sorry if this was discussed this morning, but I'm just trying to understand the position. As there isn't a recording up yet that I've seen, any advice on whether other team members have already commented on this would be appreciated. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, 24 November 2011 6:18 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc Hello All, I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy's revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I. I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ________________________________ [j1]We should not be overly prescriptive and attempt to develop the Best Practices in this report. For example DBP is already circulating Best Practices outside of ICANN, and some of our proposals meet or exceed those listed here. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/e1b8982f/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/e1b8982f/image001.jpg From Peter.Nettlefold at dbcde.gov.au Mon Nov 28 03:53:39 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Mon, 28 Nov 2011 14:53:39 +1100 Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333E1F2F65@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E1F3D11@EMB01.dept.gov.au> <022c01ccac5a$21da4ad0$658ee070$@reiss@lex-ip.com> <636771A7F4383E408C57A0240B5F8D4A333E24138E@EMB01.dept.gov.au> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333E2415EB@EMB01.dept.gov.au> Hello again all, Thanks for your quick response Susan. Thanks also for posting the relevant RAA language. As I read it, nowhere does it say that the registered name holder assumes all rights and responsibilities. Instead, it states that they assume some responsibilities (like providing their own contact information). It also says that they shall accept other responsibilities (liability for harm), but only if certain undefined conditions are met. It seems to me that the RAA's endorsement of proxies, in combination with a clause that seeks to add caveats around the acceptance of liability, is a likely contributor to the current problems. This goes to your point about ICANN and the law. I fully agree that ICANN cannot make law. Even if it could, then that law would still be open to interpretation. That said, ICANN has a significant role in setting the policy and expectations in this area. To reuse my earlier example, if I was a registrar and I had registered a domain name that had been used for criminal purposes, I expect that I would feel far more comfortable turning up in court with a version of the current RAA under my arm than one that unambiguously said that I had assumed full responsibility. One question on the detail of the proposed recommendations: is the proposal to only regulate those services provided by registrars? If so, what would happen to other proxy providers? Cheers, Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Monday, 28 November 2011 1:15 PM To: Nettlefold, Peter; Seth M Reiss; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter, I appreciate your comments. In my experience, the current language in the 2009 RAA 3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm. has not been tested in the US courts as far as I know let alone in every major jurisdiction in the world. If we move forward with the recommendation that we agreed upon in Dakar my opinion is that the best we can expect is for litigation to clarify this in a local court. There will be no urgency or incentive for a proxy service provider to change behavior and act responsibly. The proxy service provider is considered the Registered Name Holder now and most do not respond promptly to a request for the licensee's contact information so if the following is removed from 3.7.7.3 unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm Also what is the definition of "reasonable evidence of actionable harm" ? I think that would differ by jurisdiction I do not have any faith that it will change the status quo. I wish I was able to argue this more eloquently in Dakar but I feel that since most proxy services are controlled by an ICANN accredited registrar they should be held to at least the most minimum standard to respond within a specified time to an inquiry. I sent the following revised language to Kathy and James earlier today for their input. Proxy Recommendation From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Definitions Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Recommendation 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. A retail proxy service provider should follow best practice guidelines developed by the community (ICANN, GNSO or whatever group would be most likely to address this issue) . The best practices may include the following: a. standardised relay and reveal processes and timeframes; a.1) establish a standardized process for requesting contact information for a proxy registration a.2) 24 hour response to provide requested contact information when requested by Law Enforcement; a.3) 5 day business response when requested by a non LE third party[j1] [j1] b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. retail proxy service providers to validate registrant contact information. a clear definition of the meaning of the proxy - Proxy Services register the domain name, is the registered name holder but license it to another for use 2. Now 4? The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 3. Now 5? ICANN should develop an incentive for the retail proxy service providers that adopt the best practice guidelines within a specified time frame. I have also included comments under your comments below. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Sunday, November 27, 2011 5:30 PM To: Seth M Reiss; Susan Kawaguchi; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello all, Thanks to Susan and Seth for keeping this important conversation moving. It seems clear that this is one of the most difficult parts of our report, in part because we are having to consider and balance two important, high-profile and sometimes conflicting needs. I've put comments directly into your email Susan, in a different font and colour, to try to explain my thinking on your points. I've tried to do this as simply and clearly as possible, and hope that by being so direct we can get closer to the heart of the issue. I hope this explains where I'm coming from, and helps to move this conversation forward. Cheers, Peter From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Sunday, 27 November 2011 3:41 AM To: 'Susan Kawaguchi'; Nettlefold, Peter; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Susan If the chain of legal responsibilities were clarified, don't you think there would be an immediate chilling effect on the industry? Only those registrars willing to go out of business as a result of entering into a retail proxy relationship with a naughty registrant would continue the retail proxy practice. The responsible ones I would expect to stop the practice. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Friday, November 25, 2011 7:24 PM To: Nettlefold, Peter; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello Peter, I am not proposing to change the privacy service recommendations although I did use language from the agreed upon recommendation since I thought it was a good place to start. Also I do not understand why there is concern with regulating proxy registrations and no concern with regulating privacy registrations. To my mind, in important ways these two types of services are quite distinct. In the case of a privacy service, it should be clear from the WHOIS record (inaccuracy aside) who is legally responsible for a domain from the outset. There should be no question as to finding a responsible entity on who to serve notice etc, as this data is not hidden/withheld with a privacy service. What a privacy service should instead do is restrict sensitive personal information about that responsible entity from general public availability. With a proxy service, in the current regime, the identity of the responsible entity is not clear, and it appears that this aspect has been gamed or otherwise abused. It is also not clear to me what the situation would be even if this were more tightly regulated. As soon as we say, 'you're responsible, except...', it seems that we risk some form of uncertainty, delay and gaming. If we want to do that, we would need to be very careful about how we address those risks. I did raise this before the November 9th call but was not able to participate on that call so I understand your concern that is this may appear last minute. II have given this so much thought over the last 6 months and you saw how uncomfortable I was with not addressing the proxy issues in our discussions in Dakar. My concern with the 'last minute' issue is not that it hasn't come up (I hope I didn't suggest that), and as you know I am very interested to make sure we get this right. It's just that we're discussing actual text very late in the piece - and again, I want to make sure we get it right. I simply do not feel that recommending to ICANN that they completely ignore the proxy issue is the way we should be proceeding. I don't think we're proposing that ICANN 'ignore' proxies. We all acknowledge that they will likely exist in one form or another regardless of what we do: the question is on what basis. In Dakar, we agreed that we would recommend that ICANN not only remove the current provisions which endorse proxies, but also make an affirmative statement to clarify the legal chain of responsibilities - i.e. from ICANN's point of view, the buck stops with the registered name holder. Rather than ignoring, I would see this as saying something like: 'if you're out there doing this, ICANN sees you as legally responsible'. Many courts around the world do not care what ICANN considers legal or illegal, ICANN cannot create law. My aim with this recommendation is to target the proxy services run by a registrar. They have a direct contractual relationship with ICANN. The argument that we do not understand all the contractual agreements involved in a proxy service makes sense for deeply integrated proxy services where the registrant and service have agreed upon contractual elements. The "retail" proxy service which is offered to anyone who will pay and agreed to the TOS for the most part are owned or controlled by a registrar. Although, we have to be careful to not try and regulate any other business the registrar may enter into the proxy service directly relates to the most critical information of the domain name registration which should be controlled by ICANN. I'm interested in whether a 'retail' proxy service would continue to offer the same sorts of service if they were held responsible for the domain. What would a registrar do if a domain they had registered in their own name was used for criminal purposes, and the RAA no longer explicitly offered the option of pointing the finger elsewhere, but instead affirmatively stated that they were responsible? The NORC study estimates that proxy registrations may be used in as much as 25% of the .com registrations. That is a significant number. Currently, several registrars run proxy services that are responsive and professional. GoDaddy is the gold standard from my experience. They have very well defined processes and when you run into a proxy registration that is a concern I know exactly what I have to do to request the information. The registrant is protected but if they are acting badly then there is a standardized process for receiving the website owners information. Below I pulled out from your email "Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective." Clarifying the chain of legal responsibilities leaves little recourse for someone impacted by a domain name serving content with a proxy service registration on the WHOIS. If the proxy service provider does not want to reveal the information ( as many refuse to do now) then the only recourse is to file litigation against the proxy service provider. If we went ahead with our Dakar recommendations, I expect that filing against the registered name holder would be the first action instead of the last recourse. Filing litigation against a registrant is always the last resort. I have been involved with domain name enforcement actions for over 12 years but only involved in 2 litigations. Currently we have a typo squatting litigation and with over 100 domain name registrations that are proxy registrations. Just a few of the proxy service providers have been beating down our doors to provide the licensee contact information. Then when the WHOIS record changes midstream, they are forced to go back to court to amend the complaint. It is extremely burdensome and expensive. Would this still be the case? If ICANN clarified that the responsible entity was the registered name holder, and removed any caveats etc, what would be the basis for changing the WHOIS record midstream? There has been some litigation that has held the proxy service provider legally responsible but nothing that has had a chilling effect on the industry. If in the current ambiguous contractual environment some proxy service providers have been held legally responsible, wouldn't what we have proposed significantly increase the likelihood of that? Wouldn't this in turn have a flow on 'chilling' effect on the use of proxies? I cannot open James document on my laptop but once I have a copy I will review his latest revisions. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Thursday, November 24, 2011 9:59 PM To: Emily Taylor Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Thanks Emily, that's very useful, and I think I understand where its coming from. I have a few follow on questions, as I'm trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I'm a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I'm not opposed, just cautious. In terms of questions: is the intention to retain our 'privacy' recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, 'known' proxies, and 'unknown' proxies? I ask this because if we are to recommend the establishment of parallel 'known proxy' and 'privacy' regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns. Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant's identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that: * the full rights and responsibilities of the registrant should accrue to the registered name holder; and * ICANN should endorse and regulate 'privacy' services which could limit the availability of sensitive personal data, without completely obfuscating the registrant's identity. This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities. Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative? I hope I'm not making this unnecessarily complicated - I just want to make sure that we don't make a rushed change that has not been fully discussed. I look forward to the views of other team members on this issue. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, 24 November 2011 8:30 PM To: Nettlefold, Peter Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days. My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic. What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations. I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up. Thanks Emily On 24 November 2011 02:32, Nettlefold, Peter > wrote: Hi Susan and all, Thanks very much to all who worked on this new series of recommendations. I'm sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly. In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a 'proxy' is being used) then some special rules apply? Or to put it another way, will we be recommending that there should be special new rules for 'known' proxies (however defined), and in all other cases we do not acknowledge proxies? I'm sorry if this was discussed this morning, but I'm just trying to understand the position. As there isn't a recording up yet that I've seen, any advice on whether other team members have already commented on this would be appreciated. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, 24 November 2011 6:18 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc Hello All, I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy's revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I. I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [cid:image001.jpg at 01CCADD3.2EFD7910] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ________________________________ [j1]We should not be overly prescriptive and attempt to develop the Best Practices in this report. For example DBP is already circulating Best Practices outside of ICANN, and some of our proposals meet or exceed those listed here. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/5c3dbcbe/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/5c3dbcbe/image001.jpg From susank at fb.com Mon Nov 28 04:34:20 2011 From: susank at fb.com (Susan Kawaguchi) Date: Mon, 28 Nov 2011 04:34:20 +0000 Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333E2415EB@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333E1F2F65@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E1F3D11@EMB01.dept.gov.au> <022c01ccac5a$21da4ad0$658ee070$@reiss@lex-ip.com> <636771A7F4383E408C57A0240B5F8D4A333E24138E@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E2415EB@EMB01.dept.gov.au> Message-ID: Hi Peter, Please see my responses in red. Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Sunday, November 27, 2011 7:54 PM To: Susan Kawaguchi; Seth M Reiss; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello again all, Thanks for your quick response Susan. Thanks also for posting the relevant RAA language. As I read it, nowhere does it say that the registered name holder assumes all rights and responsibilities. Instead, it states that they assume some responsibilities (like providing their own contact information). It also says that they shall accept other responsibilities (liability for harm), but only if certain undefined conditions are met. It seems to me that the RAA's endorsement of proxies, in combination with a clause that seeks to add caveats around the acceptance of liability, is a likely contributor to the current problems. I would agree with you that ICANN has contributed to this problem but mainly this comes from not addressing the issue in a clear and concise manner. This goes to your point about ICANN and the law. I fully agree that ICANN cannot make law. Even if it could, then that law would still be open to interpretation. That said, ICANN has a significant role in setting the policy and expectations in this area. To reuse my earlier example, if I was a registrar and I had registered a domain name that had been used for criminal purposes, I expect that I would feel far more comfortable turning up in court with a version of the current RAA under my arm than one that unambiguously said that I had assumed full responsibility. I agree but I do not think that proxy service providers rely on 3.7.7.3 as they are not parties to the RAA. It would be quite an argument for a proxy service provider that is not an ICANN accredited registrar but is controlled by one to argue that they are parties to the RAA. James might be able to give us a better perspective on this. One question on the detail of the proposed recommendations: is the proposal to only regulate those services provided by registrars? If so, what would happen to other proxy providers? Since we are relying on the registrars to disclose their relationship with the proxy service providers that they have a controlling interest in there is no action required by the unaffiliated proxy providers. My impression is those are the few and far between. Since ICANN really has no controls over proxy service providers I think we have several choices 1) Create language in the RAA that makes it very clear that the Registered Name Holder is responsible for the domain name. (basically what we agreed to in Dakar) 2) Not allow them at all, in effect categorize proxy registrations as invalid WHOIS. This would be very problematic as proxy registration services have sprung up from a valid market demand. 3) Create a situation in which the proxy service providers want to engage in best practices. This would require rewarding the good players. If registrars could say their proxy services are recommended or approved by ICANN then they may receive more business or use some other creative incentive. 4) Rely on litigation to fix the problem and that would not involve ICANN at all. I think this would push the proxy servers providers into countries in which litigation is challenging. We see cybersquatters in Panama and small Caribbean islands now I think we may see the same thing in this industry. 5) ? no idea but I wish I had a good answer.... I cannot think of an answer to this sticky issue that would completely resolve it but I just cannot live with not making an attempt. Cheers, Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Monday, 28 November 2011 1:15 PM To: Nettlefold, Peter; Seth M Reiss; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter, I appreciate your comments. In my experience, the current language in the 2009 RAA 3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm. has not been tested in the US courts as far as I know let alone in every major jurisdiction in the world. If we move forward with the recommendation that we agreed upon in Dakar my opinion is that the best we can expect is for litigation to clarify this in a local court. There will be no urgency or incentive for a proxy service provider to change behavior and act responsibly. The proxy service provider is considered the Registered Name Holder now and most do not respond promptly to a request for the licensee's contact information so if the following is removed from 3.7.7.3 unless it promptly discloses the current contact information provided by the licensee and the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm Also what is the definition of "reasonable evidence of actionable harm" ? I think that would differ by jurisdiction I do not have any faith that it will change the status quo. I wish I was able to argue this more eloquently in Dakar but I feel that since most proxy services are controlled by an ICANN accredited registrar they should be held to at least the most minimum standard to respond within a specified time to an inquiry. I sent the following revised language to Kathy and James earlier today for their input. Proxy Recommendation >From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Definitions Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Recommendation 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. A retail proxy service provider should follow best practice guidelines developed by the community (ICANN, GNSO or whatever group would be most likely to address this issue) . The best practices may include the following: a. standardised relay and reveal processes and timeframes; a.1) establish a standardized process for requesting contact information for a proxy registration a.2) 24 hour response to provide requested contact information when requested by Law Enforcement; a.3) 5 day business response when requested by a non LE third party[j1] [j1] b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. retail proxy service providers to validate registrant contact information. a clear definition of the meaning of the proxy - Proxy Services register the domain name, is the registered name holder but license it to another for use 2. Now 4? The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 3. Now 5? ICANN should develop an incentive for the retail proxy service providers that adopt the best practice guidelines within a specified time frame. I have also included comments under your comments below. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Sunday, November 27, 2011 5:30 PM To: Seth M Reiss; Susan Kawaguchi; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello all, Thanks to Susan and Seth for keeping this important conversation moving. It seems clear that this is one of the most difficult parts of our report, in part because we are having to consider and balance two important, high-profile and sometimes conflicting needs. I've put comments directly into your email Susan, in a different font and colour, to try to explain my thinking on your points. I've tried to do this as simply and clearly as possible, and hope that by being so direct we can get closer to the heart of the issue. I hope this explains where I'm coming from, and helps to move this conversation forward. Cheers, Peter From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Sunday, 27 November 2011 3:41 AM To: 'Susan Kawaguchi'; Nettlefold, Peter; 'Emily Taylor' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Susan If the chain of legal responsibilities were clarified, don't you think there would be an immediate chilling effect on the industry? Only those registrars willing to go out of business as a result of entering into a retail proxy relationship with a naughty registrant would continue the retail proxy practice. The responsible ones I would expect to stop the practice. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Friday, November 25, 2011 7:24 PM To: Nettlefold, Peter; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hello Peter, I am not proposing to change the privacy service recommendations although I did use language from the agreed upon recommendation since I thought it was a good place to start. Also I do not understand why there is concern with regulating proxy registrations and no concern with regulating privacy registrations. To my mind, in important ways these two types of services are quite distinct. In the case of a privacy service, it should be clear from the WHOIS record (inaccuracy aside) who is legally responsible for a domain from the outset. There should be no question as to finding a responsible entity on who to serve notice etc, as this data is not hidden/withheld with a privacy service. What a privacy service should instead do is restrict sensitive personal information about that responsible entity from general public availability. With a proxy service, in the current regime, the identity of the responsible entity is not clear, and it appears that this aspect has been gamed or otherwise abused. It is also not clear to me what the situation would be even if this were more tightly regulated. As soon as we say, 'you're responsible, except...', it seems that we risk some form of uncertainty, delay and gaming. If we want to do that, we would need to be very careful about how we address those risks. I did raise this before the November 9th call but was not able to participate on that call so I understand your concern that is this may appear last minute. II have given this so much thought over the last 6 months and you saw how uncomfortable I was with not addressing the proxy issues in our discussions in Dakar. My concern with the 'last minute' issue is not that it hasn't come up (I hope I didn't suggest that), and as you know I am very interested to make sure we get this right. It's just that we're discussing actual text very late in the piece - and again, I want to make sure we get it right. I simply do not feel that recommending to ICANN that they completely ignore the proxy issue is the way we should be proceeding. I don't think we're proposing that ICANN 'ignore' proxies. We all acknowledge that they will likely exist in one form or another regardless of what we do: the question is on what basis. In Dakar, we agreed that we would recommend that ICANN not only remove the current provisions which endorse proxies, but also make an affirmative statement to clarify the legal chain of responsibilities - i.e. from ICANN's point of view, the buck stops with the registered name holder. Rather than ignoring, I would see this as saying something like: 'if you're out there doing this, ICANN sees you as legally responsible'. Many courts around the world do not care what ICANN considers legal or illegal, ICANN cannot create law. My aim with this recommendation is to target the proxy services run by a registrar. They have a direct contractual relationship with ICANN. The argument that we do not understand all the contractual agreements involved in a proxy service makes sense for deeply integrated proxy services where the registrant and service have agreed upon contractual elements. The "retail" proxy service which is offered to anyone who will pay and agreed to the TOS for the most part are owned or controlled by a registrar. Although, we have to be careful to not try and regulate any other business the registrar may enter into the proxy service directly relates to the most critical information of the domain name registration which should be controlled by ICANN. I'm interested in whether a 'retail' proxy service would continue to offer the same sorts of service if they were held responsible for the domain. What would a registrar do if a domain they had registered in their own name was used for criminal purposes, and the RAA no longer explicitly offered the option of pointing the finger elsewhere, but instead affirmatively stated that they were responsible? The NORC study estimates that proxy registrations may be used in as much as 25% of the .com registrations. That is a significant number. Currently, several registrars run proxy services that are responsive and professional. GoDaddy is the gold standard from my experience. They have very well defined processes and when you run into a proxy registration that is a concern I know exactly what I have to do to request the information. The registrant is protected but if they are acting badly then there is a standardized process for receiving the website owners information. Below I pulled out from your email "Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective." Clarifying the chain of legal responsibilities leaves little recourse for someone impacted by a domain name serving content with a proxy service registration on the WHOIS. If the proxy service provider does not want to reveal the information ( as many refuse to do now) then the only recourse is to file litigation against the proxy service provider. If we went ahead with our Dakar recommendations, I expect that filing against the registered name holder would be the first action instead of the last recourse. Filing litigation against a registrant is always the last resort. I have been involved with domain name enforcement actions for over 12 years but only involved in 2 litigations. Currently we have a typo squatting litigation and with over 100 domain name registrations that are proxy registrations. Just a few of the proxy service providers have been beating down our doors to provide the licensee contact information. Then when the WHOIS record changes midstream, they are forced to go back to court to amend the complaint. It is extremely burdensome and expensive. Would this still be the case? If ICANN clarified that the responsible entity was the registered name holder, and removed any caveats etc, what would be the basis for changing the WHOIS record midstream? There has been some litigation that has held the proxy service provider legally responsible but nothing that has had a chilling effect on the industry. If in the current ambiguous contractual environment some proxy service providers have been held legally responsible, wouldn't what we have proposed significantly increase the likelihood of that? Wouldn't this in turn have a flow on 'chilling' effect on the use of proxies? I cannot open James document on my laptop but once I have a copy I will review his latest revisions. Best regards, Susan From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Thursday, November 24, 2011 9:59 PM To: Emily Taylor Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Thanks Emily, that's very useful, and I think I understand where its coming from. I have a few follow on questions, as I'm trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I'm a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I'm not opposed, just cautious. In terms of questions: is the intention to retain our 'privacy' recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, 'known' proxies, and 'unknown' proxies? I ask this because if we are to recommend the establishment of parallel 'known proxy' and 'privacy' regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns. Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant's identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that: * the full rights and responsibilities of the registrant should accrue to the registered name holder; and * ICANN should endorse and regulate 'privacy' services which could limit the availability of sensitive personal data, without completely obfuscating the registrant's identity. This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities. Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative? I hope I'm not making this unnecessarily complicated - I just want to make sure that we don't make a rushed change that has not been fully discussed. I look forward to the views of other team members on this issue. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, 24 November 2011 8:30 PM To: Nettlefold, Peter Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days. My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic. What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations. I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up. Thanks Emily On 24 November 2011 02:32, Nettlefold, Peter > wrote: Hi Susan and all, Thanks very much to all who worked on this new series of recommendations. I'm sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly. In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a 'proxy' is being used) then some special rules apply? Or to put it another way, will we be recommending that there should be special new rules for 'known' proxies (however defined), and in all other cases we do not acknowledge proxies? I'm sorry if this was discussed this morning, but I'm just trying to understand the position. As there isn't a recording up yet that I've seen, any advice on whether other team members have already commented on this would be appreciated. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, 24 November 2011 6:18 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc Hello All, I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy's revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I. I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- ________________________________ [j1]We should not be overly prescriptive and attempt to develop the Best Practices in this report. For example DBP is already circulating Best Practices outside of ICANN, and some of our proposals meet or exceed those listed here. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/6c959d49/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 823 bytes Desc: image001.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/6c959d49/image001.jpg From jbladel at godaddy.com Mon Nov 28 05:32:10 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Sun, 27 Nov 2011 22:32:10 -0700 Subject: [Rt4-whois] A word on proxies Message-ID: <20111127223210.9c1b16d3983f34082b49b9baf8cec04a.d97c359802.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111127/018af78b/attachment.html From susank at fb.com Mon Nov 28 05:42:59 2011 From: susank at fb.com (Susan Kawaguchi) Date: Mon, 28 Nov 2011 05:42:59 +0000 Subject: [Rt4-whois] A word on proxies In-Reply-To: <20111127223210.9c1b16d3983f34082b49b9baf8cec04a.d97c359802.wbe@email00.secureserver.net> References: <20111127223210.9c1b16d3983f34082b49b9baf8cec04a.d97c359802.wbe@email00.secureserver.net> Message-ID: Hi James, From the recommendations document of November 21st ? For the avoidance of doubt, the WHOIS Policy should include an affirmative statement that clarifies that a proxy means a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. ? Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence We agreed to request that ICANN remove the language from 3.7.7.3 concerning proxy registrations and acknowledge that the registered name holder accept all liability for the domain name. Hope this helps. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Sunday, November 27, 2011 9:32 PM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] A word on proxies Emily and Team: Forgive me, but can someone please state what is "the position we agreed in Dakar" ? I wasn't in attendance, and frankly with all of the drafts circulating on this issue, I think I've lost the original starting point. Thanks-- J. -------- Original Message -------- Subject: [Rt4-whois] A word on proxies From: Emily Taylor > Date: Sun, November 27, 2011 1:52 am To: rt4-whois at icann.org Hi all I've been following the exchanges with interest. On proxies, our default position should be what we agreed in Dakar. We all (including Susan) agreed those recommendations, despite virtually everyone having reservations on some of the issues. James and Susan (and latterly Kathy) were tasked to see whether they could agree additional text on proxies, and agreement wasn't possible. To me, this indicates that we have pushed the consensus as far as it can go at this stage. I think that we could add a paragraph in our findings to say that we wrestled with the issue of proxies, and set out a summary of both positions (ie concern that it will just be continuation of what we have; vs concern about bringing in an regulating non-contracted parties). We should definitely label this as one to watch, and an area where the community should build up good practices voluntarily. We welcome the study/work/whatever on reveal and relay, and anticipate that it will highlight many of the issues that we have encountered about patchy standards amongst commercial proxy providers: from gold standard (eg Domains by Proxy, [ others? Moniker?]) to others such as Above.com (an ICANN accredited registrar) which does not reveal until after UDRP or other proceedings have started, and has been found against in over 100 UDRP cases. It is an area where improved standards are necessary to promote consumer trust, and we look to the industry initially to work on these. The next WHOIS Review will have more information (ie the outcome of many of the studies which are just started now), and will be able to evaluate how well the industry has done. Susan - I appreciate, and share many of your concerns. However, we committed to a hard-won consensus on this issue in Dakar. You have rightly explored whether it's possible to do more, and it isn't at this stage. You can see from the responses of others in the group (eg Seth, Peter) that the preservation of our consensus is the most important thing at this stage of our study. I hope you will recognise how much we have achieved in this regard. Reading the draft report as a whole, I feel very proud of all of our work, and our teamwork. Kind regards Emily -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/c4dfc9e6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Current WRT Recommendations - v1 - Nov 21.doc Type: application/msword Size: 61440 bytes Desc: Current WRT Recommendations - v1 - Nov 21.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/c4dfc9e6/CurrentWRTRecommendations-v1-Nov21.doc From jbladel at godaddy.com Mon Nov 28 14:27:48 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Mon, 28 Nov 2011 07:27:48 -0700 Subject: [Rt4-whois] A word on proxies Message-ID: <20111128072748.9c1b16d3983f34082b49b9baf8cec04a.bc177e5eda.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/212dfb80/attachment.html From kathy at kathykleiman.com Mon Nov 28 15:31:43 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Mon, 28 Nov 2011 10:31:43 -0500 Subject: [Rt4-whois] Newest version of our Reprt Message-ID: <4ED3A95F.7030300@kathykleiman.com> Dear All, I hope you had a great weekend, and a good holiday. In the background, I see many groups working, exchanging email, and talking. Tx you! Emily and I have been talking on a daily basis to massage the report into shape, and she, I would like to share and wanted to share the most up-to-date version of our edited report./*Alice, could you kindly post this to our Wiki?*/ Quick notes; - report follows editing format we we agreed on Wednesday -- not using track changes, but instead a format that keeps all the text within the report to show the proposed changes: e.g., [KK Add: ] [KK Delete: ]. - chapter breaks, titles, and material rearranged a bit into a different order. It's all still there! Lynn's chapter, Sarmad's chapter, all given prominence in new chapters - More and bolded subtitles, etc., to make the document easier to scan Longer note: Emily, Peter and I have worked this weekend on the Gap Analysis, and breaking it into two chapters. Please note that Chapters 7/8 are not updated in the current draft -- and we'll be circulating a proposed draft within the day. All the best and enjoy, Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/88b98372/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS Policy RT - Draft report - ET 27 KK 27 Nov - New Edits KK PN.doc Type: application/octet-stream Size: 1123328 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/88b98372/WHOISPolicyRT-Draftreport-ET27KK27Nov-NewEditsKKPN.doc From lynn at goodsecurityconsulting.com Mon Nov 28 15:59:12 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Mon, 28 Nov 2011 08:59:12 -0700 Subject: [Rt4-whois] Newest version of our Reprt Message-ID: <20111128085912.00ef555ff13978e3e1b8d2179880f99e.f6d7ea2192.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/6a060154/attachment.html From alice.jansen at icann.org Mon Nov 28 16:07:01 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Mon, 28 Nov 2011 08:07:01 -0800 Subject: [Rt4-whois] FOLLOW-UP: Newest version of our Reprt In-Reply-To: <4ED3A95F.7030300@kathykleiman.com> Message-ID: Dear Review Team Members, This is now available on the wiki at: https://community.icann.org/display/whoisreviewprivate/Draft+report Note that I will be circulating a version later today that includes diagrams, Susan's comments on the report and comments submitted by Lutz on the brief guide to WHOIS. Please stay tuned! Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Kathy Kleiman > Date: Mon, 28 Nov 2011 07:31:43 -0800 To: "rt4-whois at icann.org" > Subject: [Rt4-whois] Newest version of our Reprt Dear All, I hope you had a great weekend, and a good holiday. In the background, I see many groups working, exchanging email, and talking. Tx you! Emily and I have been talking on a daily basis to massage the report into shape, and she, I would like to share and wanted to share the most up-to-date version of our edited report. Alice, could you kindly post this to our Wiki? Quick notes; - report follows editing format we we agreed on Wednesday -- not using track changes, but instead a format that keeps all the text within the report to show the proposed changes: e.g., [KK Add: ] [KK Delete: ]. - chapter breaks, titles, and material rearranged a bit into a different order. It's all still there! Lynn's chapter, Sarmad's chapter, all given prominence in new chapters - More and bolded subtitles, etc., to make the document easier to scan Longer note: Emily, Peter and I have worked this weekend on the Gap Analysis, and breaking it into two chapters. Please note that Chapters 7/8 are not updated in the current draft -- and we'll be circulating a proposed draft within the day. All the best and enjoy, Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/8c61c1d6/attachment.html From alice.jansen at icann.org Mon Nov 28 20:09:29 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Mon, 28 Nov 2011 12:09:29 -0800 Subject: [Rt4-whois] ATTACHED: FOLLOW-UP: Newest version of our Reprt In-Reply-To: Message-ID: Dear Review Team Members, Please find attached the latest version. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Alice Jansen > Date: Mon, 28 Nov 2011 08:07:01 -0800 To: Kathy Kleiman >, "rt4-whois at icann.org" > Subject: FOLLOW-UP: [Rt4-whois] Newest version of our Reprt Dear Review Team Members, This is now available on the wiki at: https://community.icann.org/display/whoisreviewprivate/Draft+report Note that I will be circulating a version later today that includes diagrams, Susan's comments on the report and comments submitted by Lutz on the brief guide to WHOIS. Please stay tuned! Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Kathy Kleiman > Date: Mon, 28 Nov 2011 07:31:43 -0800 To: "rt4-whois at icann.org" > Subject: [Rt4-whois] Newest version of our Reprt Dear All, I hope you had a great weekend, and a good holiday. In the background, I see many groups working, exchanging email, and talking. Tx you! Emily and I have been talking on a daily basis to massage the report into shape, and she, I would like to share and wanted to share the most up-to-date version of our edited report. Alice, could you kindly post this to our Wiki? Quick notes; - report follows editing format we we agreed on Wednesday -- not using track changes, but instead a format that keeps all the text within the report to show the proposed changes: e.g., [KK Add: ] [KK Delete: ]. - chapter breaks, titles, and material rearranged a bit into a different order. It's all still there! Lynn's chapter, Sarmad's chapter, all given prominence in new chapters - More and bolded subtitles, etc., to make the document easier to scan Longer note: Emily, Peter and I have worked this weekend on the Gap Analysis, and breaking it into two chapters. Please note that Chapters 7/8 are not updated in the current draft -- and we'll be circulating a proposed draft within the day. All the best and enjoy, Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/68bd258a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS policy RT - KK-ET-PN- (AJ) - 28 Nov.docx Type: application/x-msword Size: 570196 bytes Desc: WHOIS policy RT - KK-ET-PN- (AJ) - 28 Nov.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/68bd258a/WHOISpolicyRT-KK-ET-PN-AJ-28Nov.docx From bill.smith at paypal-inc.com Mon Nov 28 20:39:02 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Mon, 28 Nov 2011 13:39:02 -0700 Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] In-Reply-To: <01c001ccab93$f2220600$d6661200$@reiss@lex-ip.com> References: <636771A7F4383E408C57A0240B5F8D4A333E1F2F65@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333E1F3D11@EMB01.dept.gov.au> <4ECFBC8C.7090101@kathykleiman.com> <01c001ccab93$f2220600$d6661200$@reiss@lex-ip.com> Message-ID: Eminently reasonable. I really don't know how to "resolve" this issue, but I am strongly drawn to the simpler text we had agreed to in Dakar, as Emily recently suggested. This may be the best we can hope for given the complexity and messiness of the issue. In my opinion, it also happens to address the issues, as we understand them, from those wishing to "protect" themselves. It may not be perfect but it handles most of the cases we identified. Moving from the current (complex) state to a (simpler) state we might recommend will likely take time and may be difficult. On Nov 25, 2011, at 9:01 AM, Seth M Reiss wrote: I find myself closely aligned with Peter ?s thoughts and analysis. I prefer the simplicity of what I thought we had agreed to in Dakar as well as how that model promoted the underlying interests that we were concerned with: (1) protecting individual?s privacy particularly in those countries that had legal regimes that implicate WHOIS data appear to require such protection; and (2) not permitting registrants or proxy services to avoid WHOIS accountability without justification and without significant risk. While I appreciate that there is a concern on the part of members of our Team to acknowledge the proxy industry and regulate it, I am not persuaded that the AOC mandate requires that we accommodate existing interests simply because they exist. My other concern is that what I will term the more ?involved solution? does not appear to be going in a direction that is likely to reach consensus. It seems we are mixing privacy and proxy again or at least treating them too much alike, and I think this is something that has plagued the privacy/proxy debate from day one. I have a rather large project this weekend that keeps my away from a computer and means that I am not keeping up with the emails. Meanwhile, I did want to let all you know my perspective. I will of course work with the direction the group decides to go, and I will be checking my emails in the late evening to determine what direction that is. Good luck! Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Friday, November 25, 2011 6:04 AM To: rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Peter, You email below is eloquent, and I urge everyone to read it. We really have to wrestle with these issues, and quickly. I truly wish we had more information, and note there are two very complex studies now taking place in the GNSO right now because the community, as a whole, felt it needed much more information in this area. It is a confusing one! I share the concerns that Peter is raising, but from a somewhat different perspective. If we are "blessing" the existence of proxy and privacy services, then I think we need to make it very clear *to registrants* what is happening. E.g., From a registrant perspective: - when is their name going to be disclosed (privacy service), - when do they have legal liability (privacy service), - when is someone else the "owner" of their domain name (proxy service). I submitted some changes consistent with this goal of the most basic education and information. I think we have to be very, very clear because, from the perspective of .ORG political groups, for example, people's lives may be on the line. Best, Kathy : Thanks Emily, that?s very useful, and I think I understand where its coming from. I have a few follow on questions, as I?m trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I?m a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I?m not opposed, just cautious. In terms of questions: is the intention to retain our ?privacy? recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, ?known? proxies, and ?unknown? proxies? I ask this because if we are to recommend the establishment of parallel ?known proxy? and ?privacy? regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns. Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant?s identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that: ? the full rights and responsibilities of the registrant should accrue to the registered name holder; and ? ICANN should endorse and regulate ?privacy? services which could limit the availability of sensitive personal data, without completely obfuscating the registrant?s identity. This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities. Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative? I hope I?m not making this unnecessarily complicated ? I just want to make sure that we don?t make a rushed change that has not been fully discussed. I look forward to the views of other team members on this issue. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, 24 November 2011 8:30 PM To: Nettlefold, Peter Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED] Hi Peter As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days. My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic. What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations. I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up. Thanks Emily On 24 November 2011 02:32, Nettlefold, Peter > wrote: Hi Susan and all, Thanks very much to all who worked on this new series of recommendations. I?m sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly. In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a ?proxy? is being used) then some special rules apply? Or to put it another way, will we be recommending that there should be special new rules for ?known? proxies (however defined), and in all other cases we do not acknowledge proxies? I?m sorry if this was discussed this morning, but I?m just trying to understand the position. As there isn?t a recording up yet that I?ve seen, any advice on whether other team members have already commented on this would be appreciated. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, 24 November 2011 6:18 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc Hello All, I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy?s revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I. I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Mon Nov 28 21:46:45 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Mon, 28 Nov 2011 14:46:45 -0700 Subject: [Rt4-whois] Updated Policy Chapter In-Reply-To: <4ECFBA3B.60703@kathykleiman.com> References: <4ECFBA3B.60703@kathykleiman.com> Message-ID: I like it. On Nov 25, 2011, at 7:54 AM, Kathy Kleiman wrote: > Hi All, > I want to share a re-written policy chapter. I read the Executive > Summary for inspiration (it has such a good tone) and revised the policy > chapter to flow with the rest of the report. It now has a fuller > discussion of thin and thick registries, registrar agreement sections, > as well as a section called 4 Consensus Policies and One Consensus > Procedure. > > Many, many thanks to the small group that reviewed this chapter so > quickly last night, and sent back edits and proofing. It is much better > thanks to your editing input! > > I hope you find this chapter interesting and useful. > Best, > Kathy > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Tue Nov 29 00:39:46 2011 From: susank at fb.com (Susan Kawaguchi) Date: Tue, 29 Nov 2011 00:39:46 +0000 Subject: [Rt4-whois] Definitions of Privacy and Proxy Message-ID: Hello All, We seem to use varying definitions of privacy and proxy. I found these two definitions of both terms in our draft report In Chapter 4 page 43 u Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of "registered agent." u Proxy Services register the domain name and license it to another for use. Chapter 8 Page 80 Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user's identity. Proxy services have a third-party register domain names on the user's behalf and then license the use of the domain name so that a third-party's contact information (and not the licensee's) is published in WHOIS. I prefer the definitions from the Sept. 28, 2009 NORC report. Background To ensure that the community can identify who is responsible for a domain name, a registered name holder is required to provide and update, as needed, their contact information with their registrar of record. Registrars are required by ICANN to collect and provide free public access to the name of the registered domain name and its name servers and registrar, the date the domain was created and when its registration expires, and the contact information for the Registered Name Holder, the technical contact, and the administrative contact. In some instances, a registered name holder chooses to limit the amount of personal information that its registrar of record makes available to the public via a Whois query of their database. To do so, a registered name holder generally uses a privacy or proxy registration service. For the purpose of this study, the definitions of privacy and proxy services, as they relate to their use in the domain name system, are as follows: A privacy service provider offers the registrant an opportunity to register a domain name while concealing some personal identifying information listed in a WHOIS directory, such as his or her address, telephone number, or email address, by providing alternate contact information, often that of the privacy service provider. A proxy service provider registers the domain name on the registrant's behalf and then licenses the use of the domain name to the registrant. The contact information in a WHOIS directory for a domain name registered with a proxy service is that of the proxy service provider. There may be an intentional use of the other definitions that I am not aware of but I feel we should provide an extremely clear definition of each term since they are currently used interchangeably in the marketplace. Susan Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/4685bb79/attachment.html From Peter.Nettlefold at dbcde.gov.au Tue Nov 29 01:03:00 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Tue, 29 Nov 2011 12:03:00 +1100 Subject: [Rt4-whois] Definitions of Privacy and Proxy [SEC=UNCLASSIFIED] In-Reply-To: References: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333E241DA2@EMB01.dept.gov.au> Hi Susan, Thanks for picking this up, and I agree with your comments about consistency. To add to the complexity, I've pasted below the definitions we agreed in Dakar (taken from the recommendations document): Proxy: A relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Privacy: Registrant Name and a subset of other information (possibly null set) [PN: withheld?] but consistent across ICANN. I can see that we may not want to use the exact same set of words throughout the report, as there are different contexts etc, but we should keep an agreed set of words in mind and make sure any subsequent references are fully consistent. My preferred 'proxy' definition is the one we agreed in Dakar, as it makes the legal aspects very clear. The NORC 'privacy' definition seems fine, but equally we could flesh out the one we developed in Dakar a bit more - it seems fine, but a bit skeletal (I think we may have run out of words/time to finish it). Some of the other privacy definitions go into detail about how a service should act (i.e. it should provide 'mail forwarding' or 'pass non-SPAM messages'), which to me seems out of place in a definition. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Tuesday, 29 November 2011 11:40 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Definitions of Privacy and Proxy Hello All, We seem to use varying definitions of privacy and proxy. I found these two definitions of both terms in our draft report In Chapter 4 page 43 u Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of "registered agent." u Proxy Services register the domain name and license it to another for use. Chapter 8 Page 80 Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user's identity. Proxy services have a third-party register domain names on the user's behalf and then license the use of the domain name so that a third-party's contact information (and not the licensee's) is published in WHOIS. I prefer the definitions from the Sept. 28, 2009 NORC report. Background To ensure that the community can identify who is responsible for a domain name, a registered name holder is required to provide and update, as needed, their contact information with their registrar of record. Registrars are required by ICANN to collect and provide free public access to the name of the registered domain name and its name servers and registrar, the date the domain was created and when its registration expires, and the contact information for the Registered Name Holder, the technical contact, and the administrative contact. In some instances, a registered name holder chooses to limit the amount of personal information that its registrar of record makes available to the public via a Whois query of their database. To do so, a registered name holder generally uses a privacy or proxy registration service. For the purpose of this study, the definitions of privacy and proxy services, as they relate to their use in the domain name system, are as follows: A privacy service provider offers the registrant an opportunity to register a domain name while concealing some personal identifying information listed in a WHOIS directory, such as his or her address, telephone number, or email address, by providing alternate contact information, often that of the privacy service provider. A proxy service provider registers the domain name on the registrant's behalf and then licenses the use of the domain name to the registrant. The contact information in a WHOIS directory for a domain name registered with a proxy service is that of the proxy service provider. There may be an intentional use of the other definitions that I am not aware of but I feel we should provide an extremely clear definition of each term since they are currently used interchangeably in the marketplace. Susan Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/8b07955a/attachment.html From seth.reiss at lex-ip.com Tue Nov 29 05:56:46 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Mon, 28 Nov 2011 19:56:46 -1000 Subject: [Rt4-whois] Definitions of Privacy and Proxy In-Reply-To: References: Message-ID: <038501ccae5b$ae5a4430$0b0ecc90$@reiss@lex-ip.com> I feel there is a very large problem with adopting the NORC report's definition of proxy, although I find the NORC report's definition of privacy service eloquent and accurate. The problem with the NORC report's definition of proxy is that it designates the licensee as the "registrant" and in doing so, shifts all legal responsibilities and risks from the retail proxy service onto the hidden licensee. This definition is unfortunate, and can only lead to confusion and contradiction as we attempt to move forward. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Monday, November 28, 2011 2:40 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Definitions of Privacy and Proxy Hello All, We seem to use varying definitions of privacy and proxy. I found these two definitions of both terms in our draft report In Chapter 4 page 43 u Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of "registered agent." u Proxy Services register the domain name and license it to another for use. Chapter 8 Page 80 Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user's identity. Proxy services have a third-party register domain names on the user's behalf and then license the use of the domain name so that a third-party's contact information (and not the licensee's) is published in WHOIS. I prefer the definitions from the Sept. 28, 2009 NORC report. Background To ensure that the community can identify who is responsible for a domain name, a registered name holder is required to provide and update, as needed, their contact information with their registrar of record. Registrars are required by ICANN to collect and provide free public access to the name of the registered domain name and its name servers and registrar, the date the domain was created and when its registration expires, and the contact information for the Registered Name Holder, the technical contact, and the administrative contact. In some instances, a registered name holder chooses to limit the amount of personal information that its registrar of record makes available to the public via a Whois query of their database. To do so, a registered name holder generally uses a privacy or proxy registration service. For the purpose of this study, the definitions of privacy and proxy services, as they relate to their use in the domain name system, are as follows: A privacy service provider offers the registrant an opportunity to register a domain name while concealing some personal identifying information listed in a WHOIS directory, such as his or her address, telephone number, or email address, by providing alternate contact information, often that of the privacy service provider. A proxy service provider registers the domain name on the registrant's behalf and then licenses the use of the domain name to the registrant. The contact information in a WHOIS directory for a domain name registered with a proxy service is that of the proxy service provider. There may be an intentional use of the other definitions that I am not aware of but I feel we should provide an extremely clear definition of each term since they are currently used interchangeably in the marketplace. Susan Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/ca08e5f7/attachment.html From susank at fb.com Tue Nov 29 06:18:10 2011 From: susank at fb.com (Susan Kawaguchi) Date: Tue, 29 Nov 2011 06:18:10 +0000 Subject: [Rt4-whois] Definitions of Privacy and Proxy In-Reply-To: <038501ccae5b$ae5a4430$0b0ecc90$@reiss@lex-ip.com> References: , <038501ccae5b$ae5a4430$0b0ecc90$@reiss@lex-ip.com> Message-ID: <67D5497A-EAAC-4D25-ABB1-E75FB395705C@fb.com> Good catch! Until I read it aloud I did not read it correctly Do you prefer either of the other two? My point is that we decide on a standard definition Sent from my iPhone On Nov 28, 2011, at 9:56 PM, "Seth M Reiss" > wrote: I feel there is a very large problem with adopting the NORC report?s definition of proxy, although I find the NORC report?s definition of privacy service eloquent and accurate. The problem with the NORC report?s definition of proxy is that it designates the licensee as the ?registrant? and in doing so, shifts all legal responsibilities and risks from the retail proxy service onto the hidden licensee. This definition is unfortunate, and can only lead to confusion and contradiction as we attempt to move forward. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Monday, November 28, 2011 2:40 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Definitions of Privacy and Proxy Hello All, We seem to use varying definitions of privacy and proxy. I found these two definitions of both terms in our draft report In Chapter 4 page 43 u Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of ?registered agent.? u Proxy Services register the domain name and license it to another for use. Chapter 8 Page 80 Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user?s identity. Proxy services have a third-party register domain names on the user?s behalf and then license the use of the domain name so that a third-party?s contact information (and not the licensee?s) is published in WHOIS. I prefer the definitions from the Sept. 28, 2009 NORC report. Background To ensure that the community can identify who is responsible for a domain name, a registered name holder is required to provide and update, as needed, their contact information with their registrar of record. Registrars are required by ICANN to collect and provide free public access to the name of the registered domain name and its name servers and registrar, the date the domain was created and when its registration expires, and the contact information for the Registered Name Holder, the technical contact, and the administrative contact. In some instances, a registered name holder chooses to limit the amount of personal information that its registrar of record makes available to the public via a Whois query of their database. To do so, a registered name holder generally uses a privacy or proxy registration service. For the purpose of this study, the definitions of privacy and proxy services, as they relate to their use in the domain name system, are as follows: A privacy service provider offers the registrant an opportunity to register a domain name while concealing some personal identifying information listed in a WHOIS directory, such as his or her address, telephone number, or email address, by providing alternate contact information, often that of the privacy service provider. A proxy service provider registers the domain name on the registrant?s behalf and then licenses the use of the domain name to the registrant. The contact information in a WHOIS directory for a domain name registered with a proxy service is that of the proxy service provider. There may be an intentional use of the other definitions that I am not aware of but I feel we should provide an extremely clear definition of each term since they are currently used interchangeably in the marketplace. Susan Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/4799cf3e/attachment.html From emily at emilytaylor.eu Tue Nov 29 07:31:43 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 07:31:43 +0000 Subject: [Rt4-whois] Definitions of Privacy and Proxy In-Reply-To: References: Message-ID: Hi Susan, Seth, Peter Thanks for your thoughts on this. I agree on consistency, and will be happy to go with whatever you guys think best. Alice - you can edit in as appropriate, yes? On 29 November 2011 00:39, Susan Kawaguchi wrote: > *Hello All, * > > ** ** > > We seem to use varying definitions of privacy and proxy. I found these > two definitions of both terms in our draft report**** > > ** ** > > In Chapter 4 page 43 **** > > **u ***Privacy Services *provide the Registrant's Name, but the Privacy > Service's contact information. The Privacy Service passes on non-spam > messages to the Registrant, particularly legal notices, acting as a type of > ?registered agent.?**** > > **** > > **u ***Proxy Services* register the domain name and license it to another > for use. **** > > ** ** > > Chapter 8 Page 80**** > > ** ** > > *Privacy *services limit certain user details from WHOIS by offering > alternate contact information and mail forwarding services, while not > actually shielding the user?s identity. **** > > * * > > *Proxy *services have a third-party register domain names on the user?s > behalf and then license the use of the domain name so that a third-party?s > contact information (and not the licensee?s) is published in WHOIS. **** > > ** ** > > I prefer the definitions from the Sept. 28, 2009 NORC report. **** > > *Background ***** > > To ensure that the community can identify who is responsible for a domain > name, a registered name holder is required to provide and update, as > needed, their contact information with their registrar of record. > Registrars are required by ICANN to collect and provide free public access > to the name of the registered domain name and its name servers and > registrar, the date the domain was created and when its registration > expires, and the contact information for the Registered Name Holder, the > technical contact, and the administrative contact. ** ** > > In some instances, a registered name holder chooses to limit the amount of > personal information that its registrar of record makes available to the > public via a Whois query of their database. To do so, a registered name > holder generally uses a privacy or proxy registration service. For the > purpose of this study, the definitions of privacy and proxy services, as > they relate to their use in the domain name system, are as follows: **** > > * * > > * * > > *A privacy service provider **offers the registrant an opportunity to > register a domain name while concealing some personal identifying > information listed in a WHOIS directory, such as his or her address, > telephone number, or email address, by providing alternate contact > information, often that of the privacy service provider. ***** > > *A proxy service provider **registers the domain name on the registrant?s > behalf and then licenses the use of the domain name to the registrant. The > contact information in a WHOIS directory for a domain name registered with > a proxy service is that of the proxy service provider.***** > > ** ** > > There may be an intentional use of the other definitions that I am not > aware of but I feel we should provide an extremely clear definition of each > term since they are currently used interchangeably in the marketplace. ** > ** > > ** ** > > Susan**** > > ** ** > > Susan Kawaguchi**** > > Domain Name Manager**** > > ** ** > > Facebook Inc.**** > > 1601 California Avenue**** > > Palo Alto, CA**** > > ** ** > > Phone - 650 485-6064**** > > Cell - 650 387 3904**** > > ** ** > > Please note my email address has changed to skawaguchi at fb.com **** > > NOTICE: This email (including any attachments) may contain information > that is private, confidential, or protected by attorney-client or other > privilege. Unless you are the intended recipient, you may not use, copy, > or retransmit the email or its contents.**** > > ** ** > > ** ** > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/fadfcd57/attachment.html From kathy at kathykleiman.com Tue Nov 29 13:49:06 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 29 Nov 2011 08:49:06 -0500 Subject: [Rt4-whois] Definitions of Privacy and Proxy In-Reply-To: References: Message-ID: <4ED4E2D2.2000806@kathykleiman.com> I would be happy to go with the more formal definition if we can use parenthesis to illustrate the actual point (name published). There is a real concern from many that the issue is already obscure, and so I hope we can begin the education process and open up the discussion! Kathy Hi Susan, Seth, Peter > > Thanks for your thoughts on this. I agree on consistency, and will be > happy to go with whatever you guys think best. > > Alice - you can edit in as appropriate, yes? > > > On 29 November 2011 00:39, Susan Kawaguchi > wrote: > > *Hello All, * > > We seem to use varying definitions of privacy and proxy. I found > these two definitions of both terms in our draft report > > In Chapter 4 page 43 > > u*/Privacy Services /*provide the Registrant's Name, but the > Privacy Service's contact information. The Privacy Service passes > on non-spam messages to the Registrant, particularly legal > notices, acting as a type of "registered agent." > > u*/Proxy Services/* register the domain name and license it to > another for use. > > Chapter 8 Page 80 > > /Privacy /services limit certain user details from WHOIS by > offering alternate contact information and mail forwarding > services, while not actually shielding the user's identity. > > // > > /Proxy /services have a third-party register domain names on the > user's behalf and then license the use of the domain name so that > a third-party's contact information (and not the licensee's) is > published in WHOIS. > > I prefer the definitions from the Sept. 28, 2009 NORC report. > > *Background * > > To ensure that the community can identify who is responsible for a > domain name, a registered name holder is required to provide and > update, as needed, their contact information with their registrar > of record. Registrars are required by ICANN to collect and provide > free public access to the name of the registered domain name and > its name servers and registrar, the date the domain was created > and when its registration expires, and the contact information for > the Registered Name Holder, the technical contact, and the > administrative contact. > > In some instances, a registered name holder chooses to limit the > amount of personal information that its registrar of record makes > available to the public via a Whois query of their database. To do > so, a registered name holder generally uses a privacy or proxy > registration service. For the purpose of this study, the > definitions of privacy and proxy services, as they relate to their > use in the domain name system, are as follows: > > *//* > > *//* > > */A privacy service provider /*/offers the registrant an > opportunity to register a domain name while concealing some > personal identifying information listed in a WHOIS directory, such > as his or her address, telephone number, or email address, by > providing alternate contact information, often that of the privacy > service provider. / > > */A proxy service provider /*/registers the domain name on the > registrant's behalf and then licenses the use of the domain name > to the registrant. The contact information in a WHOIS directory > for a domain name registered with a proxy service is that of the > proxy service provider./ > > There may be an intentional use of the other definitions that I am > not aware of but I feel we should provide an extremely clear > definition of each term since they are currently used > interchangeably in the marketplace. > > Susan > > Susan Kawaguchi > > Domain Name Manager > > Facebook Inc. > > 1601 California Avenue > > Palo Alto, CA > > Phone - 650 485-6064 > > Cell - 650 387 3904 > > Please note my email address has changed to skawaguchi at fb.com > > > NOTICE: This email (including any attachments) may contain > information that is private, confidential, or protected by > attorney-client or other privilege. Unless you are the intended > recipient, you may not use, copy, or retransmit the email or its > contents. > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in England > and Wales No. 730471. VAT No. 114487713. > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/812fbff8/attachment.html From alice.jansen at icann.org Tue Nov 29 14:00:16 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Tue, 29 Nov 2011 06:00:16 -0800 Subject: [Rt4-whois] Draft report + appendices document - 29 November Message-ID: Dear Review Team Members, Please find attached the latest versions of the draft report and appendices document. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/38583a07/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Appendices V1 - 29 Nov.docx Type: application/x-msword Size: 1460323 bytes Desc: Appendices V1 - 29 Nov.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/38583a07/AppendicesV1-29Nov.docx -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS RT - DRAFT REPORT - 29 NOV2011.docx Type: application/x-msword Size: 606688 bytes Desc: WHOIS RT - DRAFT REPORT - 29 NOV2011.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/38583a07/WHOISRT-DRAFTREPORT-29NOV2011.docx From bill.smith at paypal-inc.com Tue Nov 29 14:02:23 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 07:02:23 -0700 Subject: [Rt4-whois] Definitions of Privacy and Proxy In-Reply-To: <038501ccae5b$ae5a4430$0b0ecc90$@reiss@lex-ip.com> References: <038501ccae5b$ae5a4430$0b0ecc90$@reiss@lex-ip.com> Message-ID: <75634596-4653-456A-8D50-BBC94B32A202@paypal.com> NORC's privacy definition, Dakar proxy definition? On Nov 28, 2011, at 9:58 PM, "Seth M Reiss" > wrote: I feel there is a very large problem with adopting the NORC report?s definition of proxy, although I find the NORC report?s definition of privacy service eloquent and accurate. The problem with the NORC report?s definition of proxy is that it designates the licensee as the ?registrant? and in doing so, shifts all legal responsibilities and risks from the retail proxy service onto the hidden licensee. This definition is unfortunate, and can only lead to confusion and contradiction as we attempt to move forward. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Monday, November 28, 2011 2:40 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Definitions of Privacy and Proxy Hello All, We seem to use varying definitions of privacy and proxy. I found these two definitions of both terms in our draft report In Chapter 4 page 43 u Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of ?registered agent.? u Proxy Services register the domain name and license it to another for use. Chapter 8 Page 80 Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user?s identity. Proxy services have a third-party register domain names on the user?s behalf and then license the use of the domain name so that a third-party?s contact information (and not the licensee?s) is published in WHOIS. I prefer the definitions from the Sept. 28, 2009 NORC report. Background To ensure that the community can identify who is responsible for a domain name, a registered name holder is required to provide and update, as needed, their contact information with their registrar of record. Registrars are required by ICANN to collect and provide free public access to the name of the registered domain name and its name servers and registrar, the date the domain was created and when its registration expires, and the contact information for the Registered Name Holder, the technical contact, and the administrative contact. In some instances, a registered name holder chooses to limit the amount of personal information that its registrar of record makes available to the public via a Whois query of their database. To do so, a registered name holder generally uses a privacy or proxy registration service. For the purpose of this study, the definitions of privacy and proxy services, as they relate to their use in the domain name system, are as follows: A privacy service provider offers the registrant an opportunity to register a domain name while concealing some personal identifying information listed in a WHOIS directory, such as his or her address, telephone number, or email address, by providing alternate contact information, often that of the privacy service provider. A proxy service provider registers the domain name on the registrant?s behalf and then licenses the use of the domain name to the registrant. The contact information in a WHOIS directory for a domain name registered with a proxy service is that of the proxy service provider. There may be an intentional use of the other definitions that I am not aware of but I feel we should provide an extremely clear definition of each term since they are currently used interchangeably in the marketplace. Susan Susan Kawaguchi Domain Name Manager Facebook Inc. 1601 California Avenue Palo Alto, CA Phone - 650 485-6064 Cell - 650 387 3904 Please note my email address has changed to skawaguchi at fb.com NOTICE: This email (including any attachments) may contain information that is private, confidential, or protected by attorney-client or other privilege. Unless you are the intended recipient, you may not use, copy, or retransmit the email or its contents. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From alice.jansen at icann.org Tue Nov 29 14:19:27 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Tue, 29 Nov 2011 06:19:27 -0800 Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November In-Reply-To: Message-ID: Members, Note that the latest version of the draft report contains/reflects: * Susan's new set of comments (in addition to those incorporated yesterday); * Lutz' recommendation on a centralized WHOIS; * The 2 sets of privacy/proxy definitions along with a note asking you to decide which set you would like to adopt; * The prior-to-September Law Enforcement definition (with reference to an off-list discussion). This was added in parallel to the definition currently in the report. Note that the appendices document now includes: * Susan's example of a WHOIS look-up. Thanks, Kind regards Alice From: Alice Jansen > Date: Tue, 29 Nov 2011 06:00:16 -0800 To: "rt4-whois at icann.org" > Subject: Draft report + appendices document - 29 November Dear Review Team Members, Please find attached the latest versions of the draft report and appendices document. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/f0211af3/attachment.html From jbladel at godaddy.com Tue Nov 29 14:28:00 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Tue, 29 Nov 2011 07:28:00 -0700 Subject: [Rt4-whois] Definitions of Privacy and Proxy Message-ID: <20111129072800.9c1b16d3983f34082b49b9baf8cec04a.3556df679a.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/398d4a40/attachment.html From lynn at goodsecurityconsulting.com Tue Nov 29 15:22:45 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 08:22:45 -0700 Subject: [Rt4-whois] Consumer Trust Research Summary Message-ID: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/00864023/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Consumer Trust Research Summary Clean Draft Nov28.doc Type: application/msword Size: 52224 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/00864023/ConsumerTrustResearchSummaryCleanDraftNov28.doc -------------- next part -------------- A non-text attachment was scrubbed... Name: Consumer Trust Research Summary Markups Nov28.doc Type: application/msword application Size: 61952 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/00864023/ConsumerTrustResearchSummaryMarkupsNov28.doc From emily at emilytaylor.eu Tue Nov 29 15:40:52 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 15:40:52 +0000 Subject: [Rt4-whois] Consumer Trust Research Summary In-Reply-To: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> References: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> Message-ID: Thank you all for your work on this, Seth, Susan and Lynn. I think the findings in particular are now very strong, and lead nicely into our recommendations. One small thing - we mention in the findings about the privacy principle of informed consent to data processing (not the exact language used, but that's the idea) - I noticed that the RAA does require this to be done, so it's another example where the contractual provisions are there, it's just that they don't seem to be filtering through to the end user. Kind regards Emily On 29 November 2011 15:22, wrote: > Seth, Susan and I have been working via email due to our time zone > differences. > I am waiting for Seth to confirm but believe we have come to an agreement > on our revisions and edits. > > Attached is our clean updated draft and our most recent marked up copy > with comments. > > Since we are so close to the deadline, I am taking the liberty of sending > this forward now. > Lynn > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/9607ebce/attachment.html From seth.reiss at lex-ip.com Tue Nov 29 18:14:24 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Tue, 29 Nov 2011 08:14:24 -1000 Subject: [Rt4-whois] Consumer Trust Research Summary In-Reply-To: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> References: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> Message-ID: <03f601ccaec2$bac62ce0$305286a0$@reiss@lex-ip.com> Thank you Lynn. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of lynn at goodsecurityconsulting.com Sent: Tuesday, November 29, 2011 5:23 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: [Rt4-whois] Consumer Trust Research Summary Seth, Susan and I have been working via email due to our time zone differences. I am waiting for Seth to confirm but believe we have come to an agreement on our revisions and edits. Attached is our clean updated draft and our most recent marked up copy with comments. Since we are so close to the deadline, I am taking the liberty of sending this forward now. Lynn -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/6b5583c3/attachment.html From seth.reiss at lex-ip.com Tue Nov 29 18:34:00 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Tue, 29 Nov 2011 08:34:00 -1000 Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November In-Reply-To: References: Message-ID: <040b01ccaec5$77166b10$65434130$@reiss@lex-ip.com> Alice Would it be possible to break out the 2 sets of privacy/proxy definitions with note in an email to the Team for feedback? I am not sure I am finding them in the document in the way you have described. Thanks. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Alice Jansen Sent: Tuesday, November 29, 2011 4:19 AM To: rt4-whois at icann.org Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Members, Note that the latest version of the draft report contains/reflects: * Susan's new set of comments (in addition to those incorporated yesterday); * Lutz' recommendation on a centralized WHOIS; * The 2 sets of privacy/proxy definitions along with a note asking you to decide which set you would like to adopt; * The prior-to-September Law Enforcement definition (with reference to an off-list discussion). This was added in parallel to the definition currently in the report. Note that the appendices document now includes: * Susan's example of a WHOIS look-up. Thanks, Kind regards Alice From: Alice Jansen Date: Tue, 29 Nov 2011 06:00:16 -0800 To: "rt4-whois at icann.org" Subject: Draft report + appendices document - 29 November Dear Review Team Members, Please find attached the latest versions of the draft report and appendices document. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/9601aee9/attachment.html From lynn at goodsecurityconsulting.com Tue Nov 29 20:05:53 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 13:05:53 -0700 Subject: [Rt4-whois] DNS and WHOIS - How it Works Message-ID: <20111129130553.00ef555ff13978e3e1b8d2179880f99e.34cbf05d51.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/a0a6d688/attachment.html From emily at emilytaylor.eu Tue Nov 29 20:14:37 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 20:14:37 +0000 Subject: [Rt4-whois] DNS and WHOIS - How it Works In-Reply-To: <20111129130553.00ef555ff13978e3e1b8d2179880f99e.34cbf05d51.wbe@email12.secureserver.net> References: <20111129130553.00ef555ff13978e3e1b8d2179880f99e.34cbf05d51.wbe@email12.secureserver.net> Message-ID: Hi Lynn Interesting suggestion. Any others share this view? Best, Emily On 29 November 2011 20:05, wrote: > Suggestion: Change from Chapter to Appendix > > After reading through the Draft Report, it seems to me that the section > on "DNS and WHOIS- How it Works" should be an Appendix rather than in the > main body of the report. > While it is useful to have as reference for the reader, it somewhat > disrupts the thought flow of the > assessment and paper. > -Lynn > > > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/ce675fc9/attachment.html From lynn at goodsecurityconsulting.com Tue Nov 29 20:15:10 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 13:15:10 -0700 Subject: [Rt4-whois] DNS and WHOIS - How it Works Message-ID: <20111129131510.00ef555ff13978e3e1b8d2179880f99e.d6382dea46.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/5d62527b/attachment.html From m.yakushev at corp.mail.ru Tue Nov 29 20:18:41 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Tue, 29 Nov 2011 20:18:41 +0000 Subject: [Rt4-whois] DNS and WHOIS - How it Works In-Reply-To: References: <20111129130553.00ef555ff13978e3e1b8d2179880f99e.34cbf05d51.wbe@email12.secureserver.net> Message-ID: <71B38F372F86D940B9C644A99264FA313E6E12@M2EMBS1.mail.msk> I always stand for shorter 'main body' and informative appendices. Support Lynn: however, at least some words on WHOIS system should be in the main text. Rgds, M. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Tuesday, November 29, 2011 11:15 PM To: lynn at goodsecurityconsulting.com Cc: Kathy Kleiman; rt4-whois at icann.org; Emily Taylor Subject: Re: [Rt4-whois] DNS and WHOIS - How it Works Hi Lynn Interesting suggestion. Any others share this view? Best, Emily On 29 November 2011 20:05, > wrote: Suggestion: Change from Chapter to Appendix After reading through the Draft Report, it seems to me that the section on "DNS and WHOIS- How it Works" should be an Appendix rather than in the main body of the report. While it is useful to have as reference for the reader, it somewhat disrupts the thought flow of the assessment and paper. -Lynn -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/5871502f/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/5871502f/WRD000.jpg From emily at emilytaylor.eu Tue Nov 29 20:30:44 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 20:30:44 +0000 Subject: [Rt4-whois] Gap analysis - Chapters 7 and 8 Message-ID: Hi all Peter, Kathy and I have used the time differences between us since Saturday to iterate and re-iterate this section. Peter has meetings back to back for the rest of the week; Kathy and I have lost the ability to read, write or speak. Because there have now been so many changes (mainly of order, but some of text), I have tried to present this as a clean draft. However, it has not been possible for me to get rid of the highlighting (I think they've got stuck there because we're all working on different versions of Word, Open Office, Word for Mac etc). So, with apologies to Kathy and Peter I am sharing this now in order to get your comments before we sign off on the draft report tomorrow. Let me have any show stoppers, silly typos, or other comments as soon as you can. You will see that we've made an attempt to draw out some conclusions / findings, working from the Dakar draft on proxy/privacy, and plagiarising liberally from the Exec Summary. At the end are a load of definitions, which are clearly out of place where they are, but I just left them in so that we don't forget about them. Thank you. Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/afbf74d6/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 111129 v3 Chapters 7 and 8 clean.doc Type: application/msword Size: 154112 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/afbf74d6/111129v3Chapters7and8clean.doc From emily at emilytaylor.eu Tue Nov 29 20:33:39 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 20:33:39 +0000 Subject: [Rt4-whois] Consumer Trust Research Summary In-Reply-To: <4ed52132.811e440a.7f51.ffffd50bSMTPIN_ADDED@mx.google.com> References: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> <4ed52132.811e440a.7f51.ffffd50bSMTPIN_ADDED@mx.google.com> Message-ID: Dear Lynn, Seth, and Susan Thank you. This draft is really coming together. Following on from an unrelated thread started by you, Lynn, and supported by Michael, I'd like to suggest that we take a close look at whether some of the detail (on methodology; countries surveyed; etc) from these pages might sit better in an appendix, to improve the flow of the whole report. We need the reasons why we did the study; that it was multi-national and multi-lingual, that it comprised both qual and quant. Then the findings, which are very economically written and lead in well to the recommendations. What do you think? Kind regards Emily On 29 November 2011 18:14, Seth M Reiss wrote: > Thank you Lynn.**** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *lynn at goodsecurityconsulting.com > *Sent:* Tuesday, November 29, 2011 5:23 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* [Rt4-whois] Consumer Trust Research Summary**** > > ** ** > > Seth, Susan and I have been working via email due to our time zone > differences.**** > > I am waiting for Seth to confirm but believe we have come to an agreement > on our revisions and edits.**** > > **** > > Attached is our clean updated draft and our most recent marked up copy > with comments.**** > > **** > > Since we are so close to the deadline, I am taking the liberty of sending > this forward now.**** > > Lynn**** > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/5d73050d/attachment.html From alice.jansen at icann.org Tue Nov 29 20:34:07 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Tue, 29 Nov 2011 12:34:07 -0800 Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November In-Reply-To: <040b01ccaec5$77166b10$65434130$@reiss@lex-ip.com> Message-ID: Hi Seth! The two sets of recommendations are as follows: Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of ?registered agent.? Proxy Services register the domain name and license it to another for use. Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user?s identity. Proxy services have a third-party register domain names on the user?s behalf and then license the use of the domain name so that a third-party?s contact information (and not the licensee?s) is published in WHOIS. In the report: P.44-45 P.82 Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Seth M Reiss > Date: Tue, 29 Nov 2011 10:34:00 -0800 To: Alice Jansen >, "rt4-whois at icann.org" > Subject: RE: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Alice Would it be possible to break out the 2 sets of privacy/proxy definitions with note in an email to the Team for feedback? I am not sure I am finding them in the document in the way you have described. Thanks. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Alice Jansen Sent: Tuesday, November 29, 2011 4:19 AM To: rt4-whois at icann.org Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Members, Note that the latest version of the draft report contains/reflects: * Susan's new set of comments (in addition to those incorporated yesterday); * Lutz' recommendation on a centralized WHOIS; * The 2 sets of privacy/proxy definitions along with a note asking you to decide which set you would like to adopt; * The prior-to-September Law Enforcement definition (with reference to an off-list discussion). This was added in parallel to the definition currently in the report. Note that the appendices document now includes: * Susan's example of a WHOIS look-up. Thanks, Kind regards Alice From: Alice Jansen > Date: Tue, 29 Nov 2011 06:00:16 -0800 To: "rt4-whois at icann.org" > Subject: Draft report + appendices document - 29 November Dear Review Team Members, Please find attached the latest versions of the draft report and appendices document. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/037bdc69/attachment.html From emily at emilytaylor.eu Tue Nov 29 20:44:50 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Tue, 29 Nov 2011 20:44:50 +0000 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Message-ID: Dear all Thank you for your dedication over the past few days. We have got through a quite amazing amount of work, from major redrafts of substantive sections, to great consensus building on recommendations, to individual comments on the report as a whole. We're not quite at my "Oscar-acceptance-speech-tears-of-gratitude-and-sincere-thanks-to-the-team-who-I-now-count-as-my-personal-friends" bit, but we're nearly there. With the increased pace of new drafts, I would like to set out a plan for how we get to closure, and release this DRAFT report tomorrow . - We're going to sign this off now by exception - if you're not commenting it means you're happy, and are assumed to have read it. - Remember, it's our draft report, and there will be opportunities to edit in future, but you should make sure you are comfortable, in particular with the *exec summary, findings, and recommendations.* - Open issues we need to close down are: (1) Definitions of law enf. and applicable laws. Minor changes requested by Peter - are we comfortable, or not? (2) Where are we on proxies? - is there some agreed text to go into the recommendations now (thanks for your work on this Susan, James and others) (3) How much of the consumer chapter stays in the full report, and how much goes into an appendix. (4) Background on WHOIS chapter - does it stay where it is, or does it go into an appendix? (5) any final comments on the compliance letter, please? Alice, please can you produce a clean copy of this. *I NEED YOUR FINAL COMMENTS TOMORROW BEFORE 15:00 UTC so that they can be factored in.* For the West Coasters, that means today your time. On publication, I am still aiming to go for it tomorrow, with appendices to follow a week later. Alice, - Denise mentioned trying to schedule a couple of webinars, and a call with the Board to take them through the draft report in early December. Please can we try to schedule these. Thanks for staying with it, all. Another 24 hours or so, and then we can all have a large drink/non-alcoholic beverage/tuck into a lot of post-Thanksgiving cold turkey. Best wishes to all Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/b9ca423a/attachment.html From lynn at goodsecurityconsulting.com Tue Nov 29 20:46:05 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 20:46:05 +0000 Subject: [Rt4-whois] Consumer Trust Research Summary In-Reply-To: References: <20111129082245.00ef555ff13978e3e1b8d2179880f99e.6a622d1690.wbe@email12.secureserver.net> <4ed52132.811e440a.7f51.ffffd50bSMTPIN_ADDED@mx.google.com> Message-ID: <939470345-1322599566-cardhu_decombobulator_blackberry.rim.net-299968817-@b11.c9.bise6.blackberry> Agree- now that we are getting a perspective on the whole paper, we can now tighten and shorten. Will make another pass on it. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Date: Tue, 29 Nov 2011 20:33:39 To: Seth M Reiss Cc: ; Emily Taylor; Subject: Re: [Rt4-whois] Consumer Trust Research Summary Dear Lynn, Seth, and Susan Thank you. This draft is really coming together. Following on from an unrelated thread started by you, Lynn, and supported by Michael, I'd like to suggest that we take a close look at whether some of the detail (on methodology; countries surveyed; etc) from these pages might sit better in an appendix, to improve the flow of the whole report. We need the reasons why we did the study; that it was multi-national and multi-lingual, that it comprised both qual and quant. Then the findings, which are very economically written and lead in well to the recommendations. What do you think? Kind regards Emily On 29 November 2011 18:14, Seth M Reiss wrote: > Thank you Lynn.**** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *lynn at goodsecurityconsulting.com > *Sent:* Tuesday, November 29, 2011 5:23 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* [Rt4-whois] Consumer Trust Research Summary**** > > ** ** > > Seth, Susan and I have been working via email due to our time zone > differences.**** > > I am waiting for Seth to confirm but believe we have come to an agreement > on our revisions and edits.**** > > **** > > Attached is our clean updated draft and our most recent marked up copy > with comments.**** > > **** > > Since we are so close to the deadline, I am taking the liberty of sending > this forward now.**** > > Lynn**** > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/412acc76/attachment.html From lynn at goodsecurityconsulting.com Tue Nov 29 20:47:55 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 20:47:55 +0000 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? In-Reply-To: References: Message-ID: <1474356649-1322599676-cardhu_decombobulator_blackberry.rim.net-900129410-@b11.c9.bise6.blackberry> Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From seth.reiss at lex-ip.com Tue Nov 29 20:59:37 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Tue, 29 Nov 2011 10:59:37 -1000 Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November In-Reply-To: References: <040b01ccaec5$77166b10$65434130$@reiss@lex-ip.com> Message-ID: <048601ccaed9$ce6eb5c0$6b4c2140$@reiss@lex-ip.com> Thanks Alice. I like both Privacy Services definitions but my slight preference is for the second. I feel that both Proxy Services definitions are lacking in some respect, but I prefer the first with the following minor modification: "Proxy Services register a domain name at the request of a third party and then allow a third party to use the domain name behind the veil of the Proxy Service's name and contact information." Seth From: Alice Jansen [mailto:alice.jansen at icann.org] Sent: Tuesday, November 29, 2011 10:34 AM To: Seth M Reiss; rt4-whois at icann.org Subject: Re: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Hi Seth! The two sets of recommendations are as follows: Privacy Services provide the Registrant's Name, but the Privacy Service's contact information. The Privacy Service passes on non-spam messages to the Registrant, particularly legal notices, acting as a type of "registered agent." Proxy Services register the domain name and license it to another for use. Privacy services limit certain user details from WHOIS by offering alternate contact information and mail forwarding services, while not actually shielding the user's identity. Proxy services have a third-party register domain names on the user's behalf and then license the use of the domain name so that a third-party's contact information (and not the licensee's) is published in WHOIS. In the report: P.44-45 P.82 Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Seth M Reiss Date: Tue, 29 Nov 2011 10:34:00 -0800 To: Alice Jansen , "rt4-whois at icann.org" Subject: RE: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Alice Would it be possible to break out the 2 sets of privacy/proxy definitions with note in an email to the Team for feedback? I am not sure I am finding them in the document in the way you have described. Thanks. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Alice Jansen Sent: Tuesday, November 29, 2011 4:19 AM To: rt4-whois at icann.org Subject: [Rt4-whois] NOTE: Draft report + appendices document - 29 November Members, Note that the latest version of the draft report contains/reflects: * Susan's new set of comments (in addition to those incorporated yesterday); * Lutz' recommendation on a centralized WHOIS; * The 2 sets of privacy/proxy definitions along with a note asking you to decide which set you would like to adopt; * The prior-to-September Law Enforcement definition (with reference to an off-list discussion). This was added in parallel to the definition currently in the report. Note that the appendices document now includes: * Susan's example of a WHOIS look-up. Thanks, Kind regards Alice From: Alice Jansen Date: Tue, 29 Nov 2011 06:00:16 -0800 To: "rt4-whois at icann.org" Subject: Draft report + appendices document - 29 November Dear Review Team Members, Please find attached the latest versions of the draft report and appendices document. Also available at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/584b9882/attachment.html From Peter.Nettlefold at dbcde.gov.au Tue Nov 29 23:16:25 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 30 Nov 2011 10:16:25 +1100 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <1474356649-1322599676-cardhu_decombobulator_blackberry.rim.net-900129410-@b11.c9.bise6.blackberry> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From susank at fb.com Tue Nov 29 23:54:43 2011 From: susank at fb.com (Susan Kawaguchi) Date: Tue, 29 Nov 2011 23:54:43 +0000 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> References: <1474356649-1322599676-cardhu_decombobulator_blackberry.rim.net-900129410-@b11.c9.bise6.blackberry> <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> Message-ID: Hi Peter, I have continued to give the proxy issue much thought. I am completely opposed to removing the language about proxies from the RAA and leaving it at that. I feel that we are skirting a major issue. I found two US court cases that are relevant to this issue. I realize that court rulings depend completely on jurisdiction so this may not apply to other countries. The first is right on point Balsam v. Tucows http://scholar.google.com/scholar_case?case=8643528087906257613&hl=en&as_sdt=2&as_vis=1&oi=scholarr As I read this ruling, the plaintiff was trying to rely on 3.7.7.3 and hold Tucows responsible for the use of the domain name that was a proxy registration. The court relied on 5.10 of the RAA "5.10 No Third-Party Beneficiaries. This Agreement shall not be construed to create any obligation by either ICANN or Registrar to any non-party to this Agreement, including any Registered Name Holder." The final paragraph in the court ruling is as follows "Given the absence of any evidence to the contrary, we conclude that the "No Third Party Beneficiaries" clause unambiguously manifests an intent not to create any obligations to third parties through the RAA. See Cal. Civ.Code ? 1638 ("If contractual language is clear and explicit and does not involve an absurdity, the plain meaning governs."); see also Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 400 (2d Cir.2004) (the RAA's "No Third-Party Beneficiaries" provision "expressly and intentionally exclude[s] non-parties from claiming rights under it in court proceedings"). Accordingly, Balsam's claims, which are entirely dependent on his claimed status as a third-party beneficiary,[3] must fail." At least in California court and maybe in US court in general the 3.7.7.3 language is not going to hold up. It definitely would not have a chilling effect and serve the purpose of immediately improving the relay and reveal process we so desperately need with proxy registrations. Solid Host v. Namecheap http://www.circleid.com/pdf/solidhostnamecheap.pdf The 3.7.7.3 language was also asserted but it was the contributory liability allegations Based on California's Unfair Competition Law (the "UCL"). "The court has concluded that Solid Host's complaint adequately pleads a cybersquatting claim against NameCheap on a contributory liability theory. Neither of these cases were able to rely on the RAA language in my opinion although as you know I am not an attorney. I revised the proxy recommendation I am proposing and inserted it into the report yesterday and in giving it more thought I have shortened it once again based on a earlier comment from James. All of this would be voluntary on the part of the proxy service provider. Definitions A proxy service - we should use the agreed upon definition once we have it. >From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. 2) A retail proxy service provider should follow best practice guidelines developed by the community. These may include the following: a. standardized relay and reveal processes and timeframes; establish a standardized process for requesting contact information for a proxy registration b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. validate registrant contact information. 3. The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 4. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. Hope this helps to clarify my position. Susan -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, November 29, 2011 3:16 PM To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 00:33:48 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 30 Nov 2011 11:33:48 +1100 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hello again all, I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. The findings also seem to be spread in different parts of the report, and not in final form. I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? Cheers, Peter ----- Original Message ----- From: Nettlefold, Peter Sent: Wednesday, November 30, 2011 10:16 AM To: 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From susank at fb.com Wed Nov 30 00:45:49 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 00:45:49 +0000 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> Message-ID: I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, November 29, 2011 4:34 PM To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello again all, I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. The findings also seem to be spread in different parts of the report, and not in final form. I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? Cheers, Peter ----- Original Message ----- From: Nettlefold, Peter Sent: Wednesday, November 30, 2011 10:16 AM To: 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Wed Nov 30 01:18:08 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 18:18:08 -0700 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> Message-ID: <275EA318-39C4-4BDB-AEAD-DB432D29AB00@paypal.com> Likewise. I've been trying to produce a "clean", without highlights, version. I made it through a few chapters but have now run into comments that indicate chapters should be removed, moved, etc. I'm getting lost. (I started with the version on the site dated 29 Nov.) I can devote tomorrow to editing and cleaning up but will need assistance in determining what stays, goes, moves, etc. Not sure we'll be able to get this out tomorrow. I attached what I have if anyone wants to take a look. Bill (The highlighting is a mess, but I think I have it figure out. It's time-consuming to deal with, but not impossible.) On Nov 29, 2011, at 4:45 PM, Susan Kawaguchi wrote: > I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. > > Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter > Sent: Tuesday, November 29, 2011 4:34 PM > To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello again all, > > I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. > > The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. > > The findings also seem to be spread in different parts of the report, and not in final form. > > I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? > > Cheers, > > Peter > > > ----- Original Message ----- > From: Nettlefold, Peter > Sent: Wednesday, November 30, 2011 10:16 AM > To: 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I'll be trying to read the key parts of the report today while I'm in meetings. > > Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. > > That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. > > I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? > > Cheers, > > Peter > > > ----- Original Message ----- > From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] > Sent: Wednesday, November 30, 2011 07:47 AM > To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > Thanks Emily for your endurance and pulling us through. Your request is reasonable. > Lynn > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > Sender: rt4-whois-bounces at icann.org > Date: Tue, 29 Nov 2011 20:44:50 > To: > Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- A non-text attachment was scrubbed... Name: WCS - WHOIS RT - DRAFT REPORT - 29 NOV2011 rev 2.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 634380 bytes Desc: WCS - WHOIS RT - DRAFT REPORT - 29 NOV2011 rev 2.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/29f23565/WCS-WHOISRT-DRAFTREPORT-29NOV2011rev2.docx From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 01:46:38 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 30 Nov 2011 12:46:38 +1100 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64225B@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hello again all, In addition to the editing and completeness issues, I have just noticed that a key component of the privacy recommendations appears to have changed since Dakar. Having just rechecked the Dakar recommendations, we agreed that ICANN should develop and manage a system of clear, consistent and enforceable requirements for ALL privacy service providers consistent with national law. The version in the latest report limits this to only 'registrar-operated' privacy services. This seems to me to be a significant change, as it limits the system to only part of the industry. Among other things, this could distort competition, lead to gaming behaviour, and provide a safe haven for bad actors. As I cannot see any source acknowledged or reason given in the document for this change (unlike the other recent changes) I don't know why or when this change occurred. As I am attempting to reach the point where I can sign this document off via a blackberry while in other meetings, this has significantly reduced my confidence. Could someone please look into this change, and also ensure that any other proposed changes to the recommendations that the review team has previously agreed are clearly notified to the group so that they can at least be discussed. Cheers, Peter ----- Original Message ----- From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 11:45 AM To: Nettlefold, Peter; 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' Subject: RE: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, November 29, 2011 4:34 PM To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello again all, I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. The findings also seem to be spread in different parts of the report, and not in final form. I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? Cheers, Peter ----- Original Message ----- From: Nettlefold, Peter Sent: Wednesday, November 30, 2011 10:16 AM To: 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From kathy at kathykleiman.com Wed Nov 30 01:47:20 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 29 Nov 2011 20:47:20 -0500 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <275EA318-39C4-4BDB-AEAD-DB432D29AB00@paypal.com> References: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> <275EA318-39C4-4BDB-AEAD-DB432D29AB00@paypal.com> Message-ID: <4ED58B28.8010103@kathykleiman.com> Hi All, I'll be sending out a clean-up version of the Recommendations in about half an hour - and answering as many questions as I can. Thanks to all for so much work! Kathy > Likewise. > > I've been trying to produce a "clean", without highlights, version. I made it through a few chapters but have now run into comments that indicate chapters should be removed, moved, etc. I'm getting lost. (I started with the version on the site dated 29 Nov.) > > I can devote tomorrow to editing and cleaning up but will need assistance in determining what stays, goes, moves, etc. > > Not sure we'll be able to get this out tomorrow. I attached what I have if anyone wants to take a look. > > Bill > > (The highlighting is a mess, but I think I have it figure out. It's time-consuming to deal with, but not impossible.) > > > > On Nov 29, 2011, at 4:45 PM, Susan Kawaguchi wrote: > >> I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. >> >> Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? >> >> -----Original Message----- >> From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter >> Sent: Tuesday, November 29, 2011 4:34 PM >> To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' >> Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] >> >> Classification: UNCLASSIFIED >> >> Hello again all, >> >> I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. >> >> The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. >> >> The findings also seem to be spread in different parts of the report, and not in final form. >> >> I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? >> >> Cheers, >> >> Peter >> >> >> ----- Original Message ----- >> From: Nettlefold, Peter >> Sent: Wednesday, November 30, 2011 10:16 AM >> To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' >> Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] >> >> Classification: UNCLASSIFIED >> >> Hello all, >> >> I'll be trying to read the key parts of the report today while I'm in meetings. >> >> Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. >> >> That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. >> >> I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? >> >> Cheers, >> >> Peter >> >> >> ----- Original Message ----- >> From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] >> Sent: Wednesday, November 30, 2011 07:47 AM >> To: Emily Taylor; rt4-whois-bounces at icann.org; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? >> >> Thanks Emily for your endurance and pulling us through. Your request is reasonable. >> Lynn >> Sent via BlackBerry by AT&T >> >> -----Original Message----- >> From: Emily Taylor >> Sender: rt4-whois-bounces at icann.org >> Date: Tue, 29 Nov 2011 20:44:50 >> To: >> Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> ------------------------------------------------------------------------------- >> >> NOTICE: This email message is for the sole use of the intended recipient(s) >> and may contain confidential and privileged information. Any unauthorized >> review, use, disclosure or distribution is prohibited. If you are not the >> intended recipient, please contact the sender by reply email and destroy all >> copies of the original message. >> >> This message has been content scanned by the Axway MailGate. >> MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. >> >> >> ------------------------------------------------------------------------------- >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> ------------------------------------------------------------------------------- >> >> NOTICE: This email message is for the sole use of the intended recipient(s) >> and may contain confidential and privileged information. Any unauthorized >> review, use, disclosure or distribution is prohibited. If you are not the >> intended recipient, please contact the sender by reply email and destroy all >> copies of the original message. >> >> This message has been content scanned by the Axway MailGate. >> MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. >> >> >> ------------------------------------------------------------------------------- >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4- -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/f2e8e4e3/attachment.html From jbladel at godaddy.com Wed Nov 30 02:28:22 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Tue, 29 Nov 2011 19:28:22 -0700 Subject: [Rt4-whois] =?utf-8?q?ACTION_REQUIRED=3A_What_do_I_need_to_do_now?= =?utf-8?q?=3F_=5BSEC=3DUNCLASSIFIED=5D?= Message-ID: <20111129192822.9c1b16d3983f34082b49b9baf8cec04a.d0c2d9ed67.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/bd36594a/attachment.html From lynn at goodsecurityconsulting.com Wed Nov 30 02:43:56 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 19:43:56 -0700 Subject: [Rt4-whois] =?utf-8?q?ACTION_REQUIRED=3A_What_do_I_need_to_do_now?= =?utf-8?q?=3F_=5BSEC=3DUNCLASSIFIED=5D?= Message-ID: <20111129194356.00ef555ff13978e3e1b8d2179880f99e.a41eda3b82.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/a4b19a32/attachment.html From seth.reiss at lex-ip.com Wed Nov 30 02:54:37 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Tue, 29 Nov 2011 16:54:37 -1000 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: References: <1474356649-1322599676-cardhu_decombobulator_blackberry.rim.net-900129410-@b11.c9.bise6.blackberry> <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> Message-ID: <056001ccaf0b$66c4db20$344e9160$@reiss@lex-ip.com> Susan I have not studied the cases you cite (and I probably should) but I think the underlying problem is that ICANN tried, unsuccessfully, to regulate the proxy industry via, e.g., RAA 3.7.7.3. If ICANN had not given some recognition to the proxy industry through RAA 3.7.7.3, then I am not sure how the Ninth Circuit would have come out the way it did. In other words, if you do not recognize proxies, then anyone who decides to become a proxy is the registrant and bears all liability for how the registered domain name is used. Because ICANN has mucked up the waters trying, unsuccessfully, to regulate proxy services, I agree ICANN now has to fix the problem in an affirmative manner. We need to tell ICANN this but this does not mean ICANN is necessarily stuck with regulating an industry that perhaps should not exist or be given recognition. And we are not making policy or law, just telling ICANN what we think needs fixing and in what manner. If we tell it to fix the proxy situation so proxy services are no longer recognized in any form, and so that if a registrar or reseller decides to offer such services they will have to take responsibility for any and all liability resulting from the use of the domain name, then ICANN with the assistance of their remarkable staff, advisors and counsel will have to study the cases you cite and other applicable circumstances to figure out how to get there from here. I am confident there is a way, and I am also confident that with the benefit of all our thoughts and discussions, they may get it right :). Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Tuesday, November 29, 2011 1:55 PM To: Nettlefold, Peter; 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Hi Peter, I have continued to give the proxy issue much thought. I am completely opposed to removing the language about proxies from the RAA and leaving it at that. I feel that we are skirting a major issue. I found two US court cases that are relevant to this issue. I realize that court rulings depend completely on jurisdiction so this may not apply to other countries. The first is right on point Balsam v. Tucows http://scholar.google.com/scholar_case?case=8643528087906257613&hl=en&as_sdt =2&as_vis=1&oi=scholarr As I read this ruling, the plaintiff was trying to rely on 3.7.7.3 and hold Tucows responsible for the use of the domain name that was a proxy registration. The court relied on 5.10 of the RAA "5.10 No Third-Party Beneficiaries. This Agreement shall not be construed to create any obligation by either ICANN or Registrar to any non-party to this Agreement, including any Registered Name Holder." The final paragraph in the court ruling is as follows "Given the absence of any evidence to the contrary, we conclude that the "No Third Party Beneficiaries" clause unambiguously manifests an intent not to create any obligations to third parties through the RAA. See Cal. Civ.Code ? 1638 ("If contractual language is clear and explicit and does not involve an absurdity, the plain meaning governs."); see also Register.com, Inc. v. Verio, Inc., 356 F.3d 393, 400 (2d Cir.2004) (the RAA's "No Third-Party Beneficiaries" provision "expressly and intentionally exclude[s] non-parties from claiming rights under it in court proceedings"). Accordingly, Balsam's claims, which are entirely dependent on his claimed status as a third-party beneficiary,[3] must fail." At least in California court and maybe in US court in general the 3.7.7.3 language is not going to hold up. It definitely would not have a chilling effect and serve the purpose of immediately improving the relay and reveal process we so desperately need with proxy registrations. Solid Host v. Namecheap http://www.circleid.com/pdf/solidhostnamecheap.pdf The 3.7.7.3 language was also asserted but it was the contributory liability allegations Based on California's Unfair Competition Law (the "UCL"). "The court has concluded that Solid Host's complaint adequately pleads a cybersquatting claim against NameCheap on a contributory liability theory. Neither of these cases were able to rely on the RAA language in my opinion although as you know I am not an attorney. I revised the proxy recommendation I am proposing and inserted it into the report yesterday and in giving it more thought I have shortened it once again based on a earlier comment from James. All of this would be voluntary on the part of the proxy service provider. Definitions A proxy service - we should use the agreed upon definition once we have it. >From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. 2) A retail proxy service provider should follow best practice guidelines developed by the community. These may include the following: a. standardized relay and reveal processes and timeframes; establish a standardized process for requesting contact information for a proxy registration b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. validate registrant contact information. 3. The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 4. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. Hope this helps to clarify my position. Susan -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Tuesday, November 29, 2011 3:16 PM To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I'll be trying to read the key parts of the report today while I'm in meetings. Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? Cheers, Peter ----- Original Message ----- From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Wednesday, November 30, 2011 07:47 AM To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? Thanks Emily for your endurance and pulling us through. Your request is reasonable. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Tue, 29 Nov 2011 20:44:50 To: Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ---------------------------------------------------------------------------- --- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ---------------------------------------------------------------------------- --- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Wed Nov 30 03:06:58 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 29 Nov 2011 22:06:58 -0500 Subject: [Rt4-whois] Recommendations - here attached Message-ID: <4ED59DD2.5030709@kathykleiman.com> Hi All, To the Chapters 7 and 8 that Emily circulated today (an expansion of the Gap Analysis from one chapter into two to make it more readable), let me add Chapter 9, Recommendations. Chapter 9 is also separated out from the Gap Analysis to create a separate place for our Recommendations. The entire report leads up to them, and I guess they are the climax of our story. We worked hard to take our Dakar and MDR recommendations, remove duplicates, and clarify languages (so that all references are clear, etc.). There are still a few blanks to be filled in, so if you know the answers, please let the group know. Two copies attached: a "clean" one, and one with the full set of edits shown. I'll be online for awhile, so please let me know if you can't read the files. Best, Kathy -- -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - Clean.doc Type: application/octet-stream Size: 44032 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/bfe464b0/Recommendations-Clean.doc -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - version with all edits shown KK ET.doc Type: application/octet-stream Size: 88064 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/bfe464b0/Recommendations-versionwithalleditsshownKKET.doc From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 03:27:51 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 30 Nov 2011 14:27:51 +1100 Subject: [Rt4-whois] Recommendations - here attached [SEC=UNCLASSIFIED] In-Reply-To: <4ED59DD2.5030709@kathykleiman.com> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64225D@EMB01.dept.gov.au> Classification: UNCLASSIFIED Thanks Kathy for circulating these versions - they're very helpful. The first thing I noticed was that the recommendation for a consumer portal seems to be missing. I assume this wasn't intentional? The second relates to the privacy related recommendations, which I commented on earlier. On that issue, my comments and concerns remain. I'll keep reading, but wanted to share my initial thoughts as soon as I could. Cheers Peter ----- Original Message ----- From: Kathy Kleiman [mailto:kathy at kathykleiman.com] Sent: Wednesday, November 30, 2011 02:06 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Recommendations - here attached Hi All, To the Chapters 7 and 8 that Emily circulated today (an expansion of the Gap Analysis from one chapter into two to make it more readable), let me add Chapter 9, Recommendations. Chapter 9 is also separated out from the Gap Analysis to create a separate place for our Recommendations. The entire report leads up to them, and I guess they are the climax of our story. We worked hard to take our Dakar and MDR recommendations, remove duplicates, and clarify languages (so that all references are clear, etc.). There are still a few blanks to be filled in, so if you know the answers, please let the group know. Two copies attached: a "clean" one, and one with the full set of edits shown. I'll be online for awhile, so please let me know if you can't read the files. Best, Kathy -- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From kathy at kathykleiman.com Wed Nov 30 03:33:51 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 29 Nov 2011 22:33:51 -0500 Subject: [Rt4-whois] Recommendations - here attached [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D64225D@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D64225D@EMB01.dept.gov.au> Message-ID: <4ED5A41F.9010500@kathykleiman.com> Quick answers to Peter's question in text below > Classification: UNCLASSIFIED > > Thanks Kathy for circulating these versions - they're very helpful. > > The first thing I noticed was that the recommendation for a consumer portal seems to be missing. I assume this wasn't intentional? ==> No, not intentional. Just in a different place. Does someone have easy access to the current text? > > The second relates to the privacy related recommendations, which I commented on earlier. On that issue, my comments and concerns remain. ==> Noted. Not sure how to resolve. Will leave this to Emily. > > I'll keep reading, but wanted to share my initial thoughts as soon as I could. ==> Tx you, and thank you for all the work on Chapters 7 and 8. > Cheers > > Peter > > ----- Original Message ----- > From: Kathy Kleiman [mailto:kathy at kathykleiman.com] > Sent: Wednesday, November 30, 2011 02:06 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Recommendations - here attached > > Hi All, > To the Chapters 7 and 8 that Emily circulated today (an expansion of the > Gap Analysis from one chapter into two to make it more readable), let me > add Chapter 9, Recommendations. > > Chapter 9 is also separated out from the Gap Analysis to create a > separate place for our Recommendations. The entire report leads up to > them, and I guess they are the climax of our story. > > We worked hard to take our Dakar and MDR recommendations, remove > duplicates, and clarify languages (so that all references are clear, > etc.). There are still a few blanks to be filled in, so if you know the > answers, please let the group know. > > Two copies attached: a "clean" one, and one with the full set of edits > shown. > > I'll be online for awhile, so please let me know if you can't read the > files. > Best, > Kathy > -- From lynn at goodsecurityconsulting.com Wed Nov 30 03:34:15 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 20:34:15 -0700 Subject: [Rt4-whois] Draft editing - removing yellow highlighting Message-ID: <20111129203415.00ef555ff13978e3e1b8d2179880f99e.4d19256e22.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/f37a2853/attachment.html From kathy at kathykleiman.com Wed Nov 30 03:51:36 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Tue, 29 Nov 2011 22:51:36 -0500 Subject: [Rt4-whois] Version control in progress Message-ID: <4ED5A848.8050808@kathykleiman.com> Just a quick note to all still up that I am working on version control issues now. Will circulate something shortly. Best, Kathy -- From bill.smith at paypal-inc.com Wed Nov 30 05:12:08 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 22:12:08 -0700 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> <636771A7F4383E408C57A0240B5F8D4A333D642257@EMB01.dept.gov.au> Message-ID: <275EA318-39C4-4BDB-AEAD-DB432D29AB00@paypal.com> Likewise. I've been trying to produce a "clean", without highlights, version. I made it through a few chapters but have now run into comments that indicate chapters should be removed, moved, etc. I'm getting lost. (I started with the version on the site dated 29 Nov.) I can devote tomorrow to editing and cleaning up but will need assistance in determining what stays, goes, moves, etc. Not sure we'll be able to get this out tomorrow. I attached what I have if anyone wants to take a look. Bill (The highlighting is a mess, but I think I have it figure out. It's time-consuming to deal with, but not impossible.) On Nov 29, 2011, at 4:45 PM, Susan Kawaguchi wrote: > I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. > > Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter > Sent: Tuesday, November 29, 2011 4:34 PM > To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello again all, > > I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. > > The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. > > The findings also seem to be spread in different parts of the report, and not in final form. > > I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? > > Cheers, > > Peter > > > ----- Original Message ----- > From: Nettlefold, Peter > Sent: Wednesday, November 30, 2011 10:16 AM > To: 'lynn at goodsecurityconsulting.com' ; 'emily at emilytaylor.eu' ; 'rt4-whois-bounces at icann.org' ; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I'll be trying to read the key parts of the report today while I'm in meetings. > > Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. > > That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. > > I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? > > Cheers, > > Peter > > > ----- Original Message ----- > From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] > Sent: Wednesday, November 30, 2011 07:47 AM > To: Emily Taylor ; rt4-whois-bounces at icann.org ; rt4-whois at icann.org > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > Thanks Emily for your endurance and pulling us through. Your request is reasonable. > Lynn > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > Sender: rt4-whois-bounces at icann.org > Date: Tue, 29 Nov 2011 20:44:50 > To: > Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- A non-text attachment was scrubbed... Name: WCS - WHOIS RT - DRAFT REPORT - 29 NOV2011 rev 2.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 634380 bytes Desc: WCS - WHOIS RT - DRAFT REPORT - 29 NOV2011 rev 2.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/29f23565/WCS-WHOISRT-DRAFTREPORT-29NOV2011rev2-0001.docx From bill.smith at paypal-inc.com Wed Nov 30 05:20:00 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 22:20:00 -0700 Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] In-Reply-To: <056001ccaf0b$66c4db20$344e9160$@reiss@lex-ip.com> References: <1474356649-1322599676-cardhu_decombobulator_blackberry.rim.net-900129410-@b11.c9.bise6.blackberry> <636771A7F4383E408C57A0240B5F8D4A333D642254@EMB01.dept.gov.au> <056001ccaf0b$66c4db20$344e9160$@reiss@lex-ip.com> Message-ID: <80DEC94B-1CDB-4435-9982-71FD057A754E@paypal.com> If we can somehow get to what Seth proposes, I'm all for it. Perpetuating the mess is unacceptable and while we may not be able to unravel things, ICANN must find a way. On Nov 29, 2011, at 6:54 PM, Seth M Reiss wrote: > Susan > > I have not studied the cases you cite (and I probably should) but I think > the underlying problem is that ICANN tried, unsuccessfully, to regulate the > proxy industry via, e.g., RAA 3.7.7.3. If ICANN had not given some > recognition to the proxy industry through RAA 3.7.7.3, then I am not sure > how the Ninth Circuit would have come out the way it did. In other words, > if you do not recognize proxies, then anyone who decides to become a proxy > is the registrant and bears all liability for how the registered domain name > is used. > > Because ICANN has mucked up the waters trying, unsuccessfully, to regulate > proxy services, I agree ICANN now has to fix the problem in an affirmative > manner. We need to tell ICANN this but this does not mean ICANN is > necessarily stuck with regulating an industry that perhaps should not exist > or be given recognition. And we are not making policy or law, just telling > ICANN what we think needs fixing and in what manner. If we tell it to fix > the proxy situation so proxy services are no longer recognized in any form, > and so that if a registrar or reseller decides to offer such services they > will have to take responsibility for any and all liability resulting from > the use of the domain name, then ICANN with the assistance of their > remarkable staff, advisors and counsel will have to study the cases you cite > and other applicable circumstances to figure out how to get there from here. > I am confident there is a way, and I am also confident that with the benefit > of all our thoughts and discussions, they may get it right :). > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Tuesday, November 29, 2011 1:55 PM > To: Nettlefold, Peter; 'lynn at goodsecurityconsulting.com'; > 'emily at emilytaylor.eu'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > [SEC=UNCLASSIFIED] > > Hi Peter, > > I have continued to give the proxy issue much thought. I am completely > opposed to removing the language about proxies from the RAA and leaving it > at that. I feel that we are skirting a major issue. I found two US court > cases that are relevant to this issue. I realize that court rulings depend > completely on jurisdiction so this may not apply to other countries. > > The first is right on point Balsam v. Tucows > http://scholar.google.com/scholar_case?case=8643528087906257613&hl=en&as_sdt > =2&as_vis=1&oi=scholarr > > As I read this ruling, the plaintiff was trying to rely on 3.7.7.3 and hold > Tucows responsible for the use of the domain name that was a proxy > registration. The court relied on 5.10 of the RAA > > "5.10 No Third-Party Beneficiaries. This Agreement shall not be construed to > create any obligation by either ICANN or Registrar to any non-party to this > Agreement, including any Registered Name Holder." > > The final paragraph in the court ruling is as follows > > "Given the absence of any evidence to the contrary, we conclude that the "No > Third Party Beneficiaries" clause unambiguously manifests an intent not to > create any obligations to third parties through the RAA. See Cal. Civ.Code ? > 1638 ("If contractual language is clear and explicit and does not involve an > absurdity, the plain meaning governs."); see also Register.com, Inc. v. > Verio, Inc., 356 F.3d 393, 400 (2d Cir.2004) (the RAA's "No Third-Party > Beneficiaries" provision "expressly and intentionally exclude[s] non-parties > from claiming rights under it in court proceedings"). Accordingly, Balsam's > claims, which are entirely dependent on his claimed status as a third-party > beneficiary,[3] must fail." > > At least in California court and maybe in US court in general the 3.7.7.3 > language is not going to hold up. It definitely would not have a chilling > effect and serve the purpose of immediately improving the relay and reveal > process we so desperately need with proxy registrations. > > Solid Host v. Namecheap http://www.circleid.com/pdf/solidhostnamecheap.pdf > > The 3.7.7.3 language was also asserted but it was the contributory > liability allegations > Based on California's Unfair Competition Law (the "UCL"). "The court has > concluded that Solid Host's complaint adequately pleads a cybersquatting > claim against NameCheap on a contributory liability theory. > > > Neither of these cases were able to rely on the RAA language in my opinion > although as you know I am not an attorney. > > I revised the proxy recommendation I am proposing and inserted it into the > report yesterday and in giving it more thought I have shortened it once > again based on a earlier comment from James. > > All of this would be voluntary on the part of the proxy service provider. > > Definitions > A proxy service - we should use the agreed upon definition once we have it. > >> From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited > registrar that operates under a common controlling interest. > Affiliate retail proxy service provider is an entity that operates under a > common controlling interest of a registrar. " > Retail proxy service provider - provides a proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. > > Limited proxy service provider - provides a proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. > > 1) a registrar is required to disclose their relationship with a > Retail proxy service provider to ICANN. > > 2) A retail proxy service provider should follow best practice > guidelines developed by the community. These may include the following: > > a. standardized relay and reveal processes and timeframes; > > establish a standardized process for requesting contact information for a > proxy registration > > b. guidance on the appropriate level of publicly available information > on the registrant; > c. maintenance of a dedicated and available abuse point of contact; > d. public disclosure of contact details and the physical address of the > retail proxy service provider; and > e. validate registrant contact information. > 3. The best practice guidelines should be developed in close > consultation with the GAC, privacy advocates, law enforcement, and other > interested stakeholders. > 4. ICANN should encourage and incentivize registrars to interact with > the retail service providers that adopt the best practices. > > Hope this helps to clarify my position. > > Susan > > > > > > > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Nettlefold, Peter > Sent: Tuesday, November 29, 2011 3:16 PM > To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; > 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I'll be trying to read the key parts of the report today while I'm in > meetings. > > Thanks to all, as I agree we've made a huge amount of progress. Special > thanks also to Emily for keeping this whole show moving. > > That said, there still seem to be some open issues which need to be resolved > before we release - particularly our direction on proxies. I'll be > monitoring emails today so will be interested to discuss where we go on that > issue, as it is clearly on of our most difficult, and equally one where the > community will be expecting us to provide direction. I think we all share a > common goal of improving the current situation and reducing the incidence > and risk of misuse, so I hope we can come forward with something strong on > this. > > I'm also interested in our timelines from here. How long will the report be > out for comment? When are we aiming to publish the final? > > Cheers, > > Peter > > > ----- Original Message ----- > From: lynn at goodsecurityconsulting.com > [mailto:lynn at goodsecurityconsulting.com] > Sent: Wednesday, November 30, 2011 07:47 AM > To: Emily Taylor ; rt4-whois-bounces at icann.org > ; rt4-whois at icann.org > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > Thanks Emily for your endurance and pulling us through. Your request is > reasonable. > Lynn > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > Sender: rt4-whois-bounces at icann.org > Date: Tue, 29 Nov 2011 20:44:50 > To: > Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ---------------------------------------------------------------------------- > --- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > ---------------------------------------------------------------------------- > --- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Wed Nov 30 05:22:20 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 00:22:20 -0500 Subject: [Rt4-whois] Version control - current draft Message-ID: <4ED5BD8C.9020704@kathykleiman.com> Dear All, Attached please find a full version of the report. It includes: - Chapter 7, Understanding the Needs of Stakeholders - Chapter 8, Gap Analysis - Chapter 9, Recommendations - The revised Consumer Survey section (now at the end of Chapter 7) - The new IDN recommendations (as revised by Sarmad, Michael and Kathy) - All built on the version of the Report sent by Alice this AM and posted on the private Wiki. (Note: Chapters 7, 8,9 are the ones Emily and I sent out together -- the splitting out of the one massive Gap Analysis chapter into three different segments. Greatly appreciate all of Peter's work on this.) I would like to share a special apology to Bill. Due to some incompatibilities between systems, I could not use the file he sent out tonight with editing changes in it. I tried really hard to do so; I so much appreciate his work! I had to roll back to the version Alice sent out earlier in the day. If someone could send me the current version of Lutz's recommendation, I would appreciate it. Best and good night, Kathy -- -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS RT - DRAFT REPORT - 29 NOV2011-1 New Ch 7, 8, 9 included.doc Type: application/octet-stream Size: 11573760 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/8b9ba873/WHOISRT-DRAFTREPORT-29NOV2011-1NewCh789included.doc From kathy at kathykleiman.com Wed Nov 30 05:24:44 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 00:24:44 -0500 Subject: [Rt4-whois] And a backup copy Message-ID: <4ED5BE1C.1040400@kathykleiman.com> Since we are having trouble with systems, I am sending out back up copies. The full report, per my earlier message. p.s. Please note this version is not yet posted on wiki since Alice is still asleep :-) -- -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS RT - DRAFT REPORT - 29 NOV2011-1 New Ch 7, 8, 9 included.doc Type: application/octet-stream Size: 11573760 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/c9ca454b/WHOISRT-DRAFTREPORT-29NOV2011-1NewCh789included.doc From lynn at goodsecurityconsulting.com Wed Nov 30 05:25:48 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Tue, 29 Nov 2011 22:25:48 -0700 Subject: [Rt4-whois] Working on Final Edits Message-ID: <20111129222548.00ef555ff13978e3e1b8d2179880f99e.6acfc293c0.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/4942d8bb/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS Working Draft 29 Nov Final Edits LG.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 193023 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111129/4942d8bb/WHOISWorkingDraft29NovFinalEditsLG.docx From bill.smith at paypal-inc.com Wed Nov 30 05:37:19 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 22:37:19 -0700 Subject: [Rt4-whois] Hate to say this... Message-ID: But I don't see how we're going to get this out tomorrow. As best I can tell text is still coming in and some fairly serious edits, just to remove highlighting need to occur. Then there are the adds/deletes/mods that still have to happen along with a set of judgment calls between competing suggestions. It turns out Kathy was unable to use the version that I circulated and has gone back to the one posted by Alice earlier today. Kathy will be adding Chaps 7, 8, and 9 to that earlier version and I'm hoping that we can then make a push for a "final" edit towards a clean version. Based on my work today to try and clean things up, I think a minimum of five hours is required just to deal with highlighting and making "obvious" edits. Then we have controversial edits, and they probably need to be done by at least a small group (better to share the blame/decision). Lastly, there are style inconsistencies between the chapters that should be addressed, but I think that's perhaps best done after everything else to minimize effort. I think we're looking at a good three days of work at minimum, and I'm offering myself, fulltime on this 'til it's done. One caveat is that we're going to need to reduce the number of software versions, simultaneous edits, etc. in order to pull this off - and turn track changes on at some point soon. The work that has gone into this is phenomenal and I'm amazed at quantity and quality of what I see. Getting it right, or at least "righter" is still going to take some time in my opinion... not to mention some of the "issues" still outstanding. From bill.smith at paypal-inc.com Wed Nov 30 05:44:10 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Tue, 29 Nov 2011 22:44:10 -0700 Subject: [Rt4-whois] Working on Final Edits In-Reply-To: <20111129222548.00ef555ff13978e3e1b8d2179880f99e.6acfc293c0.wbe@email12.secureserver.net> References: <20111129222548.00ef555ff13978e3e1b8d2179880f99e.6acfc293c0.wbe@email12.secureserver.net> Message-ID: Looks great Lynn. I hope we can find a way to add Kathy's additions. On Nov 29, 2011, at 9:25 PM, > > wrote: For those who are in time zones where you are still awake, I have made a start on the final editing. Attached is my working copy and I've made it through Section 3. Did manage to get rid of highlighting and have only left it in where I felt there is still an open question needing closure. Added a Table of Contents. The sections that described DNS and WHOIS and Registrars, Registries, etc. have been moved to Appendicies that I have not cleaned up yet. But sending this edited portion to get feedback. I am thinking the edited copy will be easier for everyone to read and if necessary make markups. Lynn -------- Original Message -------- Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] From: "Smith, Bill" > Date: Wed, November 30, 2011 12:12 am To: Susan Kawaguchi > Cc: "Nettlefold, Peter" >, "lynn at goodsecurityconsulting.com" >, "emily at emilytaylor.eu" >, "rt4-whois-bounces at icann.org" >, "rt4-whois at icann.org" > Likewise. I've been trying to produce a "clean", without highlights, version. I made it through a few chapters but have now run into comments that indicate chapters should be removed, moved, etc. I'm getting lost. (I started with the version on the site dated 29 Nov.) I can devote tomorrow to editing and cleaning up but will need assistance in determining what stays, goes, moves, etc. Not sure we'll be able to get this out tomorrow. I attached what I have if anyone wants to take a look. Bill (The highlighting is a mess, but I think I have it figure out. It's time-consuming to deal with, but not impossible.) On Nov 29, 2011, at 4:45 PM, Susan Kawaguchi wrote: > I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. > > Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter > Sent: Tuesday, November 29, 2011 4:34 PM > To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello again all, > > I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. > > The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. > > The findings also seem to be spread in different parts of the report, and not in final form. > > I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? > > Cheers, > > Peter > > > ----- Original Message ----- > From: Nettlefold, Peter > Sent: Wednesday, November 30, 2011 10:16 AM > To: 'lynn at goodsecurityconsulting.com' >; 'emily at emilytaylor.eu' >; 'rt4-whois-bounces at icann.org' >; 'rt4-whois at icann.org' > > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I'll be trying to read the key parts of the report today while I'm in meetings. > > Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. > > That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. > > I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? > > Cheers, > > Peter > > > ----- Original Message ----- > From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] > Sent: Wednesday, November 30, 2011 07:47 AM > To: Emily Taylor >; rt4-whois-bounces at icann.org >; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > Thanks Emily for your endurance and pulling us through. Your request is reasonable. > Lynn > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > > Sender: rt4-whois-bounces at icann.org > Date: Tue, 29 Nov 2011 20:44:50 > To: > > Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com>. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com>. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Wed Nov 30 06:16:24 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 06:16:24 +0000 Subject: [Rt4-whois] Working on Final Edits In-Reply-To: <20111129222548.00ef555ff13978e3e1b8d2179880f99e.6acfc293c0.wbe@email12.secureserver.net> References: <20111129222548.00ef555ff13978e3e1b8d2179880f99e.6acfc293c0.wbe@email12.secureserver.net> Message-ID: Hi Lynn, Thanks for the hard work. I will work from your edited copy. Unfortunately, I have not been able to do any editing tonight. My parents heater stopped working and I had to go over and take them space heaters until the repair service can come tomorrow. There is always something? I also agree with Bill that this is going to take additional time to get right. Susan From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Tuesday, November 29, 2011 9:26 PM To: Smith,Bill Cc: Nettlefold,Peter; emily at emilytaylor.eu; rt4-whois-bounces at icann.org; rt4-whois at icann.org; Susan Kawaguchi Subject: Working on Final Edits For those who are in time zones where you are still awake, I have made a start on the final editing. Attached is my working copy and I've made it through Section 3. Did manage to get rid of highlighting and have only left it in where I felt there is still an open question needing closure. Added a Table of Contents. The sections that described DNS and WHOIS and Registrars, Registries, etc. have been moved to Appendicies that I have not cleaned up yet. But sending this edited portion to get feedback. I am thinking the edited copy will be easier for everyone to read and if necessary make markups. Lynn -------- Original Message -------- Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] From: "Smith, Bill" > Date: Wed, November 30, 2011 12:12 am To: Susan Kawaguchi > Cc: "Nettlefold, Peter" >, "lynn at goodsecurityconsulting.com" >, "emily at emilytaylor.eu" >, "rt4-whois-bounces at icann.org" >, "rt4-whois at icann.org" > Likewise. I've been trying to produce a "clean", without highlights, version. I made it through a few chapters but have now run into comments that indicate chapters should be removed, moved, etc. I'm getting lost. (I started with the version on the site dated 29 Nov.) I can devote tomorrow to editing and cleaning up but will need assistance in determining what stays, goes, moves, etc. Not sure we'll be able to get this out tomorrow. I attached what I have if anyone wants to take a look. Bill (The highlighting is a mess, but I think I have it figure out. It's time-consuming to deal with, but not impossible.) On Nov 29, 2011, at 4:45 PM, Susan Kawaguchi wrote: > I agree with Peter I cannot really tell what I am agreeing to. Some of the comments are contrary to others so if I pick the one I am most aligned with then that makes sense to me but may not be the best for the report nor group. > > Should I edit the report in the way I am comfortable with it and then send my approved report to Alice? > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter > Sent: Tuesday, November 29, 2011 4:34 PM > To: 'lynn at goodsecurityconsulting.com'; 'emily at emilytaylor.eu'; 'rt4-whois-bounces at icann.org'; 'rt4-whois at icann.org' > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello again all, > > I've been trying to work my way through the findings and recommendations in the report, but am not sure I'm reading the right parts. > > The recommendations section has several overlapping parts, so that there are several recommendations on basically the same thing, in slightly different terms - for example, the recommendations on accuracy studies and the establishment of a privacy accreditation scheme. > > The findings also seem to be spread in different parts of the report, and not in final form. > > I may be reading the wrong version, but its not clear to me now what I would be signing off on (even without the outstanding proxy issue). Is this an issue others are having, or am I reading the wrong version? > > Cheers, > > Peter > > > ----- Original Message ----- > From: Nettlefold, Peter > Sent: Wednesday, November 30, 2011 10:16 AM > To: 'lynn at goodsecurityconsulting.com' >; 'emily at emilytaylor.eu' >; 'rt4-whois-bounces at icann.org' >; 'rt4-whois at icann.org' > > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I'll be trying to read the key parts of the report today while I'm in meetings. > > Thanks to all, as I agree we've made a huge amount of progress. Special thanks also to Emily for keeping this whole show moving. > > That said, there still seem to be some open issues which need to be resolved before we release - particularly our direction on proxies. I'll be monitoring emails today so will be interested to discuss where we go on that issue, as it is clearly on of our most difficult, and equally one where the community will be expecting us to provide direction. I think we all share a common goal of improving the current situation and reducing the incidence and risk of misuse, so I hope we can come forward with something strong on this. > > I'm also interested in our timelines from here. How long will the report be out for comment? When are we aiming to publish the final? > > Cheers, > > Peter > > > ----- Original Message ----- > From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] > Sent: Wednesday, November 30, 2011 07:47 AM > To: Emily Taylor >; rt4-whois-bounces at icann.org >; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > Thanks Emily for your endurance and pulling us through. Your request is reasonable. > Lynn > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > > Sender: rt4-whois-bounces at icann.org > Date: Tue, 29 Nov 2011 20:44:50 > To: > > Subject: [Rt4-whois] ACTION REQUIRED: What do I need to do now? > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/ad1f50b3/attachment.html From emily at emilytaylor.eu Wed Nov 30 09:41:52 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 09:41:52 +0000 Subject: [Rt4-whois] Recommendations and general update Message-ID: Hi all Thanks for your work overnight (or at least, my night). I'm trying to pull together the threads of the many e-mail messages that have passed in the last 12 hours or so. 1. Version control - this is proving a nightmare for everyone. I am sorry that so many of you have been struggling with this. I can see that we have had comments on the whole or part of the report from Bill, Susan, Peter, Lynn. I understand that Kathy was unable to see Bill's edits, so rolled back to an earlier version. There is also an incredibly annoying, persistent "comment" that is repeated about 100 times randomly throughout the document, and needs to be eliminated as it's confusing. *Action: Alice, please would you circulate the latest copy of the Report to the list as soon as possible, getting rid of highlighting except where it indicates a major disagreement, and leaving in all the comments from Bill, Susan, Peter and Lynn, but removing that buggy one. *2. Recommendations - Peter noticed that the ambit of the privacy recommendations seems to have changed since Dakar, without an explanation of how or why that change was made. Clearly, this will tend to reduce confidence, so my focus this morning will be to review and circulate a copy of the recommendations. I'm assisted in this by Kathy's work yesterday. She and I have been puzzling over how to clean up/wordsmith/ etc the recommendations, while respecting the negotiated text. This is a very difficult task. There are also new recommendations on proxies, the one from Lutz on common interface, and one which I put in about the Whois Data Reminder Policy (from the compliance letter). *Action: I will review the latest draft recommendations, and compare with the Dakar text. I will circulate a clean and marked up copy, with the latest versions of the recommendations, and an explanation for what has changed and why. *3. Deadline. I'm not prepared to give up yet! This is our draft report. It is not our final version. I will call it at 5pm UTC today. I want us to make every effort to get this out when we said we would. I really believe we can do this. Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a09e1308/attachment.html From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 10:19:52 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Wed, 30 Nov 2011 21:19:52 +1100 Subject: [Rt4-whois] Recommendations and general update [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64225E@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi Emily and all, Thanks again to everyone for all the hard work on this. I'm heading to sleep soon, so may miss the sign off if it goes ahead. To hopefully help the proxy discussion along, I am comfortable with the principles/ideas in Seth's last email, so if there is a way to draft recommendations for ICANN to stop endorsing proxies and proactively clarify that anyone who engages in this practice should assume all liability, in a way that also addresses Susan's concerns, I would support those. I do not support limited or voluntary measures to address the current problems with privacy or proxy services. These services have a profound impact on the effectiveness of WHOIS, and are the primary mechanism used by registrants to address privacy concerns, and ICANN needs to address them in a clear and comprehensive way. My concern is that limited or voluntary solutions will encourage gaming and provide safe harbours for bad actors. I think we can do better than that, and can come up with recommendations that address the current problems without encouraging new ones. My other concerns are on record, so I'll pass the baton to whoever is awake, and wish you happy editing. Cheers Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Wednesday, November 30, 2011 08:41 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Recommendations and general update Hi all Thanks for your work overnight (or at least, my night). I'm trying to pull together the threads of the many e-mail messages that have passed in the last 12 hours or so. 1. Version control - this is proving a nightmare for everyone. I am sorry that so many of you have been struggling with this. I can see that we have had comments on the whole or part of the report from Bill, Susan, Peter, Lynn. I understand that Kathy was unable to see Bill's edits, so rolled back to an earlier version. There is also an incredibly annoying, persistent "comment" that is repeated about 100 times randomly throughout the document, and needs to be eliminated as it's confusing. Action: Alice, please would you circulate the latest copy of the Report to the list as soon as possible, getting rid of highlighting except where it indicates a major disagreement, and leaving in all the comments from Bill, Susan, Peter and Lynn, but removing that buggy one. 2. Recommendations - Peter noticed that the ambit of the privacy recommendations seems to have changed since Dakar, without an explanation of how or why that change was made. Clearly, this will tend to reduce confidence, so my focus this morning will be to review and circulate a copy of the recommendations. I'm assisted in this by Kathy's work yesterday. She and I have been puzzling over how to clean up/wordsmith/ etc the recommendations, while respecting the negotiated text. This is a very difficult task. There are also new recommendations on proxies, the one from Lutz on common interface, and one which I put in about the Whois Data Reminder Policy (from the compliance letter). Action: I will review the latest draft recommendations, and compare with the Dakar text. I will circulate a clean and marked up copy, with the latest versions of the recommendations, and an explanation for what has changed and why. 3. Deadline. I'm not prepared to give up yet! This is our draft report. It is not our final version. I will call it at 5pm UTC today. I want us to make every effort to get this out when we said we would. I really believe we can do this. Kind regards Emily -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/d165167f/attachment.html From emily at emilytaylor.eu Wed Nov 30 12:10:33 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 12:10:33 +0000 Subject: [Rt4-whois] Recommendations and general update [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D64225E@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D64225E@EMB01.dept.gov.au> Message-ID: Hi Peter Thanks - hope I can catch you before you head to bed. I've been working through all the versions of the recommendations documents, and I'm going to produce a guide to help us all assess the language on this. In answer to your specific question about where the wording limiting the privacy provisions to ICANN accredited registrars was introduced by James (clearly labeled and credited) on 23 November. I recognise that this is a change in the scope of the recommendation, which was contentious to agree in Dakar, so I'm going to take this out for now. I will try to find the latest version on proxies, which I think was circulated by Susan, agreeable to James - who are the major players involved in trying to get agreed language here. I've set out the text I'll be working with below this mail. I hear what you say about voluntary provisions re: proxies, Peter. The trouble is, we won't reach consensus in this group for anything stronger at this time - that's my estimation anyway. James and Susan have worked very effectively together (and represent fairly polarised views on this issue, but a common interest in nudging the community towards doing better). For what it's worth, I think that what they have come up with is good, and gets the issue of proxies in frame. It throws the responsibility back on to the industry to come up with standardised reveal and relay. If done voluntarily, that would be great. By the time the ongoing reports come out, and the next WHOIS Review Team kicks off (we will be on a beach by then, sipping pina coladas), it will be apparent whether or not those voluntary measures have had the required effect - if they have not, more will be needed. However, the benefits of this approach are (1) it highlights a specific problem and throws the responsibility on to the industry to resolve it (2) it sets up expectations that more will be done if it is not resolved in a satisfactory way. Kind regards Emily ------------------ All of this would be voluntary on the part of the proxy service provider. Definitions A proxy service - we should use the agreed upon definition once we have it. >From 2009 RAA 1.20 "Affiliated Registrar" is another ICANN accredited registrar that operates under a common controlling interest. Affiliate retail proxy service provider is an entity that operates under a common controlling interest of a registrar. " Retail proxy service provider - provides a proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. Limited proxy service provider - provides a proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. 1) a registrar is required to disclose their relationship with a Retail proxy service provider to ICANN. 2) A retail proxy service provider should follow best practice guidelines developed by the community. These may include the following: a. standardized relay and reveal processes and timeframes; establish a standardized process for requesting contact information for a proxy registration b. guidance on the appropriate level of publicly available information on the registrant; c. maintenance of a dedicated and available abuse point of contact; d. public disclosure of contact details and the physical address of the retail proxy service provider; and e. validate registrant contact information. 3. The best practice guidelines should be developed in close consultation with the GAC, privacy advocates, law enforcement, and other interested stakeholders. 4. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. On 30 November 2011 10:19, Nettlefold, Peter wrote: > Classification: UNCLASSIFIED > > Hi Emily and all, > > Thanks again to everyone for all the hard work on this. > > I'm heading to sleep soon, so may miss the sign off if it goes ahead. > > To hopefully help the proxy discussion along, I am comfortable with the > principles/ideas in Seth's last email, so if there is a way to draft > recommendations for ICANN to stop endorsing proxies and proactively clarify > that anyone who engages in this practice should assume all liability, in a > way that also addresses Susan's concerns, I would support those. > > I do not support limited or voluntary measures to address the current > problems with privacy or proxy services. These services have a profound > impact on the effectiveness of WHOIS, and are the primary mechanism used by > registrants to address privacy concerns, and ICANN needs to address them in > a clear and comprehensive way. My concern is that limited or voluntary > solutions will encourage gaming and provide safe harbours for bad actors. I > think we can do better than that, and can come up with recommendations that > address the current problems without encouraging new ones. > > My other concerns are on record, so I'll pass the baton to whoever is > awake, and wish you happy editing. > > Cheers > > Peter > > > > *From*: Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent*: Wednesday, November 30, 2011 08:41 PM > *To*: rt4-whois at icann.org > *Subject*: [Rt4-whois] Recommendations and general update > > Hi all > > Thanks for your work overnight (or at least, my night). > > I'm trying to pull together the threads of the many e-mail messages that > have passed in the last 12 hours or so. > > > 1. Version control - this is proving a nightmare for everyone. I am sorry > that so many of you have been struggling with this. I can see that we have > had comments on the whole or part of the report from Bill, Susan, Peter, > Lynn. I understand that Kathy was unable to see Bill's edits, so rolled > back to an earlier version. There is also an incredibly annoying, > persistent "comment" that is repeated about 100 times randomly throughout > the document, and needs to be eliminated as it's confusing. > > *Action: Alice, please would you circulate the latest copy of the Report > to the list as soon as possible, getting rid of highlighting except where > it indicates a major disagreement, and leaving in all the comments from > Bill, Susan, Peter and Lynn, but removing that buggy one. > > *2. Recommendations - Peter noticed that the ambit of the privacy > recommendations seems to have changed since Dakar, without an explanation > of how or why that change was made. Clearly, this will tend to reduce > confidence, so my focus this morning will be to review and circulate a copy > of the recommendations. I'm assisted in this by Kathy's work yesterday. > She and I have been puzzling over how to clean up/wordsmith/ etc the > recommendations, while respecting the negotiated text. This is a very > difficult task. There are also new recommendations on proxies, the one > from Lutz on common interface, and one which I put in about the Whois Data > Reminder Policy (from the compliance letter). > > *Action: I will review the latest draft recommendations, and compare with > the Dakar text. I will circulate a clean and marked up copy, with the > latest versions of the recommendations, and an explanation for what has > changed and why. > > *3. Deadline. I'm not prepared to give up yet! This is our draft > report. It is not our final version. I will call it at 5pm UTC today. I > want us to make every effort to get this out when we said we would. I > really believe we can do this. > > Kind regards > > Emily > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > > * > ------------------------------------------------------------------------------- > * > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > * > ------------------------------------------------------------------------------- > * > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a76abc96/attachment.html From lynn at goodsecurityconsulting.com Wed Nov 30 12:20:33 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 05:20:33 -0700 Subject: [Rt4-whois] Recommendations and general update Message-ID: <20111130052033.00ef555ff13978e3e1b8d2179880f99e.b6d45ad67a.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a4d7d1c8/attachment.html From emily at emilytaylor.eu Wed Nov 30 13:00:00 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 13:00:00 +0000 Subject: [Rt4-whois] Recommendations and general update In-Reply-To: <20111130052033.00ef555ff13978e3e1b8d2179880f99e.b6d45ad67a.wbe@email12.secureserver.net> References: <20111130052033.00ef555ff13978e3e1b8d2179880f99e.b6d45ad67a.wbe@email12.secureserver.net> Message-ID: Hi Lynn Delighted to have you online, and thanks for joining so early. Please press on. I'll be sending out a marked up version of the recommendations (showing the source - the best of my abilities) within the hour. The table of contents is excellent, and very helpful for the reader. Please would you take a careful look at the following: 1/ We discussed by e-mail last night the possibility of shifting some of the content from the Consumer Research chapter into an appendix. Could you have a look at this, and make suggestions? 2/ Please would you give careful thought to the positioning of the Consumer Trust chapter. Peter, Kathy and I were thinking it would go very well after the Chapter 7 (what law enforcement want) and before our findings (Chapter 8 ) and recommendations (9). I see that in your latest mark up you have the chapter where it originally was. I think this not such a good position, because after it we immediately flip back into background stuff like the history of how the policy developed, what the compliance team does. The consumer stuff I see as real meat and potatoes - good for the analysis section. I would appreciate your thoughts on this Lynn. Kind regards Emily On 30 November 2011 12:20, wrote: > I'm back at my computer - my time zone is GMT -5 and it is morning here. > Not sure whether to do any further editing or not so will stand by and be > available to help. > > I did feel very encouraged that in just making administrative edits and > removing the yellow highlighting, it was easier to see the remaining points > of contention. > > Also felt that creating a Table of Contents is needed. > Happy to help in any way to move this forward. > Lynn > > > -------- Original Message -------- > Subject: [Rt4-whois] Recommendations and general update > From: Emily Taylor > Date: Wed, November 30, 2011 4:41 am > To: rt4-whois at icann.org > > Hi all > > Thanks for your work overnight (or at least, my night). > > I'm trying to pull together the threads of the many e-mail messages that > have passed in the last 12 hours or so. > > > 1. Version control - this is proving a nightmare for everyone. I am sorry > that so many of you have been struggling with this. I can see that we have > had comments on the whole or part of the report from Bill, Susan, Peter, > Lynn. I understand that Kathy was unable to see Bill's edits, so rolled > back to an earlier version. There is also an incredibly annoying, > persistent "comment" that is repeated about 100 times randomly throughout > the document, and needs to be eliminated as it's confusing. > > *Action: Alice, please would you circulate the latest copy of the Report > to the list as soon as possible, getting rid of highlighting except where > it indicates a major disagreement, and leaving in all the comments from > Bill, Susan, Peter and Lynn, but removing that buggy one. > > *2. Recommendations - Peter noticed that the ambit of the privacy > recommendations seems to have changed since Dakar, without an explanation > of how or why that change was made. Clearly, this will tend to reduce > confidence, so my focus this morning will be to review and circulate a copy > of the recommendations. I'm assisted in this by Kathy's work yesterday. > She and I have been puzzling over how to clean up/wordsmith/ etc the > recommendations, while respecting the negotiated text. This is a very > difficult task. There are also new recommendations on proxies, the one > from Lutz on common interface, and one which I put in about the Whois Data > Reminder Policy (from the compliance letter). > > *Action: I will review the latest draft recommendations, and compare with > the Dakar text. I will circulate a clean and marked up copy, with the > latest versions of the recommendations, and an explanation for what has > changed and why. > > *3. Deadline. I'm not prepared to give up yet! This is our draft > report. It is not our final version. I will call it at 5pm UTC today. I > want us to make every effort to get this out when we said we would. I > really believe we can do this. > > Kind regards > > Emily > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > ------------------------------ > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b5482da7/attachment.html From sharon.lemon at soca.x.gsi.gov.uk Wed Nov 30 13:48:08 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Wed, 30 Nov 2011 13:48:08 +0000 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C69406F40@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED Dear Emily, Alice and All, Sorry for arriving at the party late, I have been watching in awe the hundreds of emails flying about. We gave until today for our international colleagues to comment and we have just had our own internal meeting to finalise the comments on the paper. The paper complemented our ongoing law enforcement work within the ICANN community and there are not comments of major significance -ours are in green. I know that Alice is currently going through the nightmare of trying to organise the version control. (Good Luck and thanks Alice). I have replaced the definition of law enforcement with: Any entity with a responsibility to enforce or ensure observance to or obedience of the law, whether mandated by government or otherwise. We could go on forever with this - but let me know if there are any show stopping objections. I hope we make the deadline of 5pm ;-) Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: KIBBEY, Gary Sent: 30 November 2011 13:16 To: LEMON, Sharon Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: FLAHERTY, Jonathan Sent: 29 November 2011 17:54 To: KIBBEY, Gary; ADDIS, Benedict Cc: CURLEY, Cliona Subject: RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED My comments added. Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 218439 | jonathan.flaherty at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:34 To: FLAHERTY, Jonathan; ADDIS, Benedict Cc: CURLEY, Cliona Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gents If you have any comments -can you drop onto this working copy. Don't track changes - just comments. Ta Gary Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:31 To: KIBBEY, Gary Subject: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED The message is ready to be sent with the following file or link attachments: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/f558bf89/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments.doc Type: application/msword Size: 1034752 bytes Desc: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/f558bf89/WHOISPolicyRT-Draftreport-24Nov-CleanCCGKComments.doc From sharon.lemon at soca.x.gsi.gov.uk Wed Nov 30 13:51:47 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Wed, 30 Nov 2011 13:51:47 +0000 Subject: [Rt4-whois] FW: FW: Whois RT Draft report Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C69406F41@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED All, A late arrival from Canada - I can't find the tracked changes - does anyone know what this means? These suggested corrections are reflected in the Word Tracking feature under the #000035590 code. The Comments are identified more clearly (under Fred and my name). In fact, I can't even open the document, computer says 'No'. The only other point they make is that the document is too long. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 Hello Shona/Gary, Further to your earlier message please be advised that Lieutenant Fr?d?rick (Fred) Gaudreau, S?ret? du Qu?bec, and I have reviewed the WHOIS Policy RT - Draft document and have identified suggested corrections/comments that we would respectfully submit for your consideration. These suggested corrections are reflected in the Word Tracking feature under the #000035590 code. The Comments are identified more clearly (under Fred and my name). Please note that we did not have sufficient time to review the Appendices document. We recognize the importance of this document and fully appreciate everyone's efforts in putting this together. However we would humbly submit that perhaps the document would have more impact if it were strategically focused to within a 15-20 page document. The Appendices document would also need to be downsized but it could include additional information currently in the main draft Policy document. We feel this would ensure to highlight the main issues and this would in turn ensure to provide the reader with all the relevant information surrounding the WHOIS issue. Please feel free to contact us if you have any questions. Marc S/Sgt Marc Moreau, s-?-m Royal Canadian Mounted Police/Gendarmerie royale du Canada Strategic Communications and Liaison Officer, Technological Crime Branch, Sp?cialiste en Communication et Agent de liaison, Sous-direction de la criminalit? technologique, 1426 St. Joseph Blvd., Rm 2200 Ottawa, Ontario K1A 0R2 Ph. (613) 993-6011 Fax (613) 993-2963>>> "McINTOSH, Shona" 11/25/2011 8:59 AM >>> NOT PROTECTIVELY MARKED Dear All Please see attached; the latest version of the Whois Review Team Report. Please can you have a read, and make any comments you feel necessary. Instructions for comment: Rather than track changes, can any changes please be inserted directly into the text, highlighted in yellow and your initials added at the end? The deadline for this back to me / Gary is GMT 1200 on 29th November. Apologies for the tight timescale. Shona McIntosh l Staff Officer to Sharon Lemon | Serious Organised Crime Agency l +44(0)20 78552941 07717347907 | shona.mcintosh at soca.x.gsi.gov.uk This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/dcfb3205/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: WHOIS Policy RT - Draft report - 24 Nov - Clean - Canadian Law Enforcement Comments November 2011.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 743047 bytes Desc: WHOIS Policy RT - Draft report - 24 Nov - Clean - Canadian Law Enforcement Comments November 2011.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/dcfb3205/WHOISPolicyRT-Draftreport-24Nov-Clean-CanadianLawEnforcementCommentsNovember2011.docx From kathy at kathykleiman.com Wed Nov 30 14:02:16 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 09:02:16 -0500 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C69406F40@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C69406F40@soca.x.gsi.gov.uk> Message-ID: <4ED63768.10008@kathykleiman.com> Dear Sharon, Tx you so much for trying to find your way through the morass. I wanted to share that I am looking forward to reading the comments of LE, but mark my great concern about the newly-expanded LE defintion. I would value the opportunity to talk with you further, but expanding LE to all private parties is a real issue -- and one I thought we had resolved with the three tiers of users: - LE users (as defined previously, with clear state authority) - Expert Users (particularly the private fraud detectors and malware investigators) - Other users, including Internet users. As much as I respect the Anti-Phishing Working Group, they don't have the bounds, limits, process and protections of SOCA or the FBI. They are a private entity operating with private processes. And that's different. If we stick with the original definition, with an emphasis on access, education, etc. to those private entities using Whois to enforce their interpretation of the law -- would we be OK? [Note: with the note, as you all know, that I have spent 15 years in this arena watching private parties overstretch and abuse their authority, or lack thereof. We have to take the abuse cases into account. LE cares about due process and the limits of the law; many private parties do not. ] Best, Kathy ps could someone please forward to Sharon since my email to her bounces. Tx! > > *NOT PROTECTIVELY MARKED * > > Dear Emily, Alice and All, > Sorry for arriving at the party late, I have been watching in awe the > hundreds of emails flying about. We gave until today for our > international colleagues to comment and we have just had our own > internal meeting to finalise the comments on the paper. > The paper complemented our ongoing law enforcement work within the > ICANN community and there are not comments of major significance -ours > are in green. I know that Alice is currently going through the > nightmare of trying to organise the version control. (Good Luck and > thanks Alice). > I have replaced the definition of law enforcement with: > Any entity with a responsibility to enforce or ensure observance to or > obedience of the law, whether mandated by government or otherwise. > We could go on forever with this - but let me know if there are any > show stopping objections. > I hope we make the deadline of 5pm ;-) > Sharon > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 30 November 2011 13:16 > *To:* LEMON, Sharon > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - > Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency/ Tel +44(0)207 855 2863 +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > > -----Original Message----- > *From:* FLAHERTY, Jonathan > *Sent:* 29 November 2011 17:54 > *To:* KIBBEY, Gary; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - > Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > My comments added. > > *Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 > 218439 | jonathan.flaherty at soca.x.gsi.gov.uk* > > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:34 > *To:* FLAHERTY, Jonathan; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - > Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > Gents > If you have any comments -can you drop onto this working copy. > Don't track changes - just comments. > Ta > Gary > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency/ Tel +44(0)207 855 2863 > +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:31 > *To:* KIBBEY, Gary > *Subject:* Emailing: WHOIS Policy RT - Draft report - 24 Nov - > Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > > The message is ready to be sent with the following file or link > attachments: > > WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments > > > Note: To protect against computer viruses, e-mail programs may > prevent sending or receiving certain types of file attachments. > Check your e-mail security settings to determine how attachments > are handled. > > This information is supplied in confidence by SOCA, and is exempt from > disclosure under the Freedom of Information Act 2000. It may also be > subject to exemption under other UK legislation. Onward disclosure may > be unlawful, for example, under the Data Protection Act 1998. Requests > for disclosure to the public must be referred to the SOCA FOI single > point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by > telephoning 0870 268 8677. > > All E-Mail sent and received by SOCA is scanned and subject to > assessment. Messages sent or received by SOCA staff are not private > and may be the subject of lawful business monitoring. E-Mail may be > passed at any time and without notice to an appropriate branch within > SOCA, on authority from the Director General or his Deputy for > analysis. This E-Mail and any files transmitted with it are intended > solely for the individual or entity to whom they are addressed. If you > have received this message in error, please contact the sender as soon > as possible. > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless > Worldwide in partnership with MessageLabs. (CCTM Certificate Number > 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored > and/or recorded for legal purposes. > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/3a5a4ffa/attachment.html From sharon.lemon at soca.x.gsi.gov.uk Wed Nov 30 14:11:07 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Wed, 30 Nov 2011 14:11:07 +0000 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <4ED63768.10008@kathykleiman.com> Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C69406F44@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED Kathy, I got this!. The only reason I changed the definition was at Peter and Emily's request as they thought the one in the document was a bit 'police state' like (my words, not theirs!). I tend to agree. I am extremely relaxed about the definition and if it has moved on since my last effort, then I am happy to go with the latest version. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: Kathy Kleiman [mailto:kathy at kathykleiman.com] Sent: 30 November 2011 14:02 To: rt4-whois at icann.org; LEMON, Sharon Subject: Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. Dear Sharon, Tx you so much for trying to find your way through the morass. I wanted to share that I am looking forward to reading the comments of LE, but mark my great concern about the newly-expanded LE defintion. I would value the opportunity to talk with you further, but expanding LE to all private parties is a real issue -- and one I thought we had resolved with the three tiers of users: - LE users (as defined previously, with clear state authority) - Expert Users (particularly the private fraud detectors and malware investigators) - Other users, including Internet users. As much as I respect the Anti-Phishing Working Group, they don't have the bounds, limits, process and protections of SOCA or the FBI. They are a private entity operating with private processes. And that's different. If we stick with the original definition, with an emphasis on access, education, etc. to those private entities using Whois to enforce their interpretation of the law -- would we be OK? [Note: with the note, as you all know, that I have spent 15 years in this arena watching private parties overstretch and abuse their authority, or lack thereof. We have to take the abuse cases into account. LE cares about due process and the limits of the law; many private parties do not. ] Best, Kathy ps could someone please forward to Sharon since my email to her bounces. Tx! NOT PROTECTIVELY MARKED Dear Emily, Alice and All, Sorry for arriving at the party late, I have been watching in awe the hundreds of emails flying about. We gave until today for our international colleagues to comment and we have just had our own internal meeting to finalise the comments on the paper. The paper complemented our ongoing law enforcement work within the ICANN community and there are not comments of major significance -ours are in green. I know that Alice is currently going through the nightmare of trying to organise the version control. (Good Luck and thanks Alice). I have replaced the definition of law enforcement with: Any entity with a responsibility to enforce or ensure observance to or obedience of the law, whether mandated by government or otherwise. We could go on forever with this - but let me know if there are any show stopping objections. I hope we make the deadline of 5pm ;-) Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: KIBBEY, Gary Sent: 30 November 2011 13:16 To: LEMON, Sharon Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: FLAHERTY, Jonathan Sent: 29 November 2011 17:54 To: KIBBEY, Gary; ADDIS, Benedict Cc: CURLEY, Cliona Subject: RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED My comments added. Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 218439 | jonathan.flaherty at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:34 To: FLAHERTY, Jonathan; ADDIS, Benedict Cc: CURLEY, Cliona Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gents If you have any comments -can you drop onto this working copy. Don't track changes - just comments. Ta Gary Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:31 To: KIBBEY, Gary Subject: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED The message is ready to be sent with the following file or link attachments: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/dfc6dcf4/attachment.html From emily at emilytaylor.eu Wed Nov 30 14:14:19 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 14:14:19 +0000 Subject: [Rt4-whois] Recommendations - updated language SOURCED Message-ID: Hi all Following the queries on the list overnight, I have tried as best I can to piece together the language of the recommendations.The documents I checked against were https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000(Draft Recommendations discussed in Dakar), and this https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000(The first consolidated draft of what was agreed in Dakar, and MdR). However, like others, I have found it confusing to understand from the multiple drafts posted on the private WIKI, but I do think the draft of 21 November (second link above) is a fair representation of what we as a team negotiated and agreed. I have gone back to text that we agreed in MdR and Dakar, and tried only to add text in the following circumstances: - Where the sense was unclear, or we were tasking the wrong people - Where the text has evolved through consent of the team since Dakar (IDNs and Proxies) - Where the text has come from another, stable source (compliance recommendation on WDRP). There, as the author and having received a comment from James on the correct parties to task, I have cleaned up the language. I hope I have done a fair job on this. I have noted one place (privacy recs.) where there is contested language. My proposal - sorry James - is that we revert to our agreed text from Dakar on this. If I have made mistakes on the source language, I apologise, this is not intentional and I am happy to be corrected. Please carefully consider these recommendations. They can be improved, the language could be better, clearer, but they are what we agreed. Please let me have any show stoppers by 1600 UTC. Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/1b75c302/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - SOURCE EXPLANATION.doc Type: application/msword Size: 67072 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/1b75c302/Recommendations-SOURCEEXPLANATION.doc From lynn at goodsecurityconsulting.com Wed Nov 30 14:20:21 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 07:20:21 -0700 Subject: [Rt4-whois] Recommendations and general update Message-ID: <20111130072021.00ef555ff13978e3e1b8d2179880f99e.c86ca2fd2a.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/37699cf6/attachment.html From emily at emilytaylor.eu Wed Nov 30 14:29:52 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 14:29:52 +0000 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C69406F40@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C69406F40@soca.x.gsi.gov.uk> Message-ID: Hi Sharon Thanks for working through this. Sorry to say it, but I will - I don't think your new version of the law enf. definition will work. It includes the world and his wife. Can I have your snap response to the following proposal: Any entity charged or otherwise mandated by governments with enforcing or ensuring observance of or obedience to the law; an organised body of people officially maintained or employed to keep order, prevent or detect crime and enforce the law. Unfortunately, your colleague from Canada was working to quite an old draft, which has been superseded several times over. I can see the comments, and note what is said about impact. We have been discussing moving chunks into appendices. Would the intro to the domain name system be a good candidate? Can you give me finalised text for that section, please, which incorporates the latest comments made by Lutz and others - this version seems to be based on an older draft. The comments from Gary and others later in the text, and gap analysis are good. I'd like to see how we can incorporate some of them. At the moment my priorities are to get the bits lining up in the right places, and have the executive summary, findings and recommendations agreed. Kind regards Emily On 30 November 2011 13:48, LEMON, Sharon wrote: > ** > > *NOT PROTECTIVELY MARKED * > Dear Emily, Alice and All, > > Sorry for arriving at the party late, I have been watching in awe the > hundreds of emails flying about. We gave until today for our international > colleagues to comment and we have just had our own internal meeting to > finalise the comments on the paper. > > The paper complemented our ongoing law enforcement work within the ICANN > community and there are not comments of major significance -ours are in > green. I know that Alice is currently going through the nightmare of > trying to organise the version control. (Good Luck and thanks Alice). > I have replaced the definition of law enforcement with: > > Any entity with a responsibility to enforce or ensure observance to or > obedience of the law, whether mandated by government or otherwise. > > We could go on forever with this - but let me know if there are any show > stopping objections. > > I hope we make the deadline of 5pm ;-) > > Sharon > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 30 November 2011 13:16 > *To:* LEMON, Sharon > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean > CC GK Comments > > *NOT PROTECTIVELY MARKED * > > > > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > -----Original Message----- > *From:* FLAHERTY, Jonathan > *Sent:* 29 November 2011 17:54 > *To:* KIBBEY, Gary; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean > CC GK Comments > > *NOT PROTECTIVELY MARKED * > My comments added. > > > *Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 > 218439 | jonathan.flaherty at soca.x.gsi.gov.uk* > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:34 > *To:* FLAHERTY, Jonathan; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean > CC GK Comments > > *NOT PROTECTIVELY MARKED * > Gents > > If you have any comments -can you drop onto this working copy. Don't track > changes - just comments. > > Ta > > Gary > > > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:31 > *To:* KIBBEY, Gary > *Subject:* Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC > GK Comments > > *NOT PROTECTIVELY MARKED * > > > The message is ready to be sent with the following file or link > attachments: > > WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments > > > Note: To protect against computer viruses, e-mail programs may prevent > sending or receiving certain types of file attachments. Check your e-mail > security settings to determine how attachments are handled. > > This information is supplied in confidence by SOCA, and is exempt from > disclosure under the Freedom of Information Act 2000. It may also be > subject to exemption under other UK legislation. Onward disclosure may be > unlawful, for example, under the Data Protection Act 1998. Requests for > disclosure to the public must be referred to the SOCA FOI single point of > contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning > 0870 268 8677. > > > > All E-Mail sent and received by SOCA is scanned and subject to assessment. > Messages sent or received by SOCA staff are not private and may be the > subject of lawful business monitoring. E-Mail may be passed at any time and > without notice to an appropriate branch within SOCA, on authority from the > Director General or his Deputy for analysis. This E-Mail and any files > transmitted with it are intended solely for the individual or entity to > whom they are addressed. If you have received this message in error, please > contact the sender as soon as possible. > > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide > in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On > leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/e5f28265/attachment.html From bill.smith at paypal-inc.com Wed Nov 30 14:43:34 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 07:43:34 -0700 Subject: [Rt4-whois] Recommendations - updated language SOURCED In-Reply-To: References: Message-ID: <4C6D7C25-448F-4298-B8AA-9978820EB40A@paypal.com> After a quick look, all but the privacy/proxy best practice recommendation seem acceptable to me. Those best practices might, and I stress might, be a step in the right direction but I have serious concerns with codifying the current set of practices. I am especially concerned with the "retail" language and the implication that it is acceptable for a service provider to act as the registered name holder, license the name to unknown entities, and have no liability for these actions. Reading the Ninth Circuits ruling that Susan circulated, that current RAA language was referenced to support the opinion that such a name holder has no liability, based on the current RAA language. What has been proposed, in my opinion, goes further and clearly indicates that this is not only accepted but expected behavior by contracted parties, or their "relations". It's my opinion that this is an area that ICANN, in ICANN time, allowed to develop and fester. While I think it important that ICANN codify current practice, it is our responsibility to point out where current practice (policy) is harmful. In my opinion, this is such an area. On Nov 30, 2011, at 6:14 AM, Emily Taylor wrote: Hi all Following the queries on the list overnight, I have tried as best I can to piece together the language of the recommendations.The documents I checked against were https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000 (Draft Recommendations discussed in Dakar), and this https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000 (The first consolidated draft of what was agreed in Dakar, and MdR). However, like others, I have found it confusing to understand from the multiple drafts posted on the private WIKI, but I do think the draft of 21 November (second link above) is a fair representation of what we as a team negotiated and agreed. I have gone back to text that we agreed in MdR and Dakar, and tried only to add text in the following circumstances: - Where the sense was unclear, or we were tasking the wrong people - Where the text has evolved through consent of the team since Dakar (IDNs and Proxies) - Where the text has come from another, stable source (compliance recommendation on WDRP). There, as the author and having received a comment from James on the correct parties to task, I have cleaned up the language. I hope I have done a fair job on this. I have noted one place (privacy recs.) where there is contested language. My proposal - sorry James - is that we revert to our agreed text from Dakar on this. If I have made mistakes on the source language, I apologise, this is not intentional and I am happy to be corrected. Please carefully consider these recommendations. They can be improved, the language could be better, clearer, but they are what we agreed. Please let me have any show stoppers by 1600 UTC. Kind regards Emily -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From sharon.lemon at soca.x.gsi.gov.uk Wed Nov 30 14:46:46 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Wed, 30 Nov 2011 14:46:46 +0000 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED Emily, Happy with this definition: Any entity charged or otherwise mandated by governments with enforcing or ensuring observance of or obedience to the law; an organised body of people officially maintained or employed to keep order, prevent or detect crime and enforce the law Moving intro to DNS to Appendices good ideas. Alice had the latest version, with Lutz's included. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: 30 November 2011 14:30 To: LEMON, Sharon Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. Hi Sharon Thanks for working through this. Sorry to say it, but I will - I don't think your new version of the law enf. definition will work. It includes the world and his wife. Can I have your snap response to the following proposal: Any entity charged or otherwise mandated by governments with enforcing or ensuring observance of or obedience to the law; an organised body of people officially maintained or employed to keep order, prevent or detect crime and enforce the law. Unfortunately, your colleague from Canada was working to quite an old draft, which has been superseded several times over. I can see the comments, and note what is said about impact. We have been discussing moving chunks into appendices. Would the intro to the domain name system be a good candidate? Can you give me finalised text for that section, please, which incorporates the latest comments made by Lutz and others - this version seems to be based on an older draft. The comments from Gary and others later in the text, and gap analysis are good. I'd like to see how we can incorporate some of them. At the moment my priorities are to get the bits lining up in the right places, and have the executive summary, findings and recommendations agreed. Kind regards Emily On 30 November 2011 13:48, LEMON, Sharon > wrote: NOT PROTECTIVELY MARKED Dear Emily, Alice and All, Sorry for arriving at the party late, I have been watching in awe the hundreds of emails flying about. We gave until today for our international colleagues to comment and we have just had our own internal meeting to finalise the comments on the paper. The paper complemented our ongoing law enforcement work within the ICANN community and there are not comments of major significance -ours are in green. I know that Alice is currently going through the nightmare of trying to organise the version control. (Good Luck and thanks Alice). I have replaced the definition of law enforcement with: Any entity with a responsibility to enforce or ensure observance to or obedience of the law, whether mandated by government or otherwise. We could go on forever with this - but let me know if there are any show stopping objections. I hope we make the deadline of 5pm ;-) Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: KIBBEY, Gary Sent: 30 November 2011 13:16 To: LEMON, Sharon Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: FLAHERTY, Jonathan Sent: 29 November 2011 17:54 To: KIBBEY, Gary; ADDIS, Benedict Cc: CURLEY, Cliona Subject: RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED My comments added. Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 218439 | jonathan.flaherty at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:34 To: FLAHERTY, Jonathan; ADDIS, Benedict Cc: CURLEY, Cliona Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gents If you have any comments -can you drop onto this working copy. Don't track changes - just comments. Ta Gary Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:31 To: KIBBEY, Gary Subject: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED The message is ready to be sent with the following file or link attachments: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation's IT Helpdesk. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/7897a4bd/attachment.html From emily at emilytaylor.eu Wed Nov 30 14:51:33 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 14:51:33 +0000 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> Message-ID: Great - thanks Sharon Alice - please amend the latest draft of the report to show this definition of law enforcement. Alice - Please also update the DNS intro and move it out to an appendix. On 30 November 2011 14:46, LEMON, Sharon wrote: > ** > > *NOT PROTECTIVELY MARKED * > Emily, > > Happy with this definition: > > Any entity charged or otherwise mandated by governments with enforcing or > ensuring observance of or obedience to the law; an organised body of people > officially maintained or employed to keep order, prevent or detect crime > and enforce the law > > Moving intro to DNS to Appendices good ideas. Alice had the latest > version, with Lutz's included. > > Sharon > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > -----Original Message----- > *From:* Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent:* 30 November 2011 14:30 > *To:* LEMON, Sharon > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. > > Hi Sharon > > Thanks for working through this. > > Sorry to say it, but I will - I don't think your new version of the law > enf. definition will work. It includes the world and his wife. Can I have > your snap response to the following proposal: > > Any entity charged or otherwise mandated by governments with enforcing or > ensuring observance of or obedience to the law; an organised body of people > officially maintained or employed to keep order, prevent or detect crime > and enforce the law. > > Unfortunately, your colleague from Canada was working to quite an old > draft, which has been superseded several times over. I can see the > comments, and note what is said about impact. We have been discussing > moving chunks into appendices. Would the intro to the domain name system > be a good candidate? > > Can you give me finalised text for that section, please, which > incorporates the latest comments made by Lutz and others - this version > seems to be based on an older draft. > > The comments from Gary and others later in the text, and gap analysis are > good. I'd like to see how we can incorporate some of them. At the moment > my priorities are to get the bits lining up in the right places, and have > the executive summary, findings and recommendations agreed. > > Kind regards > > Emily > > On 30 November 2011 13:48, LEMON, Sharon wrote: > >> ** >> >> *NOT PROTECTIVELY MARKED * >> Dear Emily, Alice and All, >> >> Sorry for arriving at the party late, I have been watching in awe the >> hundreds of emails flying about. We gave until today for our international >> colleagues to comment and we have just had our own internal meeting to >> finalise the comments on the paper. >> >> The paper complemented our ongoing law enforcement work within the ICANN >> community and there are not comments of major significance -ours are in >> green. I know that Alice is currently going through the nightmare of >> trying to organise the version control. (Good Luck and thanks Alice). >> I have replaced the definition of law enforcement with: >> >> Any entity with a responsibility to enforce or ensure observance to or >> obedience of the law, whether mandated by government or otherwise. >> >> We could go on forever with this - but let me know if there are any show >> stopping objections. >> >> I hope we make the deadline of 5pm ;-) >> >> Sharon >> >> >> Sharon LEMON OBE >> Deputy Director >> Cyber and Forensics >> Serious and Organised Crime Agency (SOCA) >> 07768 290902 >> 0207 855 2800 >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 30 November 2011 13:16 >> *To:* LEMON, Sharon >> *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> >> >> >> >> Gary Kibbey/ Senior Manager >> Cyber >> Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 >> gary.kibbey at soca.x.gsi.gov.uk >> >> -----Original Message----- >> *From:* FLAHERTY, Jonathan >> *Sent:* 29 November 2011 17:54 >> *To:* KIBBEY, Gary; ADDIS, Benedict >> *Cc:* CURLEY, Cliona >> *Subject:* RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> My comments added. >> >> >> *Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 >> 218439 | jonathan.flaherty at soca.x.gsi.gov.uk* >> >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 29 November 2011 14:34 >> *To:* FLAHERTY, Jonathan; ADDIS, Benedict >> *Cc:* CURLEY, Cliona >> *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> Gents >> >> If you have any comments -can you drop onto this working copy. Don't >> track changes - just comments. >> >> Ta >> >> Gary >> >> >> >> Gary Kibbey/ Senior Manager >> Cyber >> Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 >> gary.kibbey at soca.x.gsi.gov.uk >> >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 29 November 2011 14:31 >> *To:* KIBBEY, Gary >> *Subject:* Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC >> GK Comments >> >> *NOT PROTECTIVELY MARKED * >> >> >> The message is ready to be sent with the following file or link >> attachments: >> >> WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments >> >> >> Note: To protect against computer viruses, e-mail programs may prevent >> sending or receiving certain types of file attachments. Check your e-mail >> security settings to determine how attachments are handled. >> >> This information is supplied in confidence by SOCA, and is exempt from >> disclosure under the Freedom of Information Act 2000. It may also be >> subject to exemption under other UK legislation. Onward disclosure may be >> unlawful, for example, under the Data Protection Act 1998. Requests for >> disclosure to the public must be referred to the SOCA FOI single point of >> contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning >> 0870 268 8677. >> >> >> >> All E-Mail sent and received by SOCA is scanned and subject to >> assessment. Messages sent or received by SOCA staff are not private and may >> be the subject of lawful business monitoring. E-Mail may be passed at any >> time and without notice to an appropriate branch within SOCA, on authority >> from the Director General or his Deputy for analysis. This E-Mail and any >> files transmitted with it are intended solely for the individual or entity >> to whom they are addressed. If you have received this message in error, >> please contact the sender as soon as possible. >> >> >> >> The original of this email was scanned for viruses by the Government >> Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide >> in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On >> leaving the GSi this email was certified virus free. >> Communications via the GSi may be automatically logged, monitored and/or >> recorded for legal purposes. >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > > This email was received from the INTERNET and scanned by the Government > Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in > partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In > case of problems, please call your organisation?s IT Helpdesk. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide > in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On > leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/0d62cfdf/attachment.html From lynn at goodsecurityconsulting.com Wed Nov 30 14:51:40 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 07:51:40 -0700 Subject: [Rt4-whois] Recommendations - updated language SOURCED Message-ID: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/f9fe594a/attachment.html From emily at emilytaylor.eu Wed Nov 30 14:54:04 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 14:54:04 +0000 Subject: [Rt4-whois] Recommendations - updated language SOURCED In-Reply-To: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net> References: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net> Message-ID: Dang! This document is supposed to contain all of our recommendations. Thanks Lynn, good catch. I was intending to put it in and forgot AGAIN. Trying not to introduce additional language at this late stage Lynn. Did we already agree a consumer awareness programme recommendation? I can't find it, but happy to be corrected. I will re-issue this document with Lutz's draft - Lutz, OK if I tweak some of the language? On 30 November 2011 14:51, wrote: > I made a quick read Emily and have no objections to these recommendations. > > Are these just the recommendations with some remaining contention amongst > the team members? > > I was looking for Lutz's recommendation on a centralized interface for > ease of fnding WHOIS data. > Also want to make sure we recommend that ICANN develop and execute an > ongoing consumer awareness program. > I will be happy to draft that recommendation. > Lynn > > > -------- Original Message -------- > Subject: [Rt4-whois] Recommendations - updated language SOURCED > From: Emily Taylor > Date: Wed, November 30, 2011 9:14 am > To: rt4-whois at icann.org > > Hi all > > Following the queries on the list overnight, I have tried as best I can to > piece together the language of the recommendations.The documents I checked > against were > https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000(Draft Recommendations discussed in Dakar), and this > https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000(The first consolidated draft of what was agreed in Dakar, and MdR). > > However, like others, I have found it confusing to understand from the > multiple drafts posted on the private WIKI, but I do think the draft of 21 > November (second link above) is a fair representation of what we as a team > negotiated and agreed. > > I have gone back to text that we agreed in MdR and Dakar, and tried only > to add text in the following circumstances: > > - Where the sense was unclear, or we were tasking the wrong people > - Where the text has evolved through consent of the team since Dakar (IDNs > and Proxies) > - Where the text has come from another, stable source (compliance > recommendation on WDRP). There, as the author and having received a > comment from James on the correct parties to task, I have cleaned up the > language. > > I hope I have done a fair job on this. > > I have noted one place (privacy recs.) where there is contested language. > My proposal - sorry James - is that we revert to our agreed text from Dakar > on this. > > If I have made mistakes on the source language, I apologise, this is not > intentional and I am happy to be corrected. > > Please carefully consider these recommendations. They can be improved, > the language could be better, clearer, but they are what we agreed. Please > let me have any show stoppers by 1600 UTC. > > Kind regards > > Emily > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > ------------------------------ > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/bca9c042/attachment.html From omar at kaminski.adv.br Wed Nov 30 15:06:18 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 13:06:18 -0200 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> Message-ID: Dear RT, Should law enforcement be considered more a result of a kind of moral (and coletive) will, based on rules dictated or adopted, perhaps more than something to be enforced (en-force) by an entity, that could be the police in first instance and the judges in the last? Anyway since the early times we have "people appointed to maintain the standards and rules of the tribe or other society". I think this instance is the result of not observing or obeying the law, not the law enforcement itself as a result. As I found somewhere, "*Law enforcement *is the collective term for professionals who are dedicated to upholding and enforcing the laws and statutes that are currently in force in a given jurisdiction". But it could be also a matter of different points of view or interpretations under a certain or specific context. To prevent versus to repress. My quick two cents. Best regards from br, Omar 2011/11/30 LEMON, Sharon > ** > > *NOT PROTECTIVELY MARKED * > Emily, > > Happy with this definition: > > Any entity charged or otherwise mandated by governments with enforcing or > ensuring observance of or obedience to the law; an organised body of people > officially maintained or employed to keep order, prevent or detect crime > and enforce the law > > Moving intro to DNS to Appendices good ideas. Alice had the latest > version, with Lutz's included. > > Sharon > > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > -----Original Message----- > *From:* Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent:* 30 November 2011 14:30 > *To:* LEMON, Sharon > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. > > Hi Sharon > > Thanks for working through this. > > Sorry to say it, but I will - I don't think your new version of the law > enf. definition will work. It includes the world and his wife. Can I have > your snap response to the following proposal: > > Any entity charged or otherwise mandated by governments with enforcing or > ensuring observance of or obedience to the law; an organised body of people > officially maintained or employed to keep order, prevent or detect crime > and enforce the law. > > Unfortunately, your colleague from Canada was working to quite an old > draft, which has been superseded several times over. I can see the > comments, and note what is said about impact. We have been discussing > moving chunks into appendices. Would the intro to the domain name system > be a good candidate? > > Can you give me finalised text for that section, please, which > incorporates the latest comments made by Lutz and others - this version > seems to be based on an older draft. > > The comments from Gary and others later in the text, and gap analysis are > good. I'd like to see how we can incorporate some of them. At the moment > my priorities are to get the bits lining up in the right places, and have > the executive summary, findings and recommendations agreed. > > Kind regards > > Emily > > On 30 November 2011 13:48, LEMON, Sharon wrote: > >> ** >> >> *NOT PROTECTIVELY MARKED * >> Dear Emily, Alice and All, >> >> Sorry for arriving at the party late, I have been watching in awe the >> hundreds of emails flying about. We gave until today for our international >> colleagues to comment and we have just had our own internal meeting to >> finalise the comments on the paper. >> >> The paper complemented our ongoing law enforcement work within the ICANN >> community and there are not comments of major significance -ours are in >> green. I know that Alice is currently going through the nightmare of >> trying to organise the version control. (Good Luck and thanks Alice). >> I have replaced the definition of law enforcement with: >> >> Any entity with a responsibility to enforce or ensure observance to or >> obedience of the law, whether mandated by government or otherwise. >> >> We could go on forever with this - but let me know if there are any show >> stopping objections. >> >> I hope we make the deadline of 5pm ;-) >> >> Sharon >> >> >> Sharon LEMON OBE >> Deputy Director >> Cyber and Forensics >> Serious and Organised Crime Agency (SOCA) >> 07768 290902 >> 0207 855 2800 >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 30 November 2011 13:16 >> *To:* LEMON, Sharon >> *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> >> >> >> >> Gary Kibbey/ Senior Manager >> Cyber >> Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 >> gary.kibbey at soca.x.gsi.gov.uk >> >> -----Original Message----- >> *From:* FLAHERTY, Jonathan >> *Sent:* 29 November 2011 17:54 >> *To:* KIBBEY, Gary; ADDIS, Benedict >> *Cc:* CURLEY, Cliona >> *Subject:* RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> My comments added. >> >> >> *Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 >> 218439 | jonathan.flaherty at soca.x.gsi.gov.uk* >> >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 29 November 2011 14:34 >> *To:* FLAHERTY, Jonathan; ADDIS, Benedict >> *Cc:* CURLEY, Cliona >> *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean >> CC GK Comments >> >> *NOT PROTECTIVELY MARKED * >> Gents >> >> If you have any comments -can you drop onto this working copy. Don't >> track changes - just comments. >> >> Ta >> >> Gary >> >> >> >> Gary Kibbey/ Senior Manager >> Cyber >> Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 >> gary.kibbey at soca.x.gsi.gov.uk >> >> -----Original Message----- >> *From:* KIBBEY, Gary >> *Sent:* 29 November 2011 14:31 >> *To:* KIBBEY, Gary >> *Subject:* Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC >> GK Comments >> >> *NOT PROTECTIVELY MARKED * >> >> >> The message is ready to be sent with the following file or link >> attachments: >> >> WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments >> >> >> Note: To protect against computer viruses, e-mail programs may prevent >> sending or receiving certain types of file attachments. Check your e-mail >> security settings to determine how attachments are handled. >> >> This information is supplied in confidence by SOCA, and is exempt from >> disclosure under the Freedom of Information Act 2000. It may also be >> subject to exemption under other UK legislation. Onward disclosure may be >> unlawful, for example, under the Data Protection Act 1998. Requests for >> disclosure to the public must be referred to the SOCA FOI single point of >> contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning >> 0870 268 8677. >> >> >> >> All E-Mail sent and received by SOCA is scanned and subject to >> assessment. Messages sent or received by SOCA staff are not private and may >> be the subject of lawful business monitoring. E-Mail may be passed at any >> time and without notice to an appropriate branch within SOCA, on authority >> from the Director General or his Deputy for analysis. This E-Mail and any >> files transmitted with it are intended solely for the individual or entity >> to whom they are addressed. If you have received this message in error, >> please contact the sender as soon as possible. >> >> >> >> The original of this email was scanned for viruses by the Government >> Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide >> in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On >> leaving the GSi this email was certified virus free. >> Communications via the GSi may be automatically logged, monitored and/or >> recorded for legal purposes. >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > > This email was received from the INTERNET and scanned by the Government > Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in > partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In > case of problems, please call your organisation?s IT Helpdesk. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide > in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On > leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored and/or > recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/8c4a73a4/attachment.html From emily at emilytaylor.eu Wed Nov 30 15:10:43 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 15:10:43 +0000 Subject: [Rt4-whois] Recommendations - complete with the "common interface" one Message-ID: Hi there Lynn spotted that I had failed to include Lutz's proposal on a common interface. Looking at Lutz's proposed language, I think it goes into much more operational detail than we have generally done in these recommendations. I have therefore stripped it down considerably in this draft. The only comments I have had so far are from Bill (indicated general agreement, but finding the new language on proxy voluntary best practices difficult), and Lynn who is OK with them. Any more please? Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/1261ed3c/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - SOURCE EXPLANATION.doc Type: application/msword Size: 75264 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/1261ed3c/Recommendations-SOURCEEXPLANATION.doc From lynn at goodsecurityconsulting.com Wed Nov 30 15:11:50 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 08:11:50 -0700 Subject: [Rt4-whois] Recommendations - updated language SOURCED Message-ID: <20111130081150.00ef555ff13978e3e1b8d2179880f99e.05538c4222.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/7aded4e7/attachment.html From emily at emilytaylor.eu Wed Nov 30 15:14:27 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 15:14:27 +0000 Subject: [Rt4-whois] Recommendations and general update In-Reply-To: <20111130072021.00ef555ff13978e3e1b8d2179880f99e.c86ca2fd2a.wbe@email12.secureserver.net> References: <20111130072021.00ef555ff13978e3e1b8d2179880f99e.c86ca2fd2a.wbe@email12.secureserver.net> Message-ID: Hi Lynn Thanks for that on the order of the whole report. Sorry, I wasn't very clear in what I was suggesting. I'm not saying the entire thing should go into an appendix. Far from it. I attach a mark up showing my thoughts on what could go into an appendix, and some minor text edits otherwise. Please let me know what you think. Kind regards Emily On 30 November 2011 14:20, wrote: > Agreeable to putting the Consumer Trust chapter after Chapter 7- Law > Enforcement. > My feeling is that rather than an appendix for the Consumer Trust Chapter, > we should just make appendicies of the two User Insight powerpoint slides. > The slides are clear and lay out the same details. > > But I am reluctant to continue editing on my own working document and feel > I should wait for your marked up version. > I will also be happy to help Alice with administrative edits such as > grammar, spelling, formatting and creating the Table of Contents. > There was a section of content I removed because it looked like a Table of > Contents to me. It said here is how our paper is laid out. > Lynn > > > -------- Original Message -------- > > Subject: Re: [Rt4-whois] Recommendations and general update > From: Emily Taylor > Date: Wed, November 30, 2011 8:00 am > To: lynn at goodsecurityconsulting.com > Cc: rt4-whois at icann.org > > Hi Lynn > > Delighted to have you online, and thanks for joining so early. Please > press on. I'll be sending out a marked up version of the recommendations > (showing the source - the best of my abilities) within the hour. > The table of contents is excellent, and very helpful for the reader. > > Please would you take a careful look at the following: > > 1/ We discussed by e-mail last night the possibility of shifting some of > the content from the Consumer Research chapter into an appendix. Could you > have a look at this, and make suggestions? > 2/ Please would you give careful thought to the positioning of the > Consumer Trust chapter. Peter, Kathy and I were thinking it would go very > well after the Chapter 7 (what law enforcement want) and before our > findings (Chapter 8 ) and recommendations (9). I see that in your latest > mark up you have the chapter where it originally was. I think this not > such a good position, because after it we immediately flip back into > background stuff like the history of how the policy developed, what the > compliance team does. The consumer stuff I see as real meat and potatoes - > good for the analysis section. I would appreciate your thoughts on this > Lynn. > > > Kind regards > > Emily > > On 30 November 2011 12:20, wrote: > >> I'm back at my computer - my time zone is GMT -5 and it is morning here. >> Not sure whether to do any further editing or not so will stand by and be >> available to help. >> >> I did feel very encouraged that in just making administrative edits and >> removing the yellow highlighting, it was easier to see the remaining points >> of contention. >> >> Also felt that creating a Table of Contents is needed. >> Happy to help in any way to move this forward. >> Lynn >> >> >> -------- Original Message -------- >> Subject: [Rt4-whois] Recommendations and general update >> From: Emily Taylor >> Date: Wed, November 30, 2011 4:41 am >> To: rt4-whois at icann.org >> >> Hi all >> >> Thanks for your work overnight (or at least, my night). >> >> I'm trying to pull together the threads of the many e-mail messages that >> have passed in the last 12 hours or so. >> >> >> 1. Version control - this is proving a nightmare for everyone. I am >> sorry that so many of you have been struggling with this. I can see that >> we have had comments on the whole or part of the report from Bill, Susan, >> Peter, Lynn. I understand that Kathy was unable to see Bill's edits, so >> rolled back to an earlier version. There is also an incredibly annoying, >> persistent "comment" that is repeated about 100 times randomly throughout >> the document, and needs to be eliminated as it's confusing. >> >> *Action: Alice, please would you circulate the latest copy of the >> Report to the list as soon as possible, getting rid of highlighting except >> where it indicates a major disagreement, and leaving in all the comments >> from Bill, Susan, Peter and Lynn, but removing that buggy one. >> >> *2. Recommendations - Peter noticed that the ambit of the privacy >> recommendations seems to have changed since Dakar, without an explanation >> of how or why that change was made. Clearly, this will tend to reduce >> confidence, so my focus this morning will be to review and circulate a copy >> of the recommendations. I'm assisted in this by Kathy's work yesterday. >> She and I have been puzzling over how to clean up/wordsmith/ etc the >> recommendations, while respecting the negotiated text. This is a very >> difficult task. There are also new recommendations on proxies, the one >> from Lutz on common interface, and one which I put in about the Whois Data >> Reminder Policy (from the compliance letter). >> >> *Action: I will review the latest draft recommendations, and compare >> with the Dakar text. I will circulate a clean and marked up copy, with the >> latest versions of the recommendations, and an explanation for what has >> changed and why. >> >> *3. Deadline. I'm not prepared to give up yet! This is our draft >> report. It is not our final version. I will call it at 5pm UTC today. I >> want us to make every effort to get this out when we said we would. I >> really believe we can do this. >> >> Kind regards >> >> Emily >> -- >> >> >> >> >> * >> * >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> *www.etlaw.co.uk* >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> ------------------------------ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/49b2e6f9/attachment.html From emily at emilytaylor.eu Wed Nov 30 15:16:09 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 15:16:09 +0000 Subject: [Rt4-whois] Fwd: Recommendations and general update In-Reply-To: References: <20111130072021.00ef555ff13978e3e1b8d2179880f99e.c86ca2fd2a.wbe@email12.secureserver.net> Message-ID: With the attachment this time. On 30 November 2011 15:14, Emily Taylor wrote: > Hi Lynn > > Thanks for that on the order of the whole report. > > Sorry, I wasn't very clear in what I was suggesting. I'm not saying the > entire thing should go into an appendix. Far from it. I attach a mark up > showing my thoughts on what could go into an appendix, and some minor text > edits otherwise. > > Please let me know what you think. > > Kind regards > > Emily > > > On 30 November 2011 14:20, wrote: > >> Agreeable to putting the Consumer Trust chapter after Chapter 7- Law >> Enforcement. >> My feeling is that rather than an appendix for the Consumer Trust >> Chapter, we should just make appendicies of the two User Insight powerpoint >> slides. >> The slides are clear and lay out the same details. >> >> But I am reluctant to continue editing on my own working document and >> feel I should wait for your marked up version. >> I will also be happy to help Alice with administrative edits such as >> grammar, spelling, formatting and creating the Table of Contents. >> There was a section of content I removed because it looked like a Table >> of Contents to me. It said here is how our paper is laid out. >> Lynn >> >> >> -------- Original Message -------- >> >> Subject: Re: [Rt4-whois] Recommendations and general update >> From: Emily Taylor >> Date: Wed, November 30, 2011 8:00 am >> To: lynn at goodsecurityconsulting.com >> Cc: rt4-whois at icann.org >> >> Hi Lynn >> >> Delighted to have you online, and thanks for joining so early. Please >> press on. I'll be sending out a marked up version of the recommendations >> (showing the source - the best of my abilities) within the hour. >> The table of contents is excellent, and very helpful for the reader. >> >> Please would you take a careful look at the following: >> >> 1/ We discussed by e-mail last night the possibility of shifting some of >> the content from the Consumer Research chapter into an appendix. Could you >> have a look at this, and make suggestions? >> 2/ Please would you give careful thought to the positioning of the >> Consumer Trust chapter. Peter, Kathy and I were thinking it would go very >> well after the Chapter 7 (what law enforcement want) and before our >> findings (Chapter 8 ) and recommendations (9). I see that in your latest >> mark up you have the chapter where it originally was. I think this not >> such a good position, because after it we immediately flip back into >> background stuff like the history of how the policy developed, what the >> compliance team does. The consumer stuff I see as real meat and potatoes - >> good for the analysis section. I would appreciate your thoughts on this >> Lynn. >> >> >> Kind regards >> >> Emily >> >> On 30 November 2011 12:20, wrote: >> >>> I'm back at my computer - my time zone is GMT -5 and it is morning >>> here. >>> Not sure whether to do any further editing or not so will stand by and >>> be available to help. >>> >>> I did feel very encouraged that in just making administrative edits and >>> removing the yellow highlighting, it was easier to see the remaining points >>> of contention. >>> >>> Also felt that creating a Table of Contents is needed. >>> Happy to help in any way to move this forward. >>> Lynn >>> >>> >>> -------- Original Message -------- >>> Subject: [Rt4-whois] Recommendations and general update >>> From: Emily Taylor >>> Date: Wed, November 30, 2011 4:41 am >>> To: rt4-whois at icann.org >>> >>> Hi all >>> >>> Thanks for your work overnight (or at least, my night). >>> >>> I'm trying to pull together the threads of the many e-mail messages that >>> have passed in the last 12 hours or so. >>> >>> >>> 1. Version control - this is proving a nightmare for everyone. I am >>> sorry that so many of you have been struggling with this. I can see that >>> we have had comments on the whole or part of the report from Bill, Susan, >>> Peter, Lynn. I understand that Kathy was unable to see Bill's edits, so >>> rolled back to an earlier version. There is also an incredibly annoying, >>> persistent "comment" that is repeated about 100 times randomly throughout >>> the document, and needs to be eliminated as it's confusing. >>> >>> *Action: Alice, please would you circulate the latest copy of the >>> Report to the list as soon as possible, getting rid of highlighting except >>> where it indicates a major disagreement, and leaving in all the comments >>> from Bill, Susan, Peter and Lynn, but removing that buggy one. >>> >>> *2. Recommendations - Peter noticed that the ambit of the privacy >>> recommendations seems to have changed since Dakar, without an explanation >>> of how or why that change was made. Clearly, this will tend to reduce >>> confidence, so my focus this morning will be to review and circulate a copy >>> of the recommendations. I'm assisted in this by Kathy's work yesterday. >>> She and I have been puzzling over how to clean up/wordsmith/ etc the >>> recommendations, while respecting the negotiated text. This is a very >>> difficult task. There are also new recommendations on proxies, the one >>> from Lutz on common interface, and one which I put in about the Whois Data >>> Reminder Policy (from the compliance letter). >>> >>> *Action: I will review the latest draft recommendations, and compare >>> with the Dakar text. I will circulate a clean and marked up copy, with the >>> latest versions of the recommendations, and an explanation for what has >>> changed and why. >>> >>> *3. Deadline. I'm not prepared to give up yet! This is our draft >>> report. It is not our final version. I will call it at 5pm UTC today. I >>> want us to make every effort to get this out when we said we would. I >>> really believe we can do this. >>> >>> Kind regards >>> >>> Emily >>> -- >>> >>> >>> >>> >>> * >>> * >>> >>> 76 Temple Road, Oxford OX4 2EZ UK >>> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >>> emily at emilytaylor.eu >>> >>> *www.etlaw.co.uk* >>> >>> Emily Taylor Consultancy Limited is a company registered in England and >>> Wales No. 730471. VAT No. 114487713. >>> >>> ------------------------------ >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >> >> >> -- >> >> >> >> >> * >> * >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> *www.etlaw.co.uk* >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b3294f6e/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Consumer Trust Research Summary Clean Draft Nov28-1.doc Type: application/msword Size: 56320 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b3294f6e/ConsumerTrustResearchSummaryCleanDraftNov28-1.doc From susank at fb.com Wed Nov 30 15:35:24 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 15:35:24 +0000 Subject: [Rt4-whois] Recommendations - updated language SOURCED In-Reply-To: References: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net>, Message-ID: Hi Emily I have reviewed the recommendations document and I think once Lutz' recommendation is included we have captures everything. On the proxy proposal James had suggested less detail on what the best practices would be. I can agree with that. I am currently on my way into the office and can send proposed language at that time. I have not reviewed the full report after the revisions last night and would like the opportunity to do so What is the current cut off time? Susan Sent from my iPhone On Nov 30, 2011, at 6:54 AM, "Emily Taylor" > wrote: Dang! This document is supposed to contain all of our recommendations. Thanks Lynn, good catch. I was intending to put it in and forgot AGAIN. Trying not to introduce additional language at this late stage Lynn. Did we already agree a consumer awareness programme recommendation? I can't find it, but happy to be corrected. I will re-issue this document with Lutz's draft - Lutz, OK if I tweak some of the language? On 30 November 2011 14:51, <lynn at goodsecurityconsulting.com> wrote: I made a quick read Emily and have no objections to these recommendations. Are these just the recommendations with some remaining contention amongst the team members? I was looking for Lutz's recommendation on a centralized interface for ease of fnding WHOIS data. Also want to make sure we recommend that ICANN develop and execute an ongoing consumer awareness program. I will be happy to draft that recommendation. Lynn -------- Original Message -------- Subject: [Rt4-whois] Recommendations - updated language SOURCED From: Emily Taylor <emily at emilytaylor.eu> Date: Wed, November 30, 2011 9:14 am To: rt4-whois at icann.org Hi all Following the queries on the list overnight, I have tried as best I can to piece together the language of the recommendations.The documents I checked against were https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000 (Draft Recommendations discussed in Dakar), and this https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000 (The first consolidated draft of what was agreed in Dakar, and MdR). However, like others, I have found it confusing to understand from the multiple drafts posted on the private WIKI, but I do think the draft of 21 November (second link above) is a fair representation of what we as a team negotiated and agreed. I have gone back to text that we agreed in MdR and Dakar, and tried only to add text in the following circumstances: - Where the sense was unclear, or we were tasking the wrong people - Where the text has evolved through consent of the team since Dakar (IDNs and Proxies) - Where the text has come from another, stable source (compliance recommendation on WDRP). There, as the author and having received a comment from James on the correct parties to task, I have cleaned up the language. I hope I have done a fair job on this. I have noted one place (privacy recs.) where there is contested language. My proposal - sorry James - is that we revert to our agreed text from Dakar on this. If I have made mistakes on the source language, I apologise, this is not intentional and I am happy to be corrected. Please carefully consider these recommendations. They can be improved, the language could be better, clearer, but they are what we agreed. Please let me have any show stoppers by 1600 UTC. Kind regards Emily -- [X] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/81beebc3/attachment.html From kathy at kathykleiman.com Wed Nov 30 15:56:29 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 10:56:29 -0500 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111109112226.GA23343@belenus.iks-jena.de> References: <20111109112226.GA23343@belenus.iks-jena.de> Message-ID: <4ED6522D.4050905@kathykleiman.com> All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- From emily at emilytaylor.eu Wed Nov 30 16:03:49 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 16:03:49 +0000 Subject: [Rt4-whois] Fwd: Recommendations and general update In-Reply-To: <20111130083848.00ef555ff13978e3e1b8d2179880f99e.115d42105c.wbe@email12.secureserver.net> References: <20111130083848.00ef555ff13978e3e1b8d2179880f99e.115d42105c.wbe@email12.secureserver.net> Message-ID: Many thanks, Lynn For the latest version - we have the Consumer Trust chapter edited as attached, and in place after Chapter 7 and before Chapter 8. Highlighted bits to be removed to an appendix. Kind regards Emily ---------- Forwarded message ---------- From: Date: 30 November 2011 15:38 Subject: RE: [Rt4-whois] Recommendations and general update To: Emily Taylor don't worry - I got it. Agree we can streamline it by moving details into an appendix. -------- Original Message -------- Subject: Re: [Rt4-whois] Recommendations and general update From: Emily Taylor Date: Wed, November 30, 2011 10:14 am To: lynn at goodsecurityconsulting.com Cc: rt4-whois at icann.org Hi Lynn Thanks for that on the order of the whole report. Sorry, I wasn't very clear in what I was suggesting. I'm not saying the entire thing should go into an appendix. Far from it. I attach a mark up showing my thoughts on what could go into an appendix, and some minor text edits otherwise. Please let me know what you think. Kind regards Emily On 30 November 2011 14:20, wrote: > Agreeable to putting the Consumer Trust chapter after Chapter 7- Law > Enforcement. > My feeling is that rather than an appendix for the Consumer Trust Chapter, > we should just make appendicies of the two User Insight powerpoint slides. > The slides are clear and lay out the same details. > > But I am reluctant to continue editing on my own working document and feel > I should wait for your marked up version. > I will also be happy to help Alice with administrative edits such as > grammar, spelling, formatting and creating the Table of Contents. > There was a section of content I removed because it looked like a Table of > Contents to me. It said here is how our paper is laid out. > Lynn > > > -------- Original Message -------- > > Subject: Re: [Rt4-whois] Recommendations and general update > From: Emily Taylor > Date: Wed, November 30, 2011 8:00 am > To: lynn at goodsecurityconsulting.com > Cc: rt4-whois at icann.org > > Hi Lynn > > Delighted to have you online, and thanks for joining so early. Please > press on. I'll be sending out a marked up version of the recommendations > (showing the source - the best of my abilities) within the hour. > The table of contents is excellent, and very helpful for the reader. > > Please would you take a careful look at the following: > > 1/ We discussed by e-mail last night the possibility of shifting some of > the content from the Consumer Research chapter into an appendix. Could you > have a look at this, and make suggestions? > 2/ Please would you give careful thought to the positioning of the > Consumer Trust chapter. Peter, Kathy and I were thinking it would go very > well after the Chapter 7 (what law enforcement want) and before our > findings (Chapter 8 ) and recommendations (9). I see that in your latest > mark up you have the chapter where it originally was. I think this not > such a good position, because after it we immediately flip back into > background stuff like the history of how the policy developed, what the > compliance team does. The consumer stuff I see as real meat and potatoes - > good for the analysis section. I would appreciate your thoughts on this > Lynn. > > > Kind regards > > Emily > > On 30 November 2011 12:20, wrote: > >> I'm back at my computer - my time zone is GMT -5 and it is morning here. >> Not sure whether to do any further editing or not so will stand by and be >> available to help. >> >> I did feel very encouraged that in just making administrative edits and >> removing the yellow highlighting, it was easier to see the remaining points >> of contention. >> >> Also felt that creating a Table of Contents is needed. >> Happy to help in any way to move this forward. >> Lynn >> >> >> -------- Original Message -------- >> Subject: [Rt4-whois] Recommendations and general update >> From: Emily Taylor >> Date: Wed, November 30, 2011 4:41 am >> To: rt4-whois at icann.org >> >> Hi all >> >> Thanks for your work overnight (or at least, my night). >> >> I'm trying to pull together the threads of the many e-mail messages that >> have passed in the last 12 hours or so. >> >> >> 1. Version control - this is proving a nightmare for everyone. I am >> sorry that so many of you have been struggling with this. I can see that >> we have had comments on the whole or part of the report from Bill, Susan, >> Peter, Lynn. I understand that Kathy was unable to see Bill's edits, so >> rolled back to an earlier version. There is also an incredibly annoying, >> persistent "comment" that is repeated about 100 times randomly throughout >> the document, and needs to be eliminated as it's confusing. >> >> *Action: Alice, please would you circulate the latest copy of the >> Report to the list as soon as possible, getting rid of highlighting except >> where it indicates a major disagreement, and leaving in all the comments >> from Bill, Susan, Peter and Lynn, but removing that buggy one. >> >> *2. Recommendations - Peter noticed that the ambit of the privacy >> recommendations seems to have changed since Dakar, without an explanation >> of how or why that change was made. Clearly, this will tend to reduce >> confidence, so my focus this morning will be to review and circulate a copy >> of the recommendations. I'm assisted in this by Kathy's work yesterday. >> She and I have been puzzling over how to clean up/wordsmith/ etc the >> recommendations, while respecting the negotiated text. This is a very >> difficult task. There are also new recommendations on proxies, the one >> from Lutz on common interface, and one which I put in about the Whois Data >> Reminder Policy (from the compliance letter). >> >> *Action: I will review the latest draft recommendations, and compare >> with the Dakar text. I will circulate a clean and marked up copy, with the >> latest versions of the recommendations, and an explanation for what has >> changed and why. >> >> *3. Deadline. I'm not prepared to give up yet! This is our draft >> report. It is not our final version. I will call it at 5pm UTC today. I >> want us to make every effort to get this out when we said we would. I >> really believe we can do this. >> >> Kind regards >> >> Emily >> -- >> >> >> >> >> * >> * >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> *www.etlaw.co.uk* >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> ------------------------------ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b07ab66e/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Consumer Trust Research Summary Clean Draft Nov28-1.doc Type: application/msword Size: 56320 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b07ab66e/ConsumerTrustResearchSummaryCleanDraftNov28-1.doc From bill.smith at paypal-inc.com Wed Nov 30 16:06:04 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 09:06:04 -0700 Subject: [Rt4-whois] Recommendations - updated language SOURCED In-Reply-To: References: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net>, Message-ID: <0D19B96D-50C1-4BA2-9D13-652E7D06A192@paypal.com> One other comment on the recs, and our "suggestion" that ICANN appoint one "throat to choke" on WHOIS. I'm *very* supportive of that, but have significant concerns with the suggestion that Compliance own this. I think Compliance does a fine job, at what they do. However, they are neither charged with nor staffed to fill this role. This isn't intended as a criticism of Compliance, or the individuals. I think they are doing exactly what they are charged with and do a remarkable job given their staffing levels and makeup. Anointing Compliance as WHOIS Czar won't address the underlying issue; that ICANN does not treat WHOIS as an essential piece of its, and the Internet's, business. To address that issue requires a broader approach than simply enhanced compliance. The specific issues are varied and include technical (protocol, encoding), policy, operations, among other disciplines. I'm concerned that the Board could deal with this by adding one staff member, perhaps another lawyer, to the Compliance team and indicate that it had addressed the issue. I seriously doubt that it would. (I apologize for not bring this up earlier. I knew I had another concern but couldn't remember it when I drafted my earlier note. Too early, too old.) On Nov 30, 2011, at 7:35 AM, Susan Kawaguchi wrote: Hi Emily I have reviewed the recommendations document and I think once Lutz' recommendation is included we have captures everything. On the proxy proposal James had suggested less detail on what the best practices would be. I can agree with that. I am currently on my way into the office and can send proposed language at that time. I have not reviewed the full report after the revisions last night and would like the opportunity to do so What is the current cut off time? Susan Sent from my iPhone On Nov 30, 2011, at 6:54 AM, "Emily Taylor" > wrote: Dang! This document is supposed to contain all of our recommendations. Thanks Lynn, good catch. I was intending to put it in and forgot AGAIN. Trying not to introduce additional language at this late stage Lynn. Did we already agree a consumer awareness programme recommendation? I can't find it, but happy to be corrected. I will re-issue this document with Lutz's draft - Lutz, OK if I tweak some of the language? On 30 November 2011 14:51, <lynn at goodsecurityconsulting.com> wrote: I made a quick read Emily and have no objections to these recommendations. Are these just the recommendations with some remaining contention amongst the team members? I was looking for Lutz's recommendation on a centralized interface for ease of fnding WHOIS data. Also want to make sure we recommend that ICANN develop and execute an ongoing consumer awareness program. I will be happy to draft that recommendation. Lynn -------- Original Message -------- Subject: [Rt4-whois] Recommendations - updated language SOURCED From: Emily Taylor <emily at emilytaylor.eu> Date: Wed, November 30, 2011 9:14 am To: rt4-whois at icann.org Hi all Following the queries on the list overnight, I have tried as best I can to piece together the language of the recommendations.The documents I checked against were https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000 (Draft Recommendations discussed in Dakar), and this https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000 (The first consolidated draft of what was agreed in Dakar, and MdR). However, like others, I have found it confusing to understand from the multiple drafts posted on the private WIKI, but I do think the draft of 21 November (second link above) is a fair representation of what we as a team negotiated and agreed. I have gone back to text that we agreed in MdR and Dakar, and tried only to add text in the following circumstances: - Where the sense was unclear, or we were tasking the wrong people - Where the text has evolved through consent of the team since Dakar (IDNs and Proxies) - Where the text has come from another, stable source (compliance recommendation on WDRP). There, as the author and having received a comment from James on the correct parties to task, I have cleaned up the language. I hope I have done a fair job on this. I have noted one place (privacy recs.) where there is contested language. My proposal - sorry James - is that we revert to our agreed text from Dakar on this. If I have made mistakes on the source language, I apologise, this is not intentional and I am happy to be corrected. Please carefully consider these recommendations. They can be improved, the language could be better, clearer, but they are what we agreed. Please let me have any show stoppers by 1600 UTC. Kind regards Emily -- [x-msg://884/] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From jbladel at godaddy.com Wed Nov 30 16:06:22 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Wed, 30 Nov 2011 09:06:22 -0700 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns Message-ID: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/0616dd7b/attachment.html From m.yakushev at corp.mail.ru Wed Nov 30 16:15:19 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Wed, 30 Nov 2011 16:15:19 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> References: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> Message-ID: <71B38F372F86D940B9C644A99264FA313E712E@M2EMBS1.mail.msk> Dear colleagues ? I also do agree with Kathy?s approach, but at the same time I support James? concerns on the lack of lack of clarity on who in ICANN should do what. Unfortunately, I cannot formulate all possible answers to such open questions, but I am ready to participate if Kathy takes the lead to make her proposal more precise. Rgds, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 7:06 PM To: Kathy Kleiman Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/6f85a5d0/attachment.html From emily at emilytaylor.eu Wed Nov 30 16:15:53 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 16:15:53 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> References: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> Message-ID: Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel wrote: > I don't oppose this recommendation, but my issue with this is that we are > once again being too vague in what we're asking. > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? > > Set up: How? By launching a PDP? Sending out an RFP? > > Deadline? > > Are we confident that this group has considered all of the consequences to > privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more > helpful for things like this...) > > Thanks-- > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org > > > All, > Is this the current version of the Lutz proposal now in circulation? I > thought it applied only to a centralized database of the current "thin > registries," namely .COM and .NET. If so, I can see the advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and thin, now > and in the future, I think we creating a database problem. It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft with > registries -- after publication is fine). One database of all Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even > for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, ** DELETE BILLING** > billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is simply not > displayed in any other Whois search results. It is only registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to maintain timely, > > unrestricted and public access to accurate and complete WHOIS > information, > > including registrant, technical, billing, and administrative contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first in the search > > engine results. Usually those pages are overloaded with advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to allow > > "unrestricted and public access to accurate and complete WHOIS > > information" even for those people which have problems with the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following the thin WHOIS > > approach starting at whois.iana.org. The service should display the > > contractural relationships which are revealed by the WHOIS referals in > > a clear and understandable way. The results should be mark clearly the > > relevant information "including registrant, technical, billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the "timely, > > unrestricted and public access" is usually rate limited, stripped or even > > blocked by the various WHOIS server administrators for uncontractual > > third party access. ICANN itself is the only party having the power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/d229a679/attachment.html From emily at emilytaylor.eu Wed Nov 30 16:17:36 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 16:17:36 +0000 Subject: [Rt4-whois] Recommendations - updated language SOURCED In-Reply-To: References: <20111130075140.00ef555ff13978e3e1b8d2179880f99e.2d8bbf896d.wbe@email12.secureserver.net> Message-ID: Many thanks Susan. If you could get the new language out to the list by the top of the hour (ie 40 minutes or so) that would be great. Please use this version of the document. On 30 November 2011 15:35, Susan Kawaguchi wrote: > Hi Emily > > I have reviewed the recommendations document and I think once Lutz' > recommendation is included we have captures everything. On the proxy > proposal James had suggested less detail on what the best practices would > be. I can agree with that. > > I am currently on my way into the office and can send proposed language > at that time. > > I have not reviewed the full report after the revisions last night and > would like the opportunity to do so > > What is the current cut off time? > > Susan > > Sent from my iPhone > > On Nov 30, 2011, at 6:54 AM, "Emily Taylor" wrote: > > Dang! > > This document is supposed to contain all of our recommendations. > > Thanks Lynn, good catch. I was intending to put it in and forgot AGAIN. > > Trying not to introduce additional language at this late stage Lynn. Did > we already agree a consumer awareness programme recommendation? I can't > find it, but happy to be corrected. > > > I will re-issue this document with Lutz's draft - Lutz, OK if I tweak some > of the language? > > > > On 30 November 2011 14:51, < > lynn at goodsecurityconsulting.com> wrote: > >> I made a quick read Emily and have no objections to these >> recommendations. >> >> Are these just the recommendations with some remaining contention amongst >> the team members? >> >> I was looking for Lutz's recommendation on a centralized interface for >> ease of fnding WHOIS data. >> Also want to make sure we recommend that ICANN develop and execute an >> ongoing consumer awareness program. >> I will be happy to draft that recommendation. >> Lynn >> >> >> -------- Original Message -------- >> Subject: [Rt4-whois] Recommendations - updated language SOURCED >> From: Emily Taylor < emily at emilytaylor.eu> >> Date: Wed, November 30, 2011 9:14 am >> To: rt4-whois at icann.org >> >> Hi all >> >> Following the queries on the list overnight, I have tried as best I can >> to piece together the language of the recommendations.The documents I >> checked against were >> https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000(Draft Recommendations discussed in Dakar), and this >> https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000(The first consolidated draft of what was agreed in Dakar, and MdR). >> >> However, like others, I have found it confusing to understand from the >> multiple drafts posted on the private WIKI, but I do think the draft of 21 >> November (second link above) is a fair representation of what we as a team >> negotiated and agreed. >> >> I have gone back to text that we agreed in MdR and Dakar, and tried only >> to add text in the following circumstances: >> >> - Where the sense was unclear, or we were tasking the wrong people >> - Where the text has evolved through consent of the team since Dakar >> (IDNs and Proxies) >> - Where the text has come from another, stable source (compliance >> recommendation on WDRP). There, as the author and having received a >> comment from James on the correct parties to task, I have cleaned up the >> language. >> >> I hope I have done a fair job on this. >> >> I have noted one place (privacy recs.) where there is contested >> language. My proposal - sorry James - is that we revert to our agreed text >> from Dakar on this. >> >> If I have made mistakes on the source language, I apologise, this is not >> intentional and I am happy to be corrected. >> >> Please carefully consider these recommendations. They can be improved, >> the language could be better, clearer, but they are what we agreed. Please >> let me have any show stoppers by 1600 UTC. >> >> Kind regards >> >> Emily >> >> >> -- >> >> >> >> >> * >> * >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> * www.etlaw.co.uk* >> >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> ------------------------------ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > * www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/bc5fc0dc/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - SOURCE EXPLANATION.doc Type: application/msword Size: 75264 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/bc5fc0dc/Recommendations-SOURCEEXPLANATION.doc From jbladel at godaddy.com Wed Nov 30 16:21:28 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Wed, 30 Nov 2011 09:21:28 -0700 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns Message-ID: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/df897bb3/attachment.html From m.yakushev at corp.mail.ru Wed Nov 30 16:23:26 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Wed, 30 Nov 2011 16:23:26 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> References: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> Message-ID: <71B38F372F86D940B9C644A99264FA313E714D@M2EMBS1.mail.msk> It was also my position ?? Rgds, M. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 7:21 PM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/5ec4ec95/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/5ec4ec95/WRD000.jpg From emily at emilytaylor.eu Wed Nov 30 16:23:42 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 16:23:42 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> References: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> Message-ID: Hi James Thanks for this. All - what do we think? I like James' formulation. Kind regards Emily On 30 November 2011 16:21, James M. Bladel wrote: > No, I don't think we should attempt to answer these questions in RT4, nor > presume that we have even identified all of the dependent questions. > > I believe our recommendation should task the Board, within a reasonable > timeframe (90 days?), to request an issues report on a Centralized WHOIS > system for all gTLDs, including how it should be operated and what measures > would be adopted to protect against abuse / privacy violations / data > harvesting. > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach) > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > Cc: Kathy Kleiman , rt4-whois at icann.org > > > Hi James > > Thanks for raising these points. Can you suggest some language which you > think would work? Also, Kathy raised a good point about whether this is > limited to thin registries (.com, .net) or all? I don't think we've ever > discussed this. > > Kind regards > > Emily > > On 30 November 2011 16:06, James M. Bladel wrote: > >> I don't oppose this recommendation, but my issue with this is that we are >> once again being too vague in what we're asking. >> >> ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? >> >> Set up: How? By launching a PDP? Sending out an RFP? >> >> Deadline? >> >> Are we confident that this group has considered all of the consequences >> to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more >> helpful for things like this...) >> >> Thanks-- >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - >> Scope and concerns >> From: Kathy Kleiman >> Date: Wed, November 30, 2011 9:56 am >> To: rt4-whois at icann.org >> >> >> All, >> Is this the current version of the Lutz proposal now in circulation? I >> thought it applied only to a centralized database of the current "thin >> registries," namely .COM and .NET. If so, I can see the advantages and >> support sending it out as a recommendation in the draft report. >> >> But if this is a single database of all registries, thick and thin, now >> and in the future, I think we creating a database problem. It's an >> enormous amount of data and creates a focal point for abuse, for >> warehousing, etc. It's the type of policing job that ICANN has never had >> to do, and is not operationally set up to do. >> >> So thought summary: If ICANN is helping remedy a bad situation by >> operating a single registry for .COM and .NET to fix a historical >> problem, I think I am OK for now (pending review of the draft with >> registries -- after publication is fine). One database of all Whois >> information to Rule the World, not so good. >> >> RECOMMENDATION EDIT: >> >> Detailed recommendation: >> ICANN should set up a dedicated, multilingual website to allow >> "unrestricted and public access to accurate and complete WHOIS >> information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even >> for those people which have problems with the plain >> WHOIS protocol. >> >> The WHOIS information should be collected by following the thin WHOIS >> approach starting at whois.iana.org. The service should display the >> contractural relationships which are revealed by the WHOIS referals in >> a clear and understandable way. The results should be mark clearly the >> relevant information "including registrant, technical, ** DELETE >> BILLING** billing, and >> administrative contact" data. >> >> ** NOTE: Billing data, which includes credit cards Folks, is simply not >> displayed in any other Whois search results. It is only registrant, >> technical, and admin contact.** >> >> Best, >> Kathy >> >> >> > Proposal: >> > >> > Summary: >> > ICANN should set up and maintain a web interface to access >> > all the WHOIS services in order to ease access to the WHOIS data. >> > >> > Presumption: >> > The AoC requires that "ICANN implement measures to maintain timely, >> > unrestricted and public access to accurate and complete WHOIS >> information, >> > including registrant, technical, billing, and administrative contact >> > information." >> > >> > Observation: >> > An User Insight Report came up with the following results: >> > + Almost nobody is aware of whois >> > + Almost nobody is able to query a whois server correctly >> > + Whois queries were done on websites which occur first in the search >> > engine results. Usually those pages are overloaded with advertisments. >> > >> > Detailed recommendation: >> > ICANN should set up a dedicated, multilingual website to allow >> > "unrestricted and public access to accurate and complete WHOIS >> > information" even for those people which have problems with the plain >> > WHOIS protocol. >> > >> > The WHOIS information should be collected by following the thin WHOIS >> > approach starting at whois.iana.org. The service should display the >> > contractural relationships which are revealed by the WHOIS referals in >> > a clear and understandable way. The results should be mark clearly the >> > relevant information "including registrant, technical, billing, and >> > administrative contact" data. >> > >> > The server needs to be run by ICANN itself, because the "timely, >> > unrestricted and public access" is usually rate limited, stripped or >> even >> > blocked by the various WHOIS server administrators for uncontractual >> > third party access. ICANN itself is the only party having the power to >> > overcome those limits using its contratual compliance. >> > _______________________________________________ >> > Rt4-whois mailing list >> > Rt4-whois at icann.org >> > https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/ef32a960/attachment.html From omar at kaminski.adv.br Wed Nov 30 16:22:19 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 14:22:19 -0200 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <71B38F372F86D940B9C644A99264FA313E712E@M2EMBS1.mail.msk> References: <20111130090622.9c1b16d3983f34082b49b9baf8cec04a.f19a8cfb64.wbe@email00.secureserver.net> <71B38F372F86D940B9C644A99264FA313E712E@M2EMBS1.mail.msk> Message-ID: +1, I agree with James. The whois query issues should be more clarified and this is a core point IMO. Omar 2011/11/30 Mikhail Yakushev : > Dear colleagues ? I also do agree with Kathy?s approach, but at the same > time I support James? concerns on the lack of lack of clarity on who in > ICANN should do what. > > Unfortunately, I cannot formulate all possible answers to such open > questions, but I am ready to participate if Kathy takes the lead to make her > proposal more precise. > > Rgds, > > Michael > > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of James M. Bladel > Sent: Wednesday, November 30, 2011 7:06 PM > To: Kathy Kleiman > Cc: rt4-whois at icann.org > > > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope > and concerns > > > > I don't oppose this recommendation, but my issue with this is that we are > once again being too vague in what we're asking. > > > > ICANN:??? Who?? Staff?? The Board? The GNSO?? Contracted 3rd party? > > > > Set up:? How?? By launching a PDP?? Sending out an RFP? > > > > Deadline? > > > > Are we confident that this group has considered all of the consequences to > privacy, security, access, SLAs, etc.?? (Reasons why a PDP can be more > helpful for things like this...) > > > > Thanks-- > > > J. > > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org > > All, > Is this the current version of the Lutz proposal now in circulation? I > thought it applied only to a centralized database of the current "thin > registries," namely .COM and .NET. If so, I can see the advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and thin, now > and in the future, I think we creating a database problem. It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft with > registries -- after publication is fine). One database of all Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for > those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, ** DELETE BILLING** > billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is simply not > displayed in any other Whois search results. It is only registrant, > technical, and admin contact.** > > Best, > Kathy > > >> Proposal: >> >> Summary: >> ICANN should set up and maintain a web interface to access >> all the WHOIS services in order to ease access to the WHOIS data. >> >> Presumption: >> The AoC requires that "ICANN implement measures to maintain timely, >> unrestricted and public access to accurate and complete WHOIS information, >> including registrant, technical, billing, and administrative contact >> information." >> >> Observation: >> An User Insight Report came up with the following results: >> + Almost nobody is aware of whois >> + Almost nobody is able to query a whois server correctly >> + Whois queries were done on websites which occur first in the search >> engine results. Usually those pages are overloaded with advertisments. >> >> Detailed recommendation: >> ICANN should set up a dedicated, multilingual website to allow >> "unrestricted and public access to accurate and complete WHOIS >> information" even for those people which have problems with the plain >> WHOIS protocol. >> >> The WHOIS information should be collected by following the thin WHOIS >> approach starting at whois.iana.org. The service should display the >> contractural relationships which are revealed by the WHOIS referals in >> a clear and understandable way. The results should be mark clearly the >> relevant information "including registrant, technical, billing, and >> administrative contact" data. >> >> The server needs to be run by ICANN itself, because the "timely, >> unrestricted and public access" is usually rate limited, stripped or even >> blocked by the various WHOIS server administrators for uncontractual >> third party access. ICANN itself is the only party having the power to >> overcome those limits using its contratual compliance. >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From alice.jansen at icann.org Wed Nov 30 16:31:15 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 30 Nov 2011 08:31:15 -0800 Subject: [Rt4-whois] Clean copy Message-ID: Dear Review Team Members, Please find attached the latest versions of the master document and appendices. (clean copy ? 30 November 16:30 UTC ? Alice Jansen) Since I have applied formatting suggestions Kathy emailed me to the document, I would be very grateful if penholders of chapters could please check the formatting structure of their chapters. Does this match your train on thought? If not, please email me asap so that I can rectify it for the subsequent version. Documents will be available on the wiki in a couple of minutes. The files need additional work (typo hunting etc) but I would be very grateful if you could please read these documents very carefully and flag any missing piece of information or inconsistency you notice. Many thanks in advance, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/831b0076/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Master document - V1.1 - AJ.docx Type: application/x-msword Size: 318369 bytes Desc: Master document - V1.1 - AJ.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/831b0076/Masterdocument-V1.1-AJ.docx -------------- next part -------------- A non-text attachment was scrubbed... Name: Appendices V1 - 30 Nov.docx Type: application/x-msword Size: 1544736 bytes Desc: Appendices V1 - 30 Nov.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/831b0076/AppendicesV1-30Nov.docx From susank at fb.com Wed Nov 30 16:27:20 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 16:27:20 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> References: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> Message-ID: I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/7307d623/attachment.html From kathy at kathykleiman.com Wed Nov 30 16:31:35 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 11:31:35 -0500 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> References: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> Message-ID: <4ED65A67.7030606@kathykleiman.com> I could support a recommendation of an issues report on a centralized Whois system for .COM and .NET, to remedy the historical problems, but not for all gTLD database. We take the first step; a later group may take it farther. Best, Kathy No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. > > I believe our recommendation should task the Board, within a > reasonable timeframe (90 days?), to request an issues report on a > Centralized WHOIS system for all gTLDs, including how it should be > operated and what measures would be adopted to protect against abuse / > privacy violations / data harvesting. > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach) > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > > Cc: Kathy Kleiman >, rt4-whois at icann.org > > > Hi James > > Thanks for raising these points. Can you suggest some language > which you think would work? Also, Kathy raised a good point about > whether this is limited to thin registries (.com, .net) or all? I > don't think we've ever discussed this. > > Kind regards > > Emily > > On 30 November 2011 16:06, James M. Bladel > wrote: > > I don't oppose this recommendation, but my issue with this is > that we are once again being too vague in what we're asking. > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd > party? > > Set up: How? By launching a PDP? Sending out an RFP? > > Deadline? > > Are we confident that this group has considered all of the > consequences to privacy, security, access, SLAs, etc.? > (Reasons why a PDP can be more helpful for things like this...) > > Thanks-- > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system > run by ICANN - > Scope and concerns > From: Kathy Kleiman > > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org > > > All, > Is this the current version of the Lutz proposal now in > circulation? I > thought it applied only to a centralized database of the > current "thin > registries," namely .COM and .NET. If so, I can see the > advantages and > support sending it out as a recommendation in the draft > report. > > But if this is a single database of all registries, thick > and thin, now > and in the future, I think we creating a database problem. > It's an > enormous amount of data and creates a focal point for > abuse, for > warehousing, etc. It's the type of policing job that ICANN > has never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad > situation by > operating a single registry for .COM and .NET to fix a > historical > problem, I think I am OK for now (pending review of the > draft with > registries -- after publication is fine). One database of > all Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN > REGISTRIES"** even for those people which have problems > with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the > thin WHOIS > approach starting at whois.iana.org > . The service should display the > contractural relationships which are revealed by the WHOIS > referals in > a clear and understandable way. The results should be mark > clearly the > relevant information "including registrant, technical, ** > DELETE BILLING** billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, > is simply not > displayed in any other Whois search results. It is only > registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the > WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to > maintain timely, > > unrestricted and public access to accurate and complete > WHOIS information, > > including registrant, technical, billing, and > administrative contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first > in the search > > engine results. Usually those pages are overloaded with > advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to > allow > > "unrestricted and public access to accurate and complete > WHOIS > > information" even for those people which have problems > with the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following > the thin WHOIS > > approach starting at whois.iana.org > . The service should display the > > contractural relationships which are revealed by the > WHOIS referals in > > a clear and understandable way. The results should be > mark clearly the > > relevant information "including registrant, technical, > billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the > "timely, > > unrestricted and public access" is usually rate limited, > stripped or even > > blocked by the various WHOIS server administrators for > uncontractual > > third party access. ICANN itself is the only party having > the power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in > England and Wales No. 730471. VAT No. 114487713. > -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/7106599d/attachment.html From kathy at kathykleiman.com Wed Nov 30 16:42:10 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 11:42:10 -0500 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. In-Reply-To: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> References: <3062FB662B110E4A9F14C63284D07FF7050C69406F45@soca.x.gsi.gov.uk> Message-ID: <4ED65CE2.4030706@kathykleiman.com> Dear Sharon, Many thanks on this -- and on all of your extensive work with the Whois RT. Much appreciated! Kathy p.s. a second on the Sharon's definition below. > *NOT PROTECTIVELY MARKED * > > Emily, > Happy with this definition: > Any entity charged or otherwise mandated by governments with enforcing > or ensuring observance of or obedience to the law; an organised body > of people officially maintained or employed to keep order, prevent or > detect crime and enforce the law > Moving intro to DNS to Appendices good ideas. Alice had the latest > version, with Lutz's included. > Sharon > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > -----Original Message----- > *From:* Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent:* 30 November 2011 14:30 > *To:* LEMON, Sharon > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. > > Hi Sharon > > Thanks for working through this. > > Sorry to say it, but I will - I don't think your new version of > the law enf. definition will work. It includes the world and his > wife. Can I have your snap response to the following proposal: > > Any entity charged or otherwise mandated by governments with > enforcing or ensuring observance of or obedience to the law; an > organised body of people officially maintained or employed to keep > order, prevent or detect crime and enforce the law. > > > Unfortunately, your colleague from Canada was working to quite an > old draft, which has been superseded several times over. I can > see the comments, and note what is said about impact. We have > been discussing moving chunks into appendices. Would the intro to > the domain name system be a good candidate? > > Can you give me finalised text for that section, please, which > incorporates the latest comments made by Lutz and others - this > version seems to be based on an older draft. > > The comments from Gary and others later in the text, and gap > analysis are good. I'd like to see how we can incorporate some of > them. At the moment my priorities are to get the bits lining up in > the right places, and have the executive summary, findings and > recommendations agreed. > > Kind regards > > Emily > > On 30 November 2011 13:48, LEMON, Sharon > > wrote: > > *NOT PROTECTIVELY MARKED * > > Dear Emily, Alice and All, > Sorry for arriving at the party late, I have been watching in > awe the hundreds of emails flying about. We gave until today > for our international colleagues to comment and we have just > had our own internal meeting to finalise the comments on the > paper. > The paper complemented our ongoing law enforcement work within > the ICANN community and there are not comments of major > significance -ours are in green. I know that Alice is > currently going through the nightmare of trying to organise > the version control. (Good Luck and thanks Alice). > I have replaced the definition of law enforcement with: > Any entity with a responsibility to enforce or ensure > observance to or obedience of the law, whether mandated by > government or otherwise. > We could go on forever with this - but let me know if there > are any show stopping objections. > I hope we make the deadline of 5pm ;-) > Sharon > > Sharon LEMON OBE > Deputy Director > Cyber and Forensics > Serious and Organised Crime Agency (SOCA) > 07768 290902 > 0207 855 2800 > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 30 November 2011 13:16 > *To:* LEMON, Sharon > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - 24 > Nov - Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency/ Tel +44(0)207 855 2863 > +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > > > -----Original Message----- > *From:* FLAHERTY, Jonathan > *Sent:* 29 November 2011 17:54 > *To:* KIBBEY, Gary; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* RE: Emailing: WHOIS Policy RT - Draft report - 24 > Nov - Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > My comments added. > > *Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 > | 07919 218439 | jonathan.flaherty at soca.x.gsi.gov.uk > * > > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:34 > *To:* FLAHERTY, Jonathan; ADDIS, Benedict > *Cc:* CURLEY, Cliona > *Subject:* FW: Emailing: WHOIS Policy RT - Draft report - > 24 Nov - Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > Gents > If you have any comments -can you drop onto this working > copy. Don't track changes - just comments. > Ta > Gary > > Gary Kibbey/ Senior Manager > Cyber > Serious Organised Crime Agency/ Tel +44(0)207 855 2863 > +44(0)7876790990 > gary.kibbey at soca.x.gsi.gov.uk > > > > -----Original Message----- > *From:* KIBBEY, Gary > *Sent:* 29 November 2011 14:31 > *To:* KIBBEY, Gary > *Subject:* Emailing: WHOIS Policy RT - Draft report - 24 > Nov - Clean CC GK Comments > > *NOT PROTECTIVELY MARKED * > > > The message is ready to be sent with the following file or > link attachments: > > WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments > > > Note: To protect against computer viruses, e-mail programs > may prevent sending or receiving certain types of file > attachments. Check your e-mail security settings to > determine how attachments are handled. > > This information is supplied in confidence by SOCA, and is > exempt from disclosure under the Freedom of Information Act > 2000. It may also be subject to exemption under other UK > legislation. Onward disclosure may be unlawful, for example, > under the Data Protection Act 1998. Requests for disclosure to > the public must be referred to the SOCA FOI single point of > contact, by email on PICUEnquiries at soca.x.gsi.gov.uk > or by telephoning > 0870 268 8677. > > All E-Mail sent and received by SOCA is scanned and subject to > assessment. Messages sent or received by SOCA staff are not > private and may be the subject of lawful business monitoring. > E-Mail may be passed at any time and without notice to an > appropriate branch within SOCA, on authority from the Director > General or his Deputy for analysis. This E-Mail and any files > transmitted with it are intended solely for the individual or > entity to whom they are addressed. If you have received this > message in error, please contact the sender as soon as possible. > > > The original of this email was scanned for viruses by the > Government Secure Intranet virus scanning service supplied by > Cable&Wireless Worldwide in partnership with MessageLabs. > (CCTM Certificate Number 2009/09/0052.) On leaving the GSi > this email was certified virus free. > Communications via the GSi may be automatically logged, > monitored and/or recorded for legal purposes. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in > England and Wales No. 730471. VAT No. 114487713. > > > This email was received from the INTERNET and scanned by the > Government Secure Intranet anti-virus service supplied by > Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM > Certificate Number 2009/09/0052.) In case of problems, please call > your organisation's IT Helpdesk. > Communications via the GSi may be automatically logged, monitored > and/or recorded for legal purposes. > > > The original of this email was scanned for viruses by the Government > Secure Intranet virus scanning service supplied by Cable&Wireless > Worldwide in partnership with MessageLabs. (CCTM Certificate Number > 2009/09/0052.) On leaving the GSi this email was certified virus free. > Communications via the GSi may be automatically logged, monitored > and/or recorded for legal purposes. > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/14247dca/attachment.html From emily at emilytaylor.eu Wed Nov 30 16:51:05 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 16:51:05 +0000 Subject: [Rt4-whois] Clean copy In-Reply-To: References: Message-ID: Hi Alice Great work - we are nearly there. I have a couple of points on the consolidated draft: Exec Summary - reading well - I think we should include the recommendations here, for an encapsulated document which 99.9% of people who look at this report will be reading. P 9 - Lynn made a table of contents for insertion after the Executive Summary. This is a good idea, and if we adopt it, we can delete Kathy's insertion on p9 and go back to her original para. P29 - the Dakar versions (of proxy/privacy definitions) to be used throughout please p44 - please move the highlighted text into an appendix Chapter 8 (the GAP ANALYSIS) - this is important, is an older version that was superseded yesterday. This is the latest version. I've removed all the highlighting. It divides the Gap analysis into two (Chapter 7 - or whatever the correct number is - Understanding the needs of stakeholders) then we put in the consumer trust text after that, then move on to Chapter 8 (or whatever number it is) which should be Gap Analysis/Conclusions. Bill is currently reviewing that language. Kind regards Emily On 30 November 2011 16:31, Alice Jansen wrote: > Dear Review Team Members, > > Please find attached the latest versions of the master document and > appendices. (clean copy ? 30 November 16:30 UTC ? Alice Jansen) > Since I have applied formatting suggestions Kathy emailed me to the > document, I would be very grateful if penholders of chapters could please > check the formatting structure of their chapters. Does this match your > train on thought? If not, please email me asap so that I can rectify it for > the subsequent version. > Documents will be available on the wiki in a couple of minutes. > The files need additional work (typo hunting etc) but I would be very > grateful if you could please read these documents very carefully and flag > any missing piece of information or inconsistency you notice. > > Many thanks in advance, > > Kind regards > > Alice > > -- > *Alice Jansen* > Assistant, Organizational Reviews > *6 Rond Point Schuman, Bt.5* > *B-1040 Brussels* > *Belgium* > Direct dial: +32 2 234 78 64 > Mobile: +32 4 73 31 76 56 > Skype: alice_jansen_icann > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a4d21a5c/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 111129 v3 Chapters 7 and 8 clean.doc Type: application/msword Size: 151552 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a4d21a5c/111129v3Chapters7and8clean.doc From susank at fb.com Wed Nov 30 16:58:31 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 16:58:31 +0000 Subject: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc Message-ID: HI Emily, James and I had a quick phone call to discuss the proxy recommendation. He made a great point that we should include in the recommendation reviewing the existing proxy practices so I have added the following point. 1) Review existing practices by reaching out to proxy providers and foster a discussion to develop, clarify and enhance the current processes Please see the whole recommendation incorporated in the attached document. Susan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/d5a6bb42/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - SOURCE EXPLANATION (2).doc Type: application/msword Size: 75264 bytes Desc: Recommendations - SOURCE EXPLANATION (2).doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/d5a6bb42/Recommendations-SOURCEEXPLANATION2.doc From bill.smith at paypal-inc.com Wed Nov 30 17:27:42 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 10:27:42 -0700 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns In-Reply-To: <71B38F372F86D940B9C644A99264FA313E714D@M2EMBS1.mail.msk> References: <20111130092128.9c1b16d3983f34082b49b9baf8cec04a.892b5a38a9.wbe@email00.secureserver.net> <71B38F372F86D940B9C644A99264FA313E714D@M2EMBS1.mail.msk> Message-ID: <93C7732A-3CAB-4F75-8AB1-2F6B292E19EB@paypal.com> What users, especially consumers, want/need is a service that *appears* to be monolithic. How that is achieved/delivered is a bridge too far for this group. (At least that's the gist of what I think we're trying to say.) * On Nov 30, 2011, at 8:23 AM, Mikhail Yakushev wrote: It was also my position :(? Rgds, M. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 7:21 PM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- <~WRD000.jpg> 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From emily at emilytaylor.eu Wed Nov 30 17:31:41 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 17:31:41 +0000 Subject: [Rt4-whois] WHERE ARE WE NOW? UPDATE Message-ID: Hi all Thanks for your amazing productivity and dedication today. I have heard from more than 1 member of the Team at 5am their local time today. Very, very much appreciated. OK - this is what we needed to do today: (1) Definitions of law enf. and applicable laws. Minor changes requested by Peter - are we comfortable, or not? DONE (2) Where are we on proxies? - is there some agreed text to go into the recommendations now (thanks for your work on this Susan, James and others) IN PROGRESS (3) How much of the consumer chapter stays in the full report, and how much goes into an appendix. DONE (4) Background on WHOIS chapter - does it stay where it is, or does it go into an appendix? DONE (5) any final comments on the compliance letter, please? Alice, please can you produce a clean copy of this. IN PROGRESS _ ALICE HAS BEEN WRESTLING WITH THE FULL REPORT TODAY. Well done, all. Thank you Alice for producing the consolidated version. *Outstanding open issues on recommendations: (1) The recommendation on "interface" (Lutz's one). James has suggested that we frame this as an issues report, and this has found support from me, Kathy, Omar, Mikhail and Bill. Can we do this please? (2) Proxy recommendations. Bill has raised a problem with the proposed best practices; Susan has acknowledged that she and James would be happy with less detail - waiting for proposed language here. Susan has just circulated an additional proposed recommendation on reviewing existing practices. (3) The Person - Bill raised a query whether this should be a member of the Compliance team, or someone else. *I see (1) and (3) are easy and (2) is difficult. On a more general level, James has repeatedly and rightly raised that our recommendations need to have time frames, and be correctly targeted. I agree, and I'm sure we all do, but we're struggling to know how to do this. I have one suggestion, which would be to task the Board to consider our recommendations within 3 months, and present an action plan for implementation within another 3 months, together with budgetary impact and the identity of who has been tasked. James -would this work? *Rest of the document *This is mainly in good shape, but it needs a proof-read now, and the elimination of the remaining highlighted text - I do not see these as contentious. Bill is working to pull together the language of the findings/conclusions just before the recommendations. *What's the plan now? *I want us to sign off definitively on the recommendations, and stabilise the text in the next hour, please. To do this, folks, we're going to sort out the proxies. Please note that there is already one team member (Bill) expressing concern on these; as I read Peter's mails on the subject he was also expressing concerns that we are introducing very detailed text very late in the day. We have a strong statement on proxy liability from Dakar. Can we have proposals to close this down, please? Over the next two days, I would like Alice and Kathy to carefully proof-read, and tidy up the text in the main body of the report. If there are any volunteers to assist them (Bill - you mentioned that you may have some time? Others?? ). Then we can get it published, but we need to sign off on the substantive recommendations in the *next hour!* Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/cb4970f0/attachment.html From kathy at kathykleiman.com Wed Nov 30 18:48:04 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 13:48:04 -0500 Subject: [Rt4-whois] Clean copy - ALL In-Reply-To: References: Message-ID: <4ED67A64.2030601@kathykleiman.com> Hi All, This is a great time to review the entire report, especially the chapters you wrote. People have now suggested additions and deletions. Does anything strike you as wrong or inappropriate about accepting them? If not, please send a sign off to Alice (and cc all of us, or me and Emily) to say that you are OK with what's been proposed with your chapter. It can be as easy as -- Kathy, Chapter 4, OK. Also, Alice has added headings, subheadings -- OK? Best, Kathy: > Dear Review Team Members, > > Please find attached the latest versions of the master document and > appendices. (clean copy -- 30 November 16:30 UTC -- Alice Jansen) > Since I have applied formatting suggestions Kathy emailed me to the > document, I would be very grateful if penholders of chapters could > please check the formatting structure of their chapters. Does this > match your train on thought? If not, please email me asap so that I > can rectify it for the subsequent version. > Documents will be available on the wiki in a couple of minutes. > The files need additional work (typo hunting etc) but I would be very > grateful if you could please read these documents very carefully and > flag any missing piece of information or inconsistency you notice. > > Many thanks in advance, > > Kind regards > > Alice > > -- > *Alice Jansen* > Assistant, Organizational Reviews > /6 Rond Point Schuman, Bt.5/ > /B-1040 Brussels/ > /Belgium/ > Direct dial: +32 2 234 78 64 > Mobile: +32 4 73 31 76 56 > Skype: alice_jansen_icann > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/328945cd/attachment.html From omar at kaminski.adv.br Wed Nov 30 19:25:05 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 17:25:05 -0200 Subject: [Rt4-whois] Clean copy In-Reply-To: References: Message-ID: About apllicable laws (pg. 14) and law enforcement (13), I agree with Peter, no consensus about applicable laws. California's? Let's see: even international transborder treaties could reach WHOIS at some point with human rights, consumer rights, even copyright law could apply besides privacy laws. It's a grey area. Also, in final instance the data should be considered "personal" even for corporations, entities and companies being shown as non personal entities? In Brazil this diference is much clear, since for years we are only allowing companies to register com.br, not the individuals. But this rule changed some years ago. To register a domain name you need a number related to USA's IRS (or Inland Revenue in Emily's home) even if both databases don't merge. But, again, how to make the data accurable without a validation in other sources? The whole Whois database should be considered protected by copyright laws as a literary creation alike? For accuracy purposes - the main purpose for Whois bilaterally speaking - we must trust in the registrant, the registrars and it's done? Which sources to rely on, if "why?" still need to be addressed? Regards, Omar Including any and all local and national laws that regulate and/or control the collection, display and distribution of personal data via WHOIS.? The Team understands the ?applicable laws? reference as limited to privacy laws [pnettlefo1] <#133f5e9f5be4ccd5__msocom_1> and regulation (SK) comment: I agree with Emily should change to ?encompass all laws but many mainly focus on privacy laws and regulations? and notes ICANN?s existing consensus policy relating to conflicts with privacy laws. The Team considered but determined not to include within the definition international agreements and regional laws, recognizing that such laws are enforceable only to the extent incorporated into the domestic laws of contracting states. ------------------------------ [pnettlefo1] <#133f5e9f5be4ccd5__msoanchor_1>PN: I disagreed with this on 13 September also, and still do. A law requiring disclosure of personal data seems equally relevant to me. Again, I do not recall reaching consensus on this new defintion. 2011/11/30 Emily Taylor > Hi Alice > > Great work - we are nearly there. > > I have a couple of points on the consolidated draft: > > Exec Summary - reading well - I think we should include the > recommendations here, for an encapsulated document which 99.9% of people > who look at this report will be reading. > P 9 - Lynn made a table of contents for insertion after the Executive > Summary. This is a good idea, and if we adopt it, we can delete Kathy's > insertion on p9 and go back to her original para. > > P29 - the Dakar versions (of proxy/privacy definitions) to be used > throughout please > > p44 - please move the highlighted text into an appendix > > Chapter 8 (the GAP ANALYSIS) - this is important, is an older version that > was superseded yesterday. This is the latest version. I've removed all > the highlighting. It divides the Gap analysis into two (Chapter 7 - or > whatever the correct number is - Understanding the needs of stakeholders) > then we put in the consumer trust text after that, then move on to Chapter > 8 (or whatever number it is) which should be Gap Analysis/Conclusions. Bill > is currently reviewing that language. > > Kind regards > > Emily > > > > On 30 November 2011 16:31, Alice Jansen wrote: > >> Dear Review Team Members, >> >> Please find attached the latest versions of the master document and >> appendices. (clean copy ? 30 November 16:30 UTC ? Alice Jansen) >> Since I have applied formatting suggestions Kathy emailed me to the >> document, I would be very grateful if penholders of chapters could please >> check the formatting structure of their chapters. Does this match your >> train on thought? If not, please email me asap so that I can rectify it for >> the subsequent version. >> Documents will be available on the wiki in a couple of minutes. >> The files need additional work (typo hunting etc) but I would be very >> grateful if you could please read these documents very carefully and flag >> any missing piece of information or inconsistency you notice. >> >> Many thanks in advance, >> >> Kind regards >> >> Alice >> >> -- >> *Alice Jansen* >> Assistant, Organizational Reviews >> *6 Rond Point Schuman, Bt.5* >> *B-1040 Brussels* >> *Belgium* >> Direct dial: +32 2 234 78 64 >> Mobile: +32 4 73 31 76 56 >> Skype: alice_jansen_icann >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a6c58889/attachment.html From alice.jansen at icann.org Wed Nov 30 19:27:35 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 30 Nov 2011 11:27:35 -0800 Subject: [Rt4-whois] IMPORTANT: Clean copy In-Reply-To: Message-ID: Team, I have just spoken to Kathy. It appears that we have a serious version control issue. I will be circulating a document later today. Note however that you may still continue to work on the document Emily circulated on recommendations which should be signed off today. Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Alice Jansen > Date: Wed, 30 Nov 2011 08:31:15 -0800 To: "rt4-whois at icann.org" > Subject: Clean copy Dear Review Team Members, Please find attached the latest versions of the master document and appendices. (clean copy ? 30 November 16:30 UTC ? Alice Jansen) Since I have applied formatting suggestions Kathy emailed me to the document, I would be very grateful if penholders of chapters could please check the formatting structure of their chapters. Does this match your train on thought? If not, please email me asap so that I can rectify it for the subsequent version. Documents will be available on the wiki in a couple of minutes. The files need additional work (typo hunting etc) but I would be very grateful if you could please read these documents very carefully and flag any missing piece of information or inconsistency you notice. Many thanks in advance, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/f926cdbe/attachment.html From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 19:38:34 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 06:38:34 +1100 Subject: [Rt4-whois] IMPORTANT: Clean copy [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64225F@EMB01.dept.gov.au> Classification: UNCLASSIFIED Good morning all. I can see you have all been very busy. I'm about to get on a plane, but will come back with comments on the recs once I land. Cheers Peter From: Alice Jansen [mailto:alice.jansen at icann.org] Sent: Thursday, December 01, 2011 06:27 AM To: rt4-whois at icann.org Subject: [Rt4-whois] IMPORTANT: Clean copy Team, I have just spoken to Kathy. It appears that we have a serious version control issue. I will be circulating a document later today. Note however that you may still continue to work on the document Emily circulated on recommendations which should be signed off today. Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Alice Jansen > Date: Wed, 30 Nov 2011 08:31:15 -0800 To: "rt4-whois at icann.org" > Subject: Clean copy Dear Review Team Members, Please find attached the latest versions of the master document and appendices. (clean copy ? 30 November 16:30 UTC ? Alice Jansen) Since I have applied formatting suggestions Kathy emailed me to the document, I would be very grateful if penholders of chapters could please check the formatting structure of their chapters. Does this match your train on thought? If not, please email me asap so that I can rectify it for the subsequent version. Documents will be available on the wiki in a couple of minutes. The files need additional work (typo hunting etc) but I would be very grateful if you could please read these documents very carefully and flag any missing piece of information or inconsistency you notice. Many thanks in advance, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/4b810d32/attachment.html From kathy at kathykleiman.com Wed Nov 30 20:15:24 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 15:15:24 -0500 Subject: [Rt4-whois] Applicable law updated with comments Message-ID: <4ED68EDC.8030404@kathykleiman.com> Hi All, On a key definition applicable law, Alice and I adopted the edits proposed: ==> Now: The Team understands the "applicable laws" reference as encompassing all laws, but mainly focused on privacy laws and regulations, and notes ICANN's existing consensus policy relating to conflicts with privacy laws. The Team considered, but determined not to include within the definition, international agreements and regional laws recognizing that such laws are enforceable only to the extent incorporated into the domestic laws of contracting states. OK? Raise a flag if not. Tx! Kathy & Alice ORIGINAL ===> The Team understands the "applicable laws" reference as limited to privacy laws and regulation (SK) comment: I agree with Emily should change to "encompass all laws but many mainly focus on privacy laws and regulations" and notes ICANN's existing consensus policy relating to conflicts with privacy laws. The Team considered but determined not to include within the definition international agreements and regional laws, recognizing that such laws are enforceable only to the extent incorporated into the domestic laws of contracting states. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/4c7ea163/attachment.html From seth.reiss at lex-ip.com Wed Nov 30 20:33:24 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 10:33:24 -1000 Subject: [Rt4-whois] Applicable law updated with comments In-Reply-To: <4ED68EDC.8030404@kathykleiman.com> References: <4ED68EDC.8030404@kathykleiman.com> Message-ID: <012101ccaf9f$4fcd7eb0$ef687c10$@reiss@lex-ip.com> Good From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 10:15 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Applicable law updated with comments Hi All, On a key definition applicable law, Alice and I adopted the edits proposed: ==> Now: The Team understands the "applicable laws" reference as encompassing all laws, but mainly focused on privacy laws and regulations, and notes ICANN's existing consensus policy relating to conflicts with privacy laws. The Team considered, but determined not to include within the definition, international agreements and regional laws recognizing that such laws are enforceable only to the extent incorporated into the domestic laws of contracting states. OK? Raise a flag if not. Tx! Kathy & Alice ORIGINAL ===> The Team understands the "applicable laws" reference as limited to privacy laws and regulation (SK) comment: I agree with Emily should change to "encompass all laws but many mainly focus on privacy laws and regulations" and notes ICANN's existing consensus policy relating to conflicts with privacy laws. The Team considered but determined not to include within the definition international agreements and regional laws, recognizing that such laws are enforceable only to the extent incorporated into the domestic laws of contracting states. -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/587aeb80/attachment.html From omar at kaminski.adv.br Wed Nov 30 20:46:39 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 18:46:39 -0200 Subject: [Rt4-whois] Applicable law updated with comments In-Reply-To: <4ed69348.6923440a.4fbf.ffff8037SMTPIN_ADDED@mx.google.com> References: <4ED68EDC.8030404@kathykleiman.com> <4ed69348.6923440a.4fbf.ffff8037SMTPIN_ADDED@mx.google.com> Message-ID: Seems I made my considerations in the wrong email, but they are the same, besides one more point on privacy laws: if the Whois system should be kept public and accessible, the problems should arise specially - surprise! in fact, not - on proxy servers and services that keep personal data on private, or under certain conditions (usually paying a tax). Omar 2011/11/30 Seth M Reiss : > Good > > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 10:15 AM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Applicable law updated with comments > > > > Hi All, On a key definition applicable law, Alice and I adopted the edits > proposed: > > ==>? Now: The Team understands the ?applicable laws? reference as > encompassing all laws, but mainly focused on privacy laws and regulations, > and notes ICANN?s existing consensus policy relating to conflicts with > privacy laws. The Team considered, but determined not to include within the > definition, international agreements and regional laws recognizing that such > laws are enforceable only to the extent incorporated into the domestic laws > of contracting states. > > OK?? Raise a flag if not. Tx! Kathy & Alice > > ORIGINAL ===>? The Team understands the ?applicable laws? reference as > limited to privacy laws and regulation (SK) comment: I agree with Emily > should change to ?encompass all laws but many mainly focus on privacy laws > and regulations? and notes ICANN?s existing consensus policy relating to > conflicts with privacy laws. The Team considered but determined not to > include within the definition international agreements and regional laws, > recognizing that such laws are enforceable only to the extent incorporated > into the domestic laws of contracting states. > > -- > > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 21:11:54 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 08:11:54 +1100 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel ; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/a680d08a/attachment.html From susank at fb.com Wed Nov 30 21:14:40 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 21:14:40 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel ; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/3902bdaf/attachment.html From kathy at kathykleiman.com Wed Nov 30 21:15:21 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 16:15:21 -0500 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database Message-ID: <4ED69CE9.7030709@kathykleiman.com> Hi All, Tx for the many comments about the "centralized database" recommendation (now #14). I have worked with Michael and Omar on it, and would like to propose the following, narrower, recommendation: ===> Rec 14: To improve access to the WHOIS data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick Whois data for them. Here's the original text. ===> 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Best, Kathy -- From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 21:17:57 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 08:17:57 +1100 Subject: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. [SEC=UNCLASSIFIED] In-Reply-To: <4ED65CE2.4030706@kathykleiman.com> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642264@EMB01.dept.gov.au> Classification: UNCLASSIFIED Thanks Sharon and all who worked on this new LE definition, which looks good. Cheers, Peter From: Kathy Kleiman [mailto:kathy at kathykleiman.com] Sent: Thursday, December 01, 2011 03:42 AM To: rt4-whois at icann.org Subject: Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. Dear Sharon, Many thanks on this -- and on all of your extensive work with the Whois RT. Much appreciated! Kathy p.s. a second on the Sharon's definition below. NOT PROTECTIVELY MARKED Emily, Happy with this definition: Any entity charged or otherwise mandated by governments with enforcing or ensuring observance of or obedience to the law; an organised body of people officially maintained or employed to keep order, prevent or detect crime and enforce the law Moving intro to DNS to Appendices good ideas. Alice had the latest version, with Lutz's included. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: 30 November 2011 14:30 To: LEMON, Sharon Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] WHOIS Policy RT - Law Enforcement comments. Hi Sharon Thanks for working through this. Sorry to say it, but I will - I don't think your new version of the law enf. definition will work. It includes the world and his wife. Can I have your snap response to the following proposal: Any entity charged or otherwise mandated by governments with enforcing or ensuring observance of or obedience to the law; an organised body of people officially maintained or employed to keep order, prevent or detect crime and enforce the law. Unfortunately, your colleague from Canada was working to quite an old draft, which has been superseded several times over. I can see the comments, and note what is said about impact. We have been discussing moving chunks into appendices. Would the intro to the domain name system be a good candidate? Can you give me finalised text for that section, please, which incorporates the latest comments made by Lutz and others - this version seems to be based on an older draft. The comments from Gary and others later in the text, and gap analysis are good. I'd like to see how we can incorporate some of them. At the moment my priorities are to get the bits lining up in the right places, and have the executive summary, findings and recommendations agreed. Kind regards Emily On 30 November 2011 13:48, LEMON, Sharon > wrote: NOT PROTECTIVELY MARKED Dear Emily, Alice and All, Sorry for arriving at the party late, I have been watching in awe the hundreds of emails flying about. We gave until today for our international colleagues to comment and we have just had our own internal meeting to finalise the comments on the paper. The paper complemented our ongoing law enforcement work within the ICANN community and there are not comments of major significance -ours are in green. I know that Alice is currently going through the nightmare of trying to organise the version control. (Good Luck and thanks Alice). I have replaced the definition of law enforcement with: Any entity with a responsibility to enforce or ensure observance to or obedience of the law, whether mandated by government or otherwise. We could go on forever with this - but let me know if there are any show stopping objections. I hope we make the deadline of 5pm ;-) Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: KIBBEY, Gary Sent: 30 November 2011 13:16 To: LEMON, Sharon Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: FLAHERTY, Jonathan Sent: 29 November 2011 17:54 To: KIBBEY, Gary; ADDIS, Benedict Cc: CURLEY, Cliona Subject: RE: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED My comments added. Jon Flaherty | HVOM | SOCA Cyber & Forensics | 0207 855 2808 | 07919 218439 | jonathan.flaherty at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:34 To: FLAHERTY, Jonathan; ADDIS, Benedict Cc: CURLEY, Cliona Subject: FW: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED Gents If you have any comments -can you drop onto this working copy. Don't track changes - just comments. Ta Gary Gary Kibbey/ Senior Manager Cyber Serious Organised Crime Agency / Tel +44(0)207 855 2863 +44(0)7876790990 gary.kibbey at soca.x.gsi.gov.uk -----Original Message----- From: KIBBEY, Gary Sent: 29 November 2011 14:31 To: KIBBEY, Gary Subject: Emailing: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments NOT PROTECTIVELY MARKED The message is ready to be sent with the following file or link attachments: WHOIS Policy RT - Draft report - 24 Nov - Clean CC GK Comments Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. This email was received from the INTERNET and scanned by the Government Secure Intranet anti-virus service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) In case of problems, please call your organisation?s IT Helpdesk. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/66943932/attachment.html From lynn at goodsecurityconsulting.com Wed Nov 30 21:18:16 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 14:18:16 -0700 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database Message-ID: <20111130141816.00ef555ff13978e3e1b8d2179880f99e.5cf42d988a.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/ea56e5b2/attachment.html From susank at fb.com Wed Nov 30 21:20:22 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 21:20:22 +0000 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <4ED69CE9.7030709@kathykleiman.com> References: <4ED69CE9.7030709@kathykleiman.com> Message-ID: I agree -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 1:15 PM To: rt4-whois at icann.org; Omar Kaminski; Yakushev Mikhail Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database Hi All, Tx for the many comments about the "centralized database" recommendation (now #14). I have worked with Michael and Omar on it, and would like to propose the following, narrower, recommendation: ===> Rec 14: To improve access to the WHOIS data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick Whois data for them. Here's the original text. ===> 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Best, Kathy -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From lynn at goodsecurityconsulting.com Wed Nov 30 21:21:10 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 14:21:10 -0700 Subject: [Rt4-whois] =?utf-8?q?Centralized_Whois_Query_system_run_by_ICANN?= =?utf-8?q?_-_Scope_and_concerns_=5BSEC=3DUNCLASSIFIED=5D?= Message-ID: <20111130142110.00ef555ff13978e3e1b8d2179880f99e.a2262f7476.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/05b33939/attachment.html From kathy at kathykleiman.com Wed Nov 30 21:22:12 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 16:22:12 -0500 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: <4ED69E84.1050600@kathykleiman.com> Peter, For one, it's a new idea. I had always been of the sense that we were trying to correct the problems of "findability" for thin registries, such as the broken links we were seeing between thin registries and registrars, making it difficult to link easily between them. Knowing to link between the registry and registrar and actually executing that function is, I agree, a complicated task. Also, we noted that all future gTLD registries are Thick, and that leaves .com and .net as real outliers. But never in our discussions, did I ever think we were changing the systems for the existing thick gTLD registries. That is an entirely new dimension to the Whois problem, takes us in a completely different direction. I have to raise a flag. It's an entirely different solution. It's policy. If you want me to raise the myriad of problems it might lead to, and data protection issues, I would be happy to. But my fingers are tired :-). All the best, Kathy Classification: UNCLASSIFIED > > Hello all, > > I've missed a lot of discussion on this overnight my time, so I > apologise if I've missed something that answers my question. > > The references to an ICANN database are confusing to me, and may be > part of the contention here. > > I had understood that we would recommend that ICANN create a smart web > portal for consumers that would effectively do a WHOIS search for > them. As I understood it, ICANN would not need to make its own > database, thereby avoiding some of the data protection issues, and > instead purely focus on the user experience. > > Is this what others had understood? > > If so, does this address the concerns about scope - ie why wouldn't > ICANN provide a comprehensive search tool for all gTLDs? > > Please let me know if I've got this wrong. > > Cheers > > Peter > > > *From*: Susan Kawaguchi [mailto:susank at fb.com] > *Sent*: Thursday, December 01, 2011 03:27 AM > *To*: James M. Bladel ; Emily Taylor > > *Cc*: rt4-whois at icann.org > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns > > I agree that we should not try and answer all the questions but I was > under the impression that the centralized WHOIS was only targeting > .com and .net to solve the problem of having to search for the correct > registrar out of the almost 1000 possible. > > I do not agree to include all gtlds. > > *From:*rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] *On Behalf Of *James M. Bladel > *Sent:* Wednesday, November 30, 2011 8:21 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns > > No, I don't think we should attempt to answer these questions in RT4, > nor presume that we have even identified all of the dependent questions. > > I believe our recommendation should task the Board, within a > reasonable timeframe (90 days?), to request an issues report on a > Centralized WHOIS system for all gTLDs, including how it should be > operated and what measures would be adopted to protect against abuse / > privacy violations / data harvesting. > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach) > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > > Cc: Kathy Kleiman >, rt4-whois at icann.org > > > Hi James > > Thanks for raising these points. Can you suggest some language > which you think would work? Also, Kathy raised a good point about > whether this is limited to thin registries (.com, .net) or all? I > don't think we've ever discussed this. > > Kind regards > > Emily > > On 30 November 2011 16:06, James M. Bladel > wrote: > > I don't oppose this recommendation, but my issue with this is that > we are once again being too vague in what we're asking. > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? > > Set up: How? By launching a PDP? Sending out an RFP? > > Deadline? > > Are we confident that this group has considered all of the > consequences to privacy, security, access, SLAs, etc.? (Reasons > why a PDP can be more helpful for things like this...) > > Thanks-- > > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by > ICANN - > Scope and concerns > From: Kathy Kleiman > > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org > > > > All, > Is this the current version of the Lutz proposal now in > circulation? I > thought it applied only to a centralized database of the > current "thin > registries," namely .COM and .NET. If so, I can see the > advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and > thin, now > and in the future, I think we creating a database problem. > It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has > never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft > with > registries -- after publication is fine). One database of all > Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN > REGISTRIES"** even for those people which have problems with > the plain > WHOIS protocol. > > The WHOIS information should be collected by following the > thin WHOIS > approach starting at whois.iana.org . > The service should display the > contractural relationships which are revealed by the WHOIS > referals in > a clear and understandable way. The results should be mark > clearly the > relevant information "including registrant, technical, ** > DELETE BILLING** billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is > simply not > displayed in any other Whois search results. It is only > registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to maintain > timely, > > unrestricted and public access to accurate and complete WHOIS > information, > > including registrant, technical, billing, and administrative > contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first in > the search > > engine results. Usually those pages are overloaded with > advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to allow > > "unrestricted and public access to accurate and complete WHOIS > > information" even for those people which have problems with > the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following the > thin WHOIS > > approach starting at whois.iana.org . > The service should display the > > contractural relationships which are revealed by the WHOIS > referals in > > a clear and understandable way. The results should be mark > clearly the > > relevant information "including registrant, technical, > billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the "timely, > > unrestricted and public access" is usually rate limited, > stripped or even > > blocked by the various WHOIS server administrators for > uncontractual > > third party access. ICANN itself is the only party having the > power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in > England and Wales No. 730471. VAT No. 114487713. > > > *-------------------------------------------------------------------------------* > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and > destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > *-------------------------------------------------------------------------------* > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/7d568556/attachment.html From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 21:23:44 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 08:23:44 +1100 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database [SEC=UNCLASSIFIED] In-Reply-To: <20111130141816.00ef555ff13978e3e1b8d2179880f99e.5cf42d988a.wbe@email12.secureserver.net> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642265@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi all, I'm not going to oppose this, as its an important step in the right direction. That said, I don't understand why it can't be for all gTLDs. Its just a search portal, isn't it? Why would it be a problem for this to be compehensive? Wouldn't a comprehensive portal be better for consumers, not only for ease of access to data, but if compehensive it would gain a reputation as a one-stop-shop and help to address the lack of awareness issue? Am I missing something here? Cheers, Peter From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Thursday, December 01, 2011 08:18 AM To: Kathy Kleiman Cc: rt4-whois at icann.org ; Yakushev Mikhail Subject: Re: [Rt4-whois] Updated Recommendation 14 - Centralized Database excellent! -like it -------- Original Message -------- Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database From: Kathy Kleiman > Date: Wed, November 30, 2011 4:15 pm To: "rt4-whois at icann.org" >, Omar Kaminski >, Yakushev Mikhail > Hi All, Tx for the many comments about the "centralized database" recommendation (now #14). I have worked with Michael and Omar on it, and would like to propose the following, narrower, recommendation: ===> Rec 14: To improve access to the WHOIS data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick Whois data for them. Here's the original text. ===> 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Best, Kathy -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/41f9bb17/attachment.html From seth.reiss at lex-ip.com Wed Nov 30 21:24:41 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 11:24:41 -1000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: <014a01ccafa6$79fd0a00$6df71e00$@reiss@lex-ip.com> I agree with Peter. I do not know why we would want to limit it to .com and .net even though these GTLDs present the greatest challenge to the WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the concerns Kathy expressed regarding management; I am not sure I understand Susan?s concerns that it be limited to only to the two GTLDs most in need of the service. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Wednesday, November 30, 2011 11:15 AM To: Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel ; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" Cc: Kathy Kleiman , rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/551cc81f/attachment.html From emily at emilytaylor.eu Wed Nov 30 21:30:11 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 21:30:11 +0000 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642265@EMB01.dept.gov.au> References: <20111130141816.00ef555ff13978e3e1b8d2179880f99e.5cf42d988a.wbe@email12.secureserver.net> <636771A7F4383E408C57A0240B5F8D4A333D642265@EMB01.dept.gov.au> Message-ID: Hi I like Kathy, Michael and Omar's suggested wording for 14. Like Peter I would be relaxed about it extending to any or all gTLDs, but can live with .com and .net as they are the real pain. Kind regards Emily On 30 November 2011 21:23, Nettlefold, Peter wrote: > Classification: UNCLASSIFIED > > Hi all, > > I'm not going to oppose this, as its an important step in the right > direction. > > That said, I don't understand why it can't be for all gTLDs. Its just a > search portal, isn't it? Why would it be a problem for this to be > compehensive? Wouldn't a comprehensive portal be better for consumers, not > only for ease of access to data, but if compehensive it would gain a > reputation as a one-stop-shop and help to address the lack of awareness > issue? > > Am I missing something here? > > Cheers, > > Peter > > *From*: lynn at goodsecurityconsulting.com [mailto: > lynn at goodsecurityconsulting.com] > *Sent*: Thursday, December 01, 2011 08:18 AM > *To*: Kathy Kleiman > *Cc*: rt4-whois at icann.org ; Yakushev Mikhail < > Yakushev at dstadvisors.ru> > *Subject*: Re: [Rt4-whois] Updated Recommendation 14 - Centralized > Database > > excellent! -like it > > > -------- Original Message -------- > Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database > From: Kathy Kleiman > Date: Wed, November 30, 2011 4:15 pm > To: "rt4-whois at icann.org" , Omar Kaminski > , Yakushev Mikhail > > > Hi All, > Tx for the many comments about the "centralized database" recommendation > (now #14). I have worked with Michael and Omar on it, and would like to > propose the following, narrower, recommendation: > > ===> Rec 14: To improve access to the WHOIS data of .COM and .NET > gTLDs, the only remaining Thin Registries, ICANN should set up a > dedicated, multilingual interface website to provide thick Whois data > for them. > > Here's the original text. > > ===> 14. To make WHOIS data more accessible for consumers, ICANN should set > up a dedicated, multilingual interface website to allow "unrestricted and > public access to accurate and complete WHOIS information". Such interface > should provide thick WHOIS data for all gTLD domain names. > > Best, > Kathy > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > * > ------------------------------------------------------------------------------- > * > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > * > ------------------------------------------------------------------------------- > * > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/0ff7d118/attachment.html From susank at fb.com Wed Nov 30 21:30:41 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 21:30:41 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <014a01ccafa6$79fd0a00$6df71e00$@reiss@lex-ip.com> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> <014a01ccafa6$79fd0a00$6df71e00$@reiss@lex-ip.com> Message-ID: I will not oppose it if we include all gTlds but my gut feeling is that the other registries may be opposed to being included in this web portal. If we keep it as uncomplicated as possible we are more likely to gain the consensus of the community. From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 1:25 PM To: Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; emily at emilytaylor.eu Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Peter. I do not know why we would want to limit it to .com and .net even though these GTLDs present the greatest challenge to the WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the concerns Kathy expressed regarding management; I am not sure I understand Susan?s concerns that it be limited to only to the two GTLDs most in need of the service. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Wednesday, November 30, 2011 11:15 AM To: Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel ; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/3c1b63e9/attachment.html From emily at emilytaylor.eu Wed Nov 30 21:32:28 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 21:32:28 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: I agree with Susan. Does the most recent wording reflect the "smart web portal" concept? Sorry if I've missed it. Have just got in. On 30 November 2011 21:30, Susan Kawaguchi wrote: > I will not oppose it if we include all gTlds but my gut feeling is that > the other registries may be opposed to being included in this web portal. > If we keep it as uncomplicated as possible we are more likely to gain the > consensus of the community. **** > > ** ** > > ** ** > > ** ** > > *From:* Seth M Reiss [mailto:seth.reiss at lex-ip.com] > *Sent:* Wednesday, November 30, 2011 1:25 PM > *To:* Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; > emily at emilytaylor.eu > *Cc:* rt4-whois at icann.org > *Subject:* RE: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > ** ** > > I agree with Peter. I do not know why we would want to limit it to .com > and .net even though these GTLDs present the greatest challenge to the > WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the > concerns Kathy expressed regarding management; I am not sure I understand > Susan?s concerns that it be limited to only to the two GTLDs most in need > of the service.**** > > ** ** > > Seth**** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *Susan Kawaguchi > > *Sent:* Wednesday, November 30, 2011 11:15 AM > *To:* Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' > > *Cc:* 'rt4-whois at icann.org' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > ** ** > > That was my understanding when we discussed previously but this would only > be for .com and .net registrations. Is this feasible ? **** > > ** ** > > *From:* Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] > *Sent:* Wednesday, November 30, 2011 1:12 PM > *To:* Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' > *Cc:* 'rt4-whois at icann.org' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > ** ** > > Classification: UNCLASSIFIED > > Hello all, > > I've missed a lot of discussion on this overnight my time, so I apologise > if I've missed something that answers my question. > > The references to an ICANN database are confusing to me, and may be part > of the contention here. > > I had understood that we would recommend that ICANN create a smart web > portal for consumers that would effectively do a WHOIS search for them. As > I understood it, ICANN would not need to make its own database, thereby > avoiding some of the data protection issues, and instead purely focus on > the user experience. > > Is this what others had understood? > > If so, does this address the concerns about scope - ie why wouldn't ICANN > provide a comprehensive search tool for all gTLDs? > > Please let me know if I've got this wrong. > > Cheers > > Peter > > **** > > *From*: Susan Kawaguchi [mailto:susank at fb.com] > *Sent*: Thursday, December 01, 2011 03:27 AM > *To*: James M. Bladel ; Emily Taylor < > emily at emilytaylor.eu> > *Cc*: rt4-whois at icann.org > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > **** > > I agree that we should not try and answer all the questions but I was > under the impression that the centralized WHOIS was only targeting .com and > .net to solve the problem of having to search for the correct registrar out > of the almost 1000 possible. **** > > ** ** > > I do not agree to include all gtlds. **** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *James M. Bladel > *Sent:* Wednesday, November 30, 2011 8:21 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns**** > > ** ** > > No, I don't think we should attempt to answer these questions in RT4, nor > presume that we have even identified all of the dependent questions.**** > > ** ** > > I believe our recommendation should task the Board, within a reasonable > timeframe (90 days?), to request an issues report on a Centralized WHOIS > system for all gTLDs, including how it should be operated and what measures > would be adopted to protect against abuse / privacy violations / data > harvesting. **** > > ** ** > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach)**** > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > Cc: Kathy Kleiman , rt4-whois at icann.org > > Hi James > > Thanks for raising these points. Can you suggest some language which you > think would work? Also, Kathy raised a good point about whether this is > limited to thin registries (.com, .net) or all? I don't think we've ever > discussed this. > > Kind regards > > Emily**** > > On 30 November 2011 16:06, James M. Bladel wrote:*** > * > > I don't oppose this recommendation, but my issue with this is that we are > once again being too vague in what we're asking.**** > > ** ** > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party?**** > > ** ** > > Set up: How? By launching a PDP? Sending out an RFP?**** > > ** ** > > Deadline? **** > > ** ** > > Are we confident that this group has considered all of the consequences to > privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more > helpful for things like this...)**** > > ** ** > > Thanks--**** > > > J.**** > > ** ** > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org**** > > > > All, > Is this the current version of the Lutz proposal now in circulation? I > thought it applied only to a centralized database of the current "thin > registries," namely .COM and .NET. If so, I can see the advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and thin, now > and in the future, I think we creating a database problem. It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft with > registries -- after publication is fine). One database of all Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even > for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, ** DELETE BILLING** > billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is simply not > displayed in any other Whois search results. It is only registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to maintain timely, > > unrestricted and public access to accurate and complete WHOIS > information, > > including registrant, technical, billing, and administrative contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first in the search > > engine results. Usually those pages are overloaded with advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to allow > > "unrestricted and public access to accurate and complete WHOIS > > information" even for those people which have problems with the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following the thin WHOIS > > approach starting at whois.iana.org. The service should display the > > contractural relationships which are revealed by the WHOIS referals in > > a clear and understandable way. The results should be mark clearly the > > relevant information "including registrant, technical, billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the "timely, > > unrestricted and public access" is usually rate limited, stripped or even > > blocked by the various WHOIS server administrators for uncontractual > > third party access. ICANN itself is the only party having the power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois**** > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois**** > > > > > -- > > > **** > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713.**** > > ** ** > > > * > ------------------------------------------------------------------------------- > * > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > * > ------------------------------------------------------------------------------- > ***** > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/0303d605/attachment.html From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 21:38:41 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 08:38:41 +1100 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi again, As this is our draft, can we propose a compehensive solution (there are good reasons in favour), and then see what the other registries say? Maybe they won't oppose it. And if they do, at least we'll know why. What would we lose by trying? Cheers Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, December 01, 2011 08:32 AM To: Susan Kawaguchi Cc: Seth M Reiss ; Nettlefold, Peter; jbladel at godaddy.com ; rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Susan. Does the most recent wording reflect the "smart web portal" concept? Sorry if I've missed it. Have just got in. On 30 November 2011 21:30, Susan Kawaguchi > wrote: I will not oppose it if we include all gTlds but my gut feeling is that the other registries may be opposed to being included in this web portal. If we keep it as uncomplicated as possible we are more likely to gain the consensus of the community. From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 1:25 PM To: Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; emily at emilytaylor.eu Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Peter. I do not know why we would want to limit it to .com and .net even though these GTLDs present the greatest challenge to the WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the concerns Kathy expressed regarding management; I am not sure I understand Susan?s concerns that it be limited to only to the two GTLDs most in need of the service. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Wednesday, November 30, 2011 11:15 AM To: Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel >; Emily Taylor > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/6e211d03/attachment.html From susank at fb.com Wed Nov 30 21:39:45 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 21:39:45 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> Message-ID: agreed From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:39 PM To: 'emily at emilytaylor.eu'; Susan Kawaguchi Cc: 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hi again, As this is our draft, can we propose a compehensive solution (there are good reasons in favour), and then see what the other registries say? Maybe they won't oppose it. And if they do, at least we'll know why. What would we lose by trying? Cheers Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, December 01, 2011 08:32 AM To: Susan Kawaguchi Cc: Seth M Reiss ; Nettlefold, Peter; jbladel at godaddy.com ; rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Susan. Does the most recent wording reflect the "smart web portal" concept? Sorry if I've missed it. Have just got in. On 30 November 2011 21:30, Susan Kawaguchi > wrote: I will not oppose it if we include all gTlds but my gut feeling is that the other registries may be opposed to being included in this web portal. If we keep it as uncomplicated as possible we are more likely to gain the consensus of the community. From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 1:25 PM To: Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; emily at emilytaylor.eu Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Peter. I do not know why we would want to limit it to .com and .net even though these GTLDs present the greatest challenge to the WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the concerns Kathy expressed regarding management; I am not sure I understand Susan?s concerns that it be limited to only to the two GTLDs most in need of the service. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Wednesday, November 30, 2011 11:15 AM To: Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel >; Emily Taylor > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" > Cc: Kathy Kleiman >, rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel > wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/e835ad37/attachment.html From seth.reiss at lex-ip.com Wed Nov 30 21:50:30 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 11:50:30 -1000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> Message-ID: <019801ccafaa$156f2b50$404d81f0$@reiss@lex-ip.com> If we cannot get a consensus for applying the smart portal ideas for all registries, then how about stating that it should be implemented for at least the .com and .net registry with the view of extending it to other existing and future registries as appropriate. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 11:40 AM To: Nettlefold, Peter; 'emily at emilytaylor.eu' Cc: 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; 'rt4-whois at icann.org' Subject: RE: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] agreed From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:39 PM To: 'emily at emilytaylor.eu'; Susan Kawaguchi Cc: 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hi again, As this is our draft, can we propose a compehensive solution (there are good reasons in favour), and then see what the other registries say? Maybe they won't oppose it. And if they do, at least we'll know why. What would we lose by trying? Cheers Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, December 01, 2011 08:32 AM To: Susan Kawaguchi Cc: Seth M Reiss ; Nettlefold, Peter; jbladel at godaddy.com ; rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Susan. Does the most recent wording reflect the "smart web portal" concept? Sorry if I've missed it. Have just got in. On 30 November 2011 21:30, Susan Kawaguchi wrote: I will not oppose it if we include all gTlds but my gut feeling is that the other registries may be opposed to being included in this web portal. If we keep it as uncomplicated as possible we are more likely to gain the consensus of the community. From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 1:25 PM To: Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; emily at emilytaylor.eu Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] I agree with Peter. I do not know why we would want to limit it to .com and .net even though these GTLDs present the greatest challenge to the WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the concerns Kathy expressed regarding management; I am not sure I understand Susan?s concerns that it be limited to only to the two GTLDs most in need of the service. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Wednesday, November 30, 2011 11:15 AM To: Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] That was my understanding when we discussed previously but this would only be for .com and .net registrations. Is this feasible ? From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] Sent: Wednesday, November 30, 2011 1:12 PM To: Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' Cc: 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hello all, I've missed a lot of discussion on this overnight my time, so I apologise if I've missed something that answers my question. The references to an ICANN database are confusing to me, and may be part of the contention here. I had understood that we would recommend that ICANN create a smart web portal for consumers that would effectively do a WHOIS search for them. As I understood it, ICANN would not need to make its own database, thereby avoiding some of the data protection issues, and instead purely focus on the user experience. Is this what others had understood? If so, does this address the concerns about scope - ie why wouldn't ICANN provide a comprehensive search tool for all gTLDs? Please let me know if I've got this wrong. Cheers Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:27 AM To: James M. Bladel ; Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns I agree that we should not try and answer all the questions but I was under the impression that the centralized WHOIS was only targeting .com and .net to solve the problem of having to search for the correct registrar out of the almost 1000 possible. I do not agree to include all gtlds. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of James M. Bladel Sent: Wednesday, November 30, 2011 8:21 AM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns No, I don't think we should attempt to answer these questions in RT4, nor presume that we have even identified all of the dependent questions. I believe our recommendation should task the Board, within a reasonable timeframe (90 days?), to request an issues report on a Centralized WHOIS system for all gTLDs, including how it should be operated and what measures would be adopted to protect against abuse / privacy violations / data harvesting. (This will initiate a PDP which, while slower, will be a more comprehensive approach) -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Emily Taylor Date: Wed, November 30, 2011 10:15 am To: "James M. Bladel" Cc: Kathy Kleiman , rt4-whois at icann.org Hi James Thanks for raising these points. Can you suggest some language which you think would work? Also, Kathy raised a good point about whether this is limited to thin registries (.com, .net) or all? I don't think we've ever discussed this. Kind regards Emily On 30 November 2011 16:06, James M. Bladel wrote: I don't oppose this recommendation, but my issue with this is that we are once again being too vague in what we're asking. ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? Set up: How? By launching a PDP? Sending out an RFP? Deadline? Are we confident that this group has considered all of the consequences to privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more helpful for things like this...) Thanks-- J. -------- Original Message -------- Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns From: Kathy Kleiman Date: Wed, November 30, 2011 9:56 am To: rt4-whois at icann.org All, Is this the current version of the Lutz proposal now in circulation? I thought it applied only to a centralized database of the current "thin registries," namely .COM and .NET. If so, I can see the advantages and support sending it out as a recommendation in the draft report. But if this is a single database of all registries, thick and thin, now and in the future, I think we creating a database problem. It's an enormous amount of data and creates a focal point for abuse, for warehousing, etc. It's the type of policing job that ICANN has never had to do, and is not operationally set up to do. So thought summary: If ICANN is helping remedy a bad situation by operating a single registry for .COM and .NET to fix a historical problem, I think I am OK for now (pending review of the draft with registries -- after publication is fine). One database of all Whois information to Rule the World, not so good. RECOMMENDATION EDIT: Detailed recommendation: ICANN should set up a dedicated, multilingual website to allow "unrestricted and public access to accurate and complete WHOIS information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even for those people which have problems with the plain WHOIS protocol. The WHOIS information should be collected by following the thin WHOIS approach starting at whois.iana.org. The service should display the contractural relationships which are revealed by the WHOIS referals in a clear and understandable way. The results should be mark clearly the relevant information "including registrant, technical, ** DELETE BILLING** billing, and administrative contact" data. ** NOTE: Billing data, which includes credit cards Folks, is simply not displayed in any other Whois search results. It is only registrant, technical, and admin contact.** Best, Kathy > Proposal: > > Summary: > ICANN should set up and maintain a web interface to access > all the WHOIS services in order to ease access to the WHOIS data. > > Presumption: > The AoC requires that "ICANN implement measures to maintain timely, > unrestricted and public access to accurate and complete WHOIS information, > including registrant, technical, billing, and administrative contact > information." > > Observation: > An User Insight Report came up with the following results: > + Almost nobody is aware of whois > + Almost nobody is able to query a whois server correctly > + Whois queries were done on websites which occur first in the search > engine results. Usually those pages are overloaded with advertisments. > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" even for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, billing, and > administrative contact" data. > > The server needs to be run by ICANN itself, because the "timely, > unrestricted and public access" is usually rate limited, stripped or even > blocked by the various WHOIS server administrators for uncontractual > third party access. ICANN itself is the only party having the power to > overcome those limits using its contratual compliance. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b4bcea4a/attachment.html From emily at emilytaylor.eu Wed Nov 30 21:53:37 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Wed, 30 Nov 2011 21:53:37 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <4ed6a52e.0baf650a.1671.ffffb36fSMTPIN_ADDED@mx.google.com> References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> <4ed6a52e.0baf650a.1671.ffffb36fSMTPIN_ADDED@mx.google.com> Message-ID: Thanks Seth I would support that/ E On 30 November 2011 21:50, Seth M Reiss wrote: > If we cannot get a consensus for applying the smart portal ideas for all > registries, then how about stating that it should be implemented for at > least the .com and .net registry with the view of extending it to other > existing and future registries as appropriate.**** > > ** ** > > Seth**** > > ** ** > > *From:* Susan Kawaguchi [mailto:susank at fb.com] > *Sent:* Wednesday, November 30, 2011 11:40 AM > *To:* Nettlefold, Peter; 'emily at emilytaylor.eu' > *Cc:* 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; 'rt4-whois at icann.org > ' > > *Subject:* RE: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > ** ** > > agreed**** > > ** ** > > *From:* Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] > *Sent:* Wednesday, November 30, 2011 1:39 PM > *To:* 'emily at emilytaylor.eu'; Susan Kawaguchi > *Cc:* 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; 'rt4-whois at icann.org > ' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > ** ** > > Classification: UNCLASSIFIED > > Hi again, > > As this is our draft, can we propose a compehensive solution (there are > good reasons in favour), and then see what the other registries say? Maybe > they won't oppose it. And if they do, at least we'll know why. > > What would we lose by trying? > > Cheers > > Peter > > **** > > *From*: Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent*: Thursday, December 01, 2011 08:32 AM > *To*: Susan Kawaguchi > *Cc*: Seth M Reiss ; Nettlefold, Peter; > jbladel at godaddy.com ; rt4-whois at icann.org < > rt4-whois at icann.org> > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED] > **** > > I agree with Susan. > > Does the most recent wording reflect the "smart web portal" concept? > Sorry if I've missed it. Have just got in.**** > > On 30 November 2011 21:30, Susan Kawaguchi wrote:**** > > I will not oppose it if we include all gTlds but my gut feeling is that > the other registries may be opposed to being included in this web portal. > If we keep it as uncomplicated as possible we are more likely to gain the > consensus of the community. **** > > **** > > **** > > **** > > *From:* Seth M Reiss [mailto:seth.reiss at lex-ip.com] > *Sent:* Wednesday, November 30, 2011 1:25 PM > *To:* Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com; > emily at emilytaylor.eu > *Cc:* rt4-whois at icann.org > *Subject:* RE: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > **** > > I agree with Peter. I do not know why we would want to limit it to .com > and .net even though these GTLDs present the greatest challenge to the > WHOIS consumer. I think the smart portal idea that Lutz proposed avoid the > concerns Kathy expressed regarding management; I am not sure I understand > Susan?s concerns that it be limited to only to the two GTLDs most in need > of the service.**** > > **** > > Seth**** > > **** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *Susan Kawaguchi**** > > > *Sent:* Wednesday, November 30, 2011 11:15 AM**** > > *To:* Nettlefold, Peter; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu'**** > > > *Cc:* 'rt4-whois at icann.org' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > **** > > That was my understanding when we discussed previously but this would only > be for .com and .net registrations. Is this feasible ? **** > > **** > > *From:* Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] > *Sent:* Wednesday, November 30, 2011 1:12 PM > *To:* Susan Kawaguchi; 'jbladel at godaddy.com'; 'emily at emilytaylor.eu' > *Cc:* 'rt4-whois at icann.org' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns [SEC=UNCLASSIFIED]**** > > **** > > Classification: UNCLASSIFIED > > Hello all, > > I've missed a lot of discussion on this overnight my time, so I apologise > if I've missed something that answers my question. > > The references to an ICANN database are confusing to me, and may be part > of the contention here. > > I had understood that we would recommend that ICANN create a smart web > portal for consumers that would effectively do a WHOIS search for them. As > I understood it, ICANN would not need to make its own database, thereby > avoiding some of the data protection issues, and instead purely focus on > the user experience. > > Is this what others had understood? > > If so, does this address the concerns about scope - ie why wouldn't ICANN > provide a comprehensive search tool for all gTLDs? > > Please let me know if I've got this wrong. > > Cheers > > Peter > > **** > > *From*: Susan Kawaguchi [mailto:susank at fb.com] > *Sent*: Thursday, December 01, 2011 03:27 AM > *To*: James M. Bladel ; Emily Taylor < > emily at emilytaylor.eu> > *Cc*: rt4-whois at icann.org > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > **** > > I agree that we should not try and answer all the questions but I was > under the impression that the centralized WHOIS was only targeting .com and > .net to solve the problem of having to search for the correct registrar out > of the almost 1000 possible. **** > > **** > > I do not agree to include all gtlds. **** > > **** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *James M. Bladel > *Sent:* Wednesday, November 30, 2011 8:21 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns**** > > **** > > No, I don't think we should attempt to answer these questions in RT4, nor > presume that we have even identified all of the dependent questions.**** > > **** > > I believe our recommendation should task the Board, within a reasonable > timeframe (90 days?), to request an issues report on a Centralized WHOIS > system for all gTLDs, including how it should be operated and what measures > would be adopted to protect against abuse / privacy violations / data > harvesting. **** > > **** > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach)**** > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > Cc: Kathy Kleiman , rt4-whois at icann.org > > Hi James > > Thanks for raising these points. Can you suggest some language which you > think would work? Also, Kathy raised a good point about whether this is > limited to thin registries (.com, .net) or all? I don't think we've ever > discussed this. > > Kind regards > > Emily**** > > On 30 November 2011 16:06, James M. Bladel wrote:*** > * > > I don't oppose this recommendation, but my issue with this is that we are > once again being too vague in what we're asking.**** > > **** > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party?**** > > **** > > Set up: How? By launching a PDP? Sending out an RFP?**** > > **** > > Deadline? **** > > **** > > Are we confident that this group has considered all of the consequences to > privacy, security, access, SLAs, etc.? (Reasons why a PDP can be more > helpful for things like this...)**** > > **** > > Thanks--**** > > > J.**** > > **** > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Kathy Kleiman > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org**** > > > > All, > Is this the current version of the Lutz proposal now in circulation? I > thought it applied only to a centralized database of the current "thin > registries," namely .COM and .NET. If so, I can see the advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and thin, now > and in the future, I think we creating a database problem. It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft with > registries -- after publication is fine). One database of all Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN REGISTRIES"** even > for those people which have problems with the plain > WHOIS protocol. > > The WHOIS information should be collected by following the thin WHOIS > approach starting at whois.iana.org. The service should display the > contractural relationships which are revealed by the WHOIS referals in > a clear and understandable way. The results should be mark clearly the > relevant information "including registrant, technical, ** DELETE BILLING** > billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is simply not > displayed in any other Whois search results. It is only registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to maintain timely, > > unrestricted and public access to accurate and complete WHOIS > information, > > including registrant, technical, billing, and administrative contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first in the search > > engine results. Usually those pages are overloaded with advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to allow > > "unrestricted and public access to accurate and complete WHOIS > > information" even for those people which have problems with the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following the thin WHOIS > > approach starting at whois.iana.org. The service should display the > > contractural relationships which are revealed by the WHOIS referals in > > a clear and understandable way. The results should be mark clearly the > > relevant information "including registrant, technical, billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the "timely, > > unrestricted and public access" is usually rate limited, stripped or even > > blocked by the various WHOIS server administrators for uncontractual > > third party access. ICANN itself is the only party having the power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois**** > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois**** > > > > > -- > > > **** > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713.**** > > **** > > > * > ------------------------------------------------------------------------------- > * > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > * > ------------------------------------------------------------------------------- > ***** > > > > > -- > > > **** > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713.**** > > ** ** > > > * > ------------------------------------------------------------------------------- > * > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > * > ------------------------------------------------------------------------------- > ***** > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/593d5489/attachment.html From kathy at kathykleiman.com Wed Nov 30 21:56:30 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 16:56:30 -0500 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> Message-ID: <4ED6A68E.4040203@kathykleiman.com> Sorry Peter, I see your reasoning, but I can't agree with this one. Its a huge registry issue and I see LOTS of problems with it, including the massive transition of personal data across national borders on a massive scale. I really don't see going forward with an enormous new database -- it's policy for the highest form, and on a matter we have not even agreed to the problems of (missing the fact-based research). Again, I see a fact-finding problem that we discussed, researched and even proved in Lynn's study with .COM and .NET. Solving the findabiliity in the thin registries we have the base for. But I simply don't see a problem with .ORG, .INFO, .BIZ, and all the other Thick Registries. They are all doing their jobs quite well, no one has called them out to us, they are the model for the new gTLDs -- changing how they operate and how this data is processed is a whole different ballgame. That's a horse of a different color. Kathy agreed > > *From:*Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au] > *Sent:* Wednesday, November 30, 2011 1:39 PM > *To:* 'emily at emilytaylor.eu'; Susan Kawaguchi > *Cc:* 'seth.reiss at lex-ip.com'; 'jbladel at godaddy.com'; > 'rt4-whois at icann.org' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hi again, > > As this is our draft, can we propose a compehensive solution (there > are good reasons in favour), and then see what the other registries > say? Maybe they won't oppose it. And if they do, at least we'll know why. > > What would we lose by trying? > > Cheers > > Peter > > *From*: Emily Taylor [mailto:emily at emilytaylor.eu] > *Sent*: Thursday, December 01, 2011 08:32 AM > *To*: Susan Kawaguchi > *Cc*: Seth M Reiss ; Nettlefold, Peter; > jbladel at godaddy.com ; rt4-whois at icann.org > > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns [SEC=UNCLASSIFIED] > > I agree with Susan. > > Does the most recent wording reflect the "smart web portal" concept? > Sorry if I've missed it. Have just got in. > > On 30 November 2011 21:30, Susan Kawaguchi > wrote: > > I will not oppose it if we include all gTlds but my gut feeling is > that the other registries may be opposed to being included in this web > portal. If we keep it as uncomplicated as possible we are more > likely to gain the consensus of the community. > > *From:*Seth M Reiss [mailto:seth.reiss at lex-ip.com > ] > *Sent:* Wednesday, November 30, 2011 1:25 PM > *To:* Susan Kawaguchi; 'Nettlefold, Peter'; jbladel at godaddy.com > ; emily at emilytaylor.eu > > *Cc:* rt4-whois at icann.org > *Subject:* RE: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns [SEC=UNCLASSIFIED] > > I agree with Peter. I do not know why we would want to limit it to > .com and .net even though these GTLDs present the greatest challenge > to the WHOIS consumer. I think the smart portal idea that Lutz > proposed avoid the concerns Kathy expressed regarding management; I am > not sure I understand Susan's concerns that it be limited to only to > the two GTLDs most in need of the service. > > Seth > > *From:*rt4-whois-bounces at icann.org > > [mailto:rt4-whois-bounces at icann.org > ] *On Behalf Of *Susan Kawaguchi > > > *Sent:* Wednesday, November 30, 2011 11:15 AM > > *To:* Nettlefold, Peter; 'jbladel at godaddy.com > '; 'emily at emilytaylor.eu > ' > > > *Cc:* 'rt4-whois at icann.org ' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns [SEC=UNCLASSIFIED] > > That was my understanding when we discussed previously but this would > only be for .com and .net registrations. Is this feasible ? > > *From:*Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au > ] > *Sent:* Wednesday, November 30, 2011 1:12 PM > *To:* Susan Kawaguchi; 'jbladel at godaddy.com > '; 'emily at emilytaylor.eu > ' > *Cc:* 'rt4-whois at icann.org ' > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns [SEC=UNCLASSIFIED] > > Classification: UNCLASSIFIED > > Hello all, > > I've missed a lot of discussion on this overnight my time, so I > apologise if I've missed something that answers my question. > > The references to an ICANN database are confusing to me, and may be > part of the contention here. > > I had understood that we would recommend that ICANN create a smart web > portal for consumers that would effectively do a WHOIS search for > them. As I understood it, ICANN would not need to make its own > database, thereby avoiding some of the data protection issues, and > instead purely focus on the user experience. > > Is this what others had understood? > > If so, does this address the concerns about scope - ie why wouldn't > ICANN provide a comprehensive search tool for all gTLDs? > > Please let me know if I've got this wrong. > > Cheers > > Peter > > *From*: Susan Kawaguchi [mailto:susank at fb.com ] > *Sent*: Thursday, December 01, 2011 03:27 AM > *To*: James M. Bladel >; Emily Taylor > > *Cc*: rt4-whois at icann.org > > > *Subject*: Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns > > I agree that we should not try and answer all the questions but I was > under the impression that the centralized WHOIS was only targeting > .com and .net to solve the problem of having to search for the correct > registrar out of the almost 1000 possible. > > I do not agree to include all gtlds. > > *From:*rt4-whois-bounces at icann.org > > [mailto:rt4-whois-bounces at icann.org > ] *On Behalf Of *James M. Bladel > *Sent:* Wednesday, November 30, 2011 8:21 AM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] Centralized Whois Query system run by ICANN > - Scope and concerns > > No, I don't think we should attempt to answer these questions in RT4, > nor presume that we have even identified all of the dependent questions. > > I believe our recommendation should task the Board, within a > reasonable timeframe (90 days?), to request an issues report on a > Centralized WHOIS system for all gTLDs, including how it should be > operated and what measures would be adopted to protect against abuse / > privacy violations / data harvesting. > > (This will initiate a PDP which, while slower, will be a more > comprehensive approach) > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - > Scope and concerns > From: Emily Taylor > > Date: Wed, November 30, 2011 10:15 am > To: "James M. Bladel" > > Cc: Kathy Kleiman >, rt4-whois at icann.org > > > Hi James > > Thanks for raising these points. Can you suggest some language > which you think would work? Also, Kathy raised a good point about > whether this is limited to thin registries (.com, .net) or all? I > don't think we've ever discussed this. > > Kind regards > > Emily > > On 30 November 2011 16:06, James M. Bladel > wrote: > > I don't oppose this recommendation, but my issue with this is that > we are once again being too vague in what we're asking. > > ICANN: Who? Staff? The Board? The GNSO? Contracted 3rd party? > > Set up: How? By launching a PDP? Sending out an RFP? > > Deadline? > > Are we confident that this group has considered all of the > consequences to privacy, security, access, SLAs, etc.? (Reasons > why a PDP can be more helpful for things like this...) > > Thanks-- > > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] Centralized Whois Query system run by > ICANN - > Scope and concerns > From: Kathy Kleiman > > Date: Wed, November 30, 2011 9:56 am > To: rt4-whois at icann.org > > > > All, > Is this the current version of the Lutz proposal now in > circulation? I > thought it applied only to a centralized database of the > current "thin > registries," namely .COM and .NET. If so, I can see the > advantages and > support sending it out as a recommendation in the draft report. > > But if this is a single database of all registries, thick and > thin, now > and in the future, I think we creating a database problem. > It's an > enormous amount of data and creates a focal point for abuse, for > warehousing, etc. It's the type of policing job that ICANN has > never had > to do, and is not operationally set up to do. > > So thought summary: If ICANN is helping remedy a bad situation by > operating a single registry for .COM and .NET to fix a historical > problem, I think I am OK for now (pending review of the draft > with > registries -- after publication is fine). One database of all > Whois > information to Rule the World, not so good. > > RECOMMENDATION EDIT: > > Detailed recommendation: > ICANN should set up a dedicated, multilingual website to allow > "unrestricted and public access to accurate and complete WHOIS > information" **FOR .COM AND .NET, THE EXISTING "THIN > REGISTRIES"** even for those people which have problems with > the plain > WHOIS protocol. > > The WHOIS information should be collected by following the > thin WHOIS > approach starting at whois.iana.org . > The service should display the > contractural relationships which are revealed by the WHOIS > referals in > a clear and understandable way. The results should be mark > clearly the > relevant information "including registrant, technical, ** > DELETE BILLING** billing, and > administrative contact" data. > > ** NOTE: Billing data, which includes credit cards Folks, is > simply not > displayed in any other Whois search results. It is only > registrant, > technical, and admin contact.** > > Best, > Kathy > > > > Proposal: > > > > Summary: > > ICANN should set up and maintain a web interface to access > > all the WHOIS services in order to ease access to the WHOIS data. > > > > Presumption: > > The AoC requires that "ICANN implement measures to maintain > timely, > > unrestricted and public access to accurate and complete WHOIS > information, > > including registrant, technical, billing, and administrative > contact > > information." > > > > Observation: > > An User Insight Report came up with the following results: > > + Almost nobody is aware of whois > > + Almost nobody is able to query a whois server correctly > > + Whois queries were done on websites which occur first in > the search > > engine results. Usually those pages are overloaded with > advertisments. > > > > Detailed recommendation: > > ICANN should set up a dedicated, multilingual website to allow > > "unrestricted and public access to accurate and complete WHOIS > > information" even for those people which have problems with > the plain > > WHOIS protocol. > > > > The WHOIS information should be collected by following the > thin WHOIS > > approach starting at whois.iana.org . > The service should display the > > contractural relationships which are revealed by the WHOIS > referals in > > a clear and understandable way. The results should be mark > clearly the > > relevant information "including registrant, technical, > billing, and > > administrative contact" data. > > > > The server needs to be run by ICANN itself, because the "timely, > > unrestricted and public access" is usually rate limited, > stripped or even > > blocked by the various WHOIS server administrators for > uncontractual > > third party access. ICANN itself is the only party having the > power to > > overcome those limits using its contratual compliance. > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: > +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in > England and Wales No. 730471. VAT No. 114487713. > > > *-------------------------------------------------------------------------------* > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and > destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com . > > *-------------------------------------------------------------------------------* > > > > > -- > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in England > and Wales No. 730471. VAT No. 114487713. > > > *-------------------------------------------------------------------------------* > NOTICE: This email message is for the sole use of the intended > recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and > destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > *-------------------------------------------------------------------------------* > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/a5b5b89f/attachment.html From bill.smith at paypal-inc.com Wed Nov 30 21:57:07 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 14:57:07 -0700 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642265@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642265@EMB01.dept.gov.au> Message-ID: <81E8CE10-60A2-44E5-8ED7-039E779E7003@paypal.com> +1 Who benefits from the limitation to just .com &.net? On Nov 30, 2011, at 1:25 PM, "Nettlefold, Peter" > wrote: Classification: UNCLASSIFIED Hi all, I'm not going to oppose this, as its an important step in the right direction. That said, I don't understand why it can't be for all gTLDs. Its just a search portal, isn't it? Why would it be a problem for this to be compehensive? Wouldn't a comprehensive portal be better for consumers, not only for ease of access to data, but if compehensive it would gain a reputation as a one-stop-shop and help to address the lack of awareness issue? Am I missing something here? Cheers, Peter From: lynn at goodsecurityconsulting.com [mailto:lynn at goodsecurityconsulting.com] Sent: Thursday, December 01, 2011 08:18 AM To: Kathy Kleiman > Cc: rt4-whois at icann.org >; Yakushev Mikhail > Subject: Re: [Rt4-whois] Updated Recommendation 14 - Centralized Database excellent! -like it -------- Original Message -------- Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database From: Kathy Kleiman > Date: Wed, November 30, 2011 4:15 pm To: "rt4-whois at icann.org" >, Omar Kaminski >, Yakushev Mikhail > Hi All, Tx for the many comments about the "centralized database" recommendation (now #14). I have worked with Michael and Omar on it, and would like to propose the following, narrower, recommendation: ===> Rec 14: To improve access to the WHOIS data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick Whois data for them. Here's the original text. ===> 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Best, Kathy -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 21:56:38 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 08:56:38 +1100 Subject: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642267@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi Susan and all, Thanks again for all your hard work on this. As you know, one of my main concerns with proxies is to have a clear chain of responsibilities. To me, ambiguity about this is a major contributor to the current problems. Having just read the latest recommendations document, it places your proposal as a supplement to the Dakar proposal, and this got me thinking. My question is: is the intent of your proposal that the agent assumes all rights and responsibilities in all cases (as we discussed in Dakar), AND in cases where the agent is within the current contractual net, they ALSO assume additional responsibilities relating to revealing any other relationships they have entered into. I assume the intent is that these additional responsibilities do not undermine or confuse the clear chain we were hoping to achieve in the Dakar proposal? Is this correct, or am I stretching this too far? If it is correct, can any of our lawyers or others advise whether this sort of thing is possible - ie could we achieve both goals? Cheers, Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:58 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc HI Emily, James and I had a quick phone call to discuss the proxy recommendation. He made a great point that we should include in the recommendation reviewing the existing proxy practices so I have added the following point. 1) Review existing practices by reaching out to proxy providers and foster a discussion to develop, clarify and enhance the current processes Please see the whole recommendation incorporated in the attached document. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/fc55ac38/attachment.html From seth.reiss at lex-ip.com Wed Nov 30 22:03:53 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 12:03:53 -1000 Subject: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642267@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642267@EMB01.dept.gov.au> Message-ID: <01c201ccafab$f3d012f0$db7038d0$@reiss@lex-ip.com> Not sure, can someone direct me to the current proposal? From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Nettlefold, Peter Sent: Wednesday, November 30, 2011 11:57 AM To: 'susank at fb.com'; 'rt4-whois at icann.org' Subject: Re: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc [SEC=UNCLASSIFIED] Classification: UNCLASSIFIED Hi Susan and all, Thanks again for all your hard work on this. As you know, one of my main concerns with proxies is to have a clear chain of responsibilities. To me, ambiguity about this is a major contributor to the current problems. Having just read the latest recommendations document, it places your proposal as a supplement to the Dakar proposal, and this got me thinking. My question is: is the intent of your proposal that the agent assumes all rights and responsibilities in all cases (as we discussed in Dakar), AND in cases where the agent is within the current contractual net, they ALSO assume additional responsibilities relating to revealing any other relationships they have entered into. I assume the intent is that these additional responsibilities do not undermine or confuse the clear chain we were hoping to achieve in the Dakar proposal? Is this correct, or am I stretching this too far? If it is correct, can any of our lawyers or others advise whether this sort of thing is possible - ie could we achieve both goals? Cheers, Peter From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 03:58 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Recommendations - SOURCE EXPLANATION (2).doc HI Emily, James and I had a quick phone call to discuss the proxy recommendation. He made a great point that we should include in the recommendation reviewing the existing proxy practices so I have added the following point. 1) Review existing practices by reaching out to proxy providers and foster a discussion to develop, clarify and enhance the current processes Please see the whole recommendation incorporated in the attached document. Susan ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/b9b46b72/attachment.html From lynn at goodsecurityconsulting.com Wed Nov 30 22:11:47 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Wed, 30 Nov 2011 22:11:47 +0000 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> <4ed6a52e.0baf650a.1671.ffffb36fSMTPIN_ADDED@mx.google.com> Message-ID: <945844123-1322691099-cardhu_decombobulator_blackberry.rim.net-84635449-@b28.c9.bise6.blackberry> The purpose of a single portal would be ease of access. That goes away with multiple ways of accessing Whois. I did not feel this was aimed at any particular gTLD. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Wed, 30 Nov 2011 21:53:37 To: Seth M Reiss Cc: Subject: Re: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From lutz at iks-jena.de Wed Nov 30 22:16:53 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Wed, 30 Nov 2011 23:16:53 +0100 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: <20111130221653.GB8383@belenus.iks-jena.de> On Thu, Dec 01, 2011 at 08:11:54AM +1100, Nettlefold, Peter wrote: > I've missed a lot of discussion on this overnight my time, so I > apologise if I've missed something that answers my question. So do I. I'm still confused about the current state. Mea culpa. > I had understood that we would recommend that ICANN create a smart > web portal for consumers that would effectively do a WHOIS search > for them. As I understood it, ICANN would not need to make its own > database, thereby avoiding some of the data protection issues, and > instead purely focus on the user experience. Exactly that's the proposal. I tried to clarify it last week during the telco. > If so, does this address the concerns about scope - ie why wouldn't ICANN > provide a comprehensive search tool for all gTLDs? All of them: Domains, IP addresses, AS numbers. ICANN is the political root. IANA maintains the primary allocations. So a "central WHOIS search tool" should include all of them. From lutz at iks-jena.de Wed Nov 30 22:18:41 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Wed, 30 Nov 2011 23:18:41 +0100 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <019801ccafaa$156f2b50$404d81f0$@reiss@lex-ip.com> References: <636771A7F4383E408C57A0240B5F8D4A333D642266@EMB01.dept.gov.au> <019801ccafaa$156f2b50$404d81f0$@reiss@lex-ip.com> Message-ID: <20111130221841.GC8383@belenus.iks-jena.de> On Wed, Nov 30, 2011 at 11:50:30AM -1000, Seth M Reiss wrote: > If we cannot get a consensus for applying the smart portal ideas for all registries, then how about stating that it should be implemented for at least the .com and .net registry with the view of extending it to other existing and future registries as appropriate. There is no problem with COM/NET. There is a problem with accessing ANY WHOIS database. From kathy at kathykleiman.com Wed Nov 30 22:23:47 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 17:23:47 -0500 Subject: [Rt4-whois] streamlined proxy recommendation language Message-ID: <4ED6ACF3.7070808@kathykleiman.com> Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: *Data Access- Proxy Service * 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - _*Proxy Service*_**-- a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. /[KK: is this the definition we are //using//in other places in the Report?]/ /- /_*Affiliated Registrar *__- _another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - *Affiliate retail proxy service provider *-- entity operating under a common controlling interest of a registrar. - *Retail proxy service provider *- proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - _*Limited proxy service provider *_- proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/60dc80e2/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: aligning proxy and privacy v.2.doc Type: application/octet-stream Size: 34816 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/60dc80e2/aligningproxyandprivacyv.2.doc From lutz at iks-jena.de Wed Nov 30 22:25:23 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Wed, 30 Nov 2011 23:25:23 +0100 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <4ED69CE9.7030709@kathykleiman.com> References: <4ED69CE9.7030709@kathykleiman.com> Message-ID: <20111130222523.GD8383@belenus.iks-jena.de> On Wed, Nov 30, 2011 at 04:15:21PM -0500, Kathy Kleiman wrote: > Tx for the many comments about the "centralized database" recommendation > (now #14). I have worked with Michael and Omar on it, and would like to > propose the following, narrower, recommendation: > > ===> Rec 14: To improve access to the WHOIS data of .COM and .NET > gTLDs, the only remaining Thin Registries, ICANN should set up a > dedicated, multilingual interface website to provide thick Whois data > for them. > > Here's the original text. > > ===> 14. To make WHOIS data more accessible for consumers, ICANN should set > up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. I oppose both texts. I really want to see an dependable tool run by the only instance which has the power to guarantee the AoC requirments when accessing other parties WHOIS services. So the text should be: To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information" by querying the appropriate servers, not copying the database. From omar at kaminski.adv.br Wed Nov 30 22:55:59 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 20:55:59 -0200 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <20111130222523.GD8383@belenus.iks-jena.de> References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> Message-ID: Dear Lutz, I agree with you from the users' pow, but how to make the access "unrestricted and public" with proxy servers that have a restrictive access by its own purposes, even for privacy reasons? Omar 2011/11/30 Lutz Donnerhacke : > On Wed, Nov 30, 2011 at 04:15:21PM -0500, Kathy Kleiman wrote: >> Tx for the many comments about the "centralized database" recommendation >> (now #14). ?I have worked with Michael and Omar on it, and would like to >> propose the following, narrower, recommendation: >> >> ===> ?Rec 14: ?To improve access to the WHOIS data of .COM and .NET >> gTLDs, the only remaining Thin Registries, ICANN should set up a >> dedicated, multilingual interface website to provide thick Whois data >> for them. >> >> Here's the original text. >> >> ===> ?14. To make WHOIS data more accessible for consumers, ICANN should set >> up a dedicated, multilingual interface website to allow ?"unrestricted and public access to accurate and complete WHOIS information". ?Such interface should provide thick WHOIS data for all gTLD domain names. > > I oppose both texts. I really want to see an dependable tool run by the only > instance which has the power to guarantee the AoC requirments when accessing > other parties WHOIS services. > > So the text should be: > ?To make WHOIS data more accessible for consumers, ICANN should set > ?up a dedicated, multilingual interface website to allow ?"unrestricted > ?and public access to accurate and complete WHOIS information" by querying > ?the appropriate servers, not copying the database. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From Peter.Nettlefold at dbcde.gov.au Wed Nov 30 22:54:55 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 09:54:55 +1100 Subject: [Rt4-whois] Fw: Recommendations - updated language SOURCED [SEC=UNCLASSIFIED] Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642268@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi all, In answer to Seth's question on the proxy recommendations, I don't seem to be able to forward the document I was looking at to you, but it was attached to this email that Emily sent. I hope this helps. You'll see that it first has our recommendation from Dakar, and then leads to Susan et al's proposal with the lead in of 'further, ...' which was the trigger for me thinking about potentially meeting both goals. While on the recommendations, I wanted to pass my apologies to James. I understand that the privacy changes I mentioned yesterday were put forward by James. I did have trouble opening James' attachments to the list, but should have looked into that further - so sorry about that. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, December 01, 2011 03:17 AM To: Susan Kawaguchi Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] Recommendations - updated language SOURCED Many thanks Susan. If you could get the new language out to the list by the top of the hour (ie 40 minutes or so) that would be great. Please use this version of the document. On 30 November 2011 15:35, Susan Kawaguchi > wrote: Hi Emily I have reviewed the recommendations document and I think once Lutz' recommendation is included we have captures everything. On the proxy proposal James had suggested less detail on what the best practices would be. I can agree with that. I am currently on my way into the office and can send proposed language at that time. I have not reviewed the full report after the revisions last night and would like the opportunity to do so What is the current cut off time? Susan Sent from my iPhone On Nov 30, 2011, at 6:54 AM, "Emily Taylor" > wrote: Dang! This document is supposed to contain all of our recommendations. Thanks Lynn, good catch. I was intending to put it in and forgot AGAIN. Trying not to introduce additional language at this late stage Lynn. Did we already agree a consumer awareness programme recommendation? I can't find it, but happy to be corrected. I will re-issue this document with Lutz's draft - Lutz, OK if I tweak some of the language? On 30 November 2011 14:51, <lynn at goodsecurityconsulting.com> wrote: I made a quick read Emily and have no objections to these recommendations. Are these just the recommendations with some remaining contention amongst the team members? I was looking for Lutz's recommendation on a centralized interface for ease of fnding WHOIS data. Also want to make sure we recommend that ICANN develop and execute an ongoing consumer awareness program. I will be happy to draft that recommendation. Lynn -------- Original Message -------- Subject: [Rt4-whois] Recommendations - updated language SOURCED From: Emily Taylor <emily at emilytaylor.eu> Date: Wed, November 30, 2011 9:14 am To: rt4-whois at icann.org Hi all Following the queries on the list overnight, I have tried as best I can to piece together the language of the recommendations.The documents I checked against were https://community.icann.org/download/attachments/21135832/Findings+-+conclusions+-+definitions.docx?version=1&modificationDate=1319625303000 (Draft Recommendations discussed in Dakar), and this https://community.icann.org/download/attachments/21135832/Current+WRT+Recommendations+-+v1+-+Nov+21.doc?version=1&modificationDate=1321978947000 (The first consolidated draft of what was agreed in Dakar, and MdR). However, like others, I have found it confusing to understand from the multiple drafts posted on the private WIKI, but I do think the draft of 21 November (second link above) is a fair representation of what we as a team negotiated and agreed. I have gone back to text that we agreed in MdR and Dakar, and tried only to add text in the following circumstances: - Where the sense was unclear, or we were tasking the wrong people - Where the text has evolved through consent of the team since Dakar (IDNs and Proxies) - Where the text has come from another, stable source (compliance recommendation on WDRP). There, as the author and having received a comment from James on the correct parties to task, I have cleaned up the language. I hope I have done a fair job on this. I have noted one place (privacy recs.) where there is contested language. My proposal - sorry James - is that we revert to our agreed text from Dakar on this. If I have made mistakes on the source language, I apologise, this is not intentional and I am happy to be corrected. Please carefully consider these recommendations. They can be improved, the language could be better, clearer, but they are what we agreed. Please let me have any show stoppers by 1600 UTC. Kind regards Emily -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/b03030b1/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Recommendations - SOURCE EXPLANATION.doc Type: application/msword Size: 75264 bytes Desc: Recommendations - SOURCE EXPLANATION.doc Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/b03030b1/Recommendations-SOURCEEXPLANATION.doc -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt Url: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/b03030b1/ATT00001.txt From bill.smith at paypal-inc.com Wed Nov 30 23:02:35 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 16:02:35 -0700 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <20111130221653.GB8383@belenus.iks-jena.de> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> <20111130221653.GB8383@belenus.iks-jena.de> Message-ID: This was my understanding as well. (It can also be done *without* the consent of any of the registries. It's just more difficult and likely to be more errorprone.) On Nov 30, 2011, at 2:18 PM, "Lutz Donnerhacke" wrote: > On Thu, Dec 01, 2011 at 08:11:54AM +1100, Nettlefold, Peter wrote: >> I've missed a lot of discussion on this overnight my time, so I >> apologise if I've missed something that answers my question. > > So do I. I'm still confused about the current state. > Mea culpa. > >> I had understood that we would recommend that ICANN create a smart >> web portal for consumers that would effectively do a WHOIS search >> for them. As I understood it, ICANN would not need to make its own >> database, thereby avoiding some of the data protection issues, and >> instead purely focus on the user experience. > > Exactly that's the proposal. I tried to clarify it last week during the telco. > >> If so, does this address the concerns about scope - ie why wouldn't ICANN >> provide a comprehensive search tool for all gTLDs? > > All of them: Domains, IP addresses, AS numbers. > ICANN is the political root. IANA maintains the primary allocations. > So a "central WHOIS search tool" should include all of them. > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Wed Nov 30 23:05:53 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 16:05:53 -0700 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> Message-ID: <13BB755D-48DA-4124-B0CE-24676F4666C5@paypal.com> This wouldn't solve the proxy problem. It provides a single point of *access* to WHOIS data. What is returned, is whatever resides in "the registry of record". If a privacy or proxy services has been used, they will have inserted some of their own data into that registry. The "grand unified WHOIS service" simply returns that. On Nov 30, 2011, at 2:57 PM, "Omar Kaminski" wrote: > Dear Lutz, > > I agree with you from the users' pow, but how to make the access > "unrestricted and public" with proxy servers that have a restrictive > access by its own purposes, even for privacy reasons? > > Omar > > > > 2011/11/30 Lutz Donnerhacke : >> On Wed, Nov 30, 2011 at 04:15:21PM -0500, Kathy Kleiman wrote: >>> Tx for the many comments about the "centralized database" recommendation >>> (now #14). I have worked with Michael and Omar on it, and would like to >>> propose the following, narrower, recommendation: >>> >>> ===> Rec 14: To improve access to the WHOIS data of .COM and .NET >>> gTLDs, the only remaining Thin Registries, ICANN should set up a >>> dedicated, multilingual interface website to provide thick Whois data >>> for them. >>> >>> Here's the original text. >>> >>> ===> 14. To make WHOIS data more accessible for consumers, ICANN should set >>> up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. >> >> I oppose both texts. I really want to see an dependable tool run by the only >> instance which has the power to guarantee the AoC requirments when accessing >> other parties WHOIS services. >> >> So the text should be: >> To make WHOIS data more accessible for consumers, ICANN should set >> up a dedicated, multilingual interface website to allow "unrestricted >> and public access to accurate and complete WHOIS information" by querying >> the appropriate servers, not copying the database. >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From seth.reiss at lex-ip.com Wed Nov 30 23:08:31 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 13:08:31 -1000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <4ED6ACF3.7070808@kathykleiman.com> References: <4ED6ACF3.7070808@kathykleiman.com> Message-ID: <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/6b4f9037/attachment.html From kathy at kathykleiman.com Wed Nov 30 23:14:47 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 18:14:47 -0500 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> Message-ID: <4ED6B8E7.4040609@kathykleiman.com> Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : > > Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. > > To respond to Peter's question about what would be legally > enforceable, I think if you look at bullet number 6, if this bullet > was implemented in a very clear and unambiguous way, by itself and > without some of the other material being proposal, then I think there > would be reasonable expectation that national courts would hold the > registrant proxy service fully responsible for harm caused by a > website hosted at the domain name at issue. In other words, the Ninth > Circuit decision that Susan highlighted would have been decided > differently. > > Once you introduce definitions concerning affiliates, retail services > and different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type > relationships, it will appear to the court that you do not really mean > what you saying in bullet number 6. This will confuse the courts (and > the public) and the registrant proxy services is more likely to be > able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable > for the use of the domain name but can shield that liability by > adopted and fully complying the a specific set of reveal and relay > processes etc. I voluntary set of best practices would not do this, > but a mandatory set of provisions to qualify a proxy service for a > "safe harbor" would. Such a safe hard model would in my view be more > difficult to implement and is likely to give rise to a certain amount > of uncertainty and inconsistent outcomes even if prudently > implemented. But this also assumes that we need to have a proxy > service in which proxies may shield themselves from liability. In all > our discussions, I have still not heard a persuasive argument why a > proxy service industry that can shield itself from liability is > necessary or good or appropriate. > > Seth > > *From:*rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] *On Behalf Of *Kathy Kleiman > *Sent:* Wednesday, November 30, 2011 12:24 PM > *To:* rt4-whois at icann.org > *Subject:* [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, > more, on streamlining the Proxy recommendations to look, sound and > flow like the Privacy recommendations. Of course, proxy is voluntary, > and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to > Alice for inclusion. Note: the definitions went into a footnote which > should be easy to see as it will be quite extensive. > > here's the text: > > *Data Access- Proxy Service * > > 1.ICANN should facilitate the review of existing practices by reaching > out to proxy providers to create a discussion which sets out current > processes followed by proxy service providers. > > 2.Registrars should be required to disclosure their relationship with > any Affiliated Retail proxy service provider to ICANN. > > 3.ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. > At a minimum this would include privacy, law enforcement and the > industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and > relaying information > > + Standardization of reveal and relay processes and timeframes, > consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy > service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with > the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and > the agent alone obtains all rights and assumes all responsibility for > the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working > definitions of proxy service and different types of proxy service > providers: > > - *_Proxy Service_ *-- a relationship in which the registrant is > acting on behalf of another The WHOIS data is that of the agent and > the agent alone obtains all rights and assumes all responsibility for > the domain name and its manner of use. /[KK: is this the definition we > are using in other places in the Report?]/ > > /- /*_Affiliated Registrar _*_- _another ICANN accredited registrar > that operates under a common controlling interest (2009 Registrar > Accreditation Agreement, Section 1.20) > > - *Affiliate retail proxy service provider *-- entity operating under > a common controlling interest of a registrar. > > - *Retail proxy service provider *- proxy service with little or no > knowledge of the entity or individual requesting the service beyond > their ability to pay and their agreement to the general terms and > conditions. > > - *_Limited proxy service provider _*- proxy service for an entity or > individual in which there is an ongoing business relationship bound by > a contract that is specific to the relationship. > > > > --- end > same text attached > Kathy > > -- > > -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/4b245c89/attachment.html From lutz at iks-jena.de Wed Nov 30 23:22:41 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Thu, 1 Dec 2011 00:22:41 +0100 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> Message-ID: <20111130232241.GA10339@belenus.iks-jena.de> On Wed, Nov 30, 2011 at 08:55:59PM -0200, Omar Kaminski wrote: > I agree with you from the users' pow, but how to make the access > "unrestricted and public" with proxy servers that have a restrictive > access by its own purposes, even for privacy reasons? That's one of the problems with the AoC. We are not allowed to discuss the AoC, but have to take it a the guide to the expected future. By interpeting the Consumer Inside Study a centralized "web search of Whois" seems to be the natural solution, because almost all private run services of this kind hide the results between advertisments (and confusing the reader), proclaming arbitary restrictions to the data access, suffer from such restrictions by the WHOIS server operators, or illegaly copy the data into their repository. OTOH such a "web search" operated by ICANN has to opportunity to deal correctly with the data (in terms of the existing policies and local laws), is multilingual in the correct(TM) way, and can fullfil the AoC requirements. The last point is simple, because ICANN (as the operator) is bound to the AoC, and ICANN (as the operator) has contractual relationships with the WHOIS server operators. If ICANN feels, that it can't run such a service as required by the AoC, ICANN is the only institution which has the power to *change* those requirements. And all of those things comes for free (no policy involved, updated, required). From omar at kaminski.adv.br Wed Nov 30 23:23:32 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Wed, 30 Nov 2011 21:23:32 -0200 Subject: [Rt4-whois] Centralized Whois Query system run by ICANN - Scope and concerns [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642262@EMB01.dept.gov.au> Message-ID: Seems a good idea anyway, Peter. Although could or should be consider "a right" to find the owner of this domain, and I'm not sure how deep we should dig about databases ownership. Several agreements and contratcs mantain a thick model, and once done the security of partial databases is by the providers'. Access x security dilemma. In other hand if I'm not wrong nowadays just COM and NET do mantain the thin model and would be easier to use as model for our purposes. Omar 2011/11/30 Nettlefold, Peter > Classification: UNCLASSIFIED > > (...) If so, does this address the concerns about scope - ie why wouldn't > ICANN provide a comprehensive search tool for all gTLDs? > > Please let me know if I've got this wrong. > > Cheers > > Peter > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/56b183b8/attachment.html From lutz at iks-jena.de Wed Nov 30 23:28:18 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Thu, 1 Dec 2011 00:28:18 +0100 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <13BB755D-48DA-4124-B0CE-24676F4666C5@paypal.com> References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> <13BB755D-48DA-4124-B0CE-24676F4666C5@paypal.com> Message-ID: <20111130232818.GB10339@belenus.iks-jena.de> On Wed, Nov 30, 2011 at 04:05:53PM -0700, Smith, Bill wrote: > This wouldn't solve the proxy problem. It provides a single > point of *access* to WHOIS data. What is returned, is whatever > resides in "the registry of record". If a privacy or proxy services > has been used, they will have inserted some of their own data into > that registry. The "grand unified WHOIS service" simply returns that. There is no technical solution for social problems. By our (RT4) understanding of proxy services, the proxy is a full replacement for the registrant, so - in terms of the ICANN policies - the proxy *is* the registrant. Therefore the result from the WHOIS is correct. By our (RT4) understanding of privacy services, the operator does provider a level of indirection between the WHOIS output and the final registrant. If there will be an approbriate policy for privacy services sometimes in the future, the result from the WHOIS is correct. There are recommendations which deals with those problems. The WHOIS results itself are unaffected by those recommendations. From susank at fb.com Wed Nov 30 23:28:57 2011 From: susank at fb.com (Susan Kawaguchi) Date: Wed, 30 Nov 2011 23:28:57 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <4ED6B8E7.4040609@kathykleiman.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> Message-ID: HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/47f12b4e/attachment.html From alice.jansen at icann.org Wed Nov 30 23:46:48 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Wed, 30 Nov 2011 15:46:48 -0800 Subject: [Rt4-whois] Master document v1.2 Message-ID: Dear Review Team Members, My sincerest apologies for the confusion earlier today? Attached you will find the latest version of the master document. Also available on the wiki: https://community.icann.org/display/whoisreviewprivate/Draft+report Please read the report very carefully, in particular the last three chapters which are "fairly new". Your feedback, final language and edits are more than welcome! For your convenience, I have enclosed the table of contents (see below). Any major amendments should be emailed to the list for Review Team discussion. Typos and minor edits on the hand, should be emailed to me. Please do not hesitate to contact me should you have questions or concerns. Many thanks in advance. Kind regards Very best regards Alice Table of Contents Chapter 1: Executive Summary 10 Chapter 2: The WHOIS Review Team, Scope of Work & Key Definitions 12 Chapter 3: The Complex History of WHOIS Policy17 Chapter 4: An Evaluation of ICANN?s Efforts to Monitor and Enforce its Policies ?Compliance Efforts?32 Chapter 5: Internationalization Registrant Data and the Difficult Problem of WHOIS Translation36 Chapter 6: Understanding the Needs of Stakeholders41 Chapter 7: Gap Analysis72 Chapter 8: Recommendations78 -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/3bce8f6d/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Master document - V1.2 - A.J.docx Type: application/x-msword Size: 319764 bytes Desc: Master document - V1.2 - A.J.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/3bce8f6d/Masterdocument-V1.2-A.J.docx From seth.reiss at lex-ip.com Thu Dec 1 00:02:42 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 14:02:42 -1000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> Message-ID: <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/9fe35756/attachment.html From susank at fb.com Thu Dec 1 00:05:55 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 00:05:55 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> Message-ID: I guess the key to me in clarifying the role of a proxy provider and liability as a registrant is where and what contract would we clarify and what mechanism do we have to hold them liable? From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 4:03 PM To: Susan Kawaguchi; 'Kathy Kleiman' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/38e8595b/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 00:03:33 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 17:03:33 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> Message-ID: <6B3F619F-FA7F-4B44-A574-123965CD45CC@paypal.com> Well-said Seth. To the list... I don't believe that a liability-shielding proxy system is in the public interest. It is certainly in the interest of the service provider but I see no benefit to the licensee or to the public. The proxy, sitting as it does between the licensee and those referencing the Domain Name (the public), chooses how and/or when to pass information. Presumably these determinations are made according to some agreement between the proxy and licensee. ICANN has no and should not have any interest in the terms on these agreements. It, and the public, are not a party to them. ICANN does have a direct contractual relationship with Registrars and Registries and indirectly, through Registrars to Registrants; by specifying terms that must appear in any Registrant agreement. It is through these contracts that ICANN can and does control the entries in the Domain Name System and it is through these contracts that ICANN could influence the behavior of proxy services, even without specifically mentioning them. If we stick to the model we labored over in Dakar, Registrants are Registrants. Registrants may choose to shield certain bits of PII through a privacy service. This information can be revealed where and when appropriate (I don't recall the specific language we adopted.) Privacy services might need to be recognized or certified. SLAs can be inserted into Registrant (and other) agreements indicating acceptable response times to certain specific requests. Failure to honor the SLAs results in consequences of increasing severity up to and including *mandatory* revocation (or decertification). Proxies then become Registrants and have all the rights and responsibilities of a Registrant. Should a proxy wish to limit its liability, it does so by separate contract with its licensees. Failure by a proxy, or a licensee through a proxy, to honor the SLAs of the Registrant agreement results in the "standard" consequences, including mandatory revocation of the registered name. This is a system that would work, would avoid the pitfalls of the current ad hoc mechanisms, and would provide less maneuvering room for legal opinion. Liability would flow according to contract rather than to the least contractually protected entities, registrants and the public, as is current practice. On Nov 30, 2011, at 3:09 PM, "Seth M Reiss" > wrote: Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter?s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a ?safe harbor? would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 00:20:04 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 17:20:04 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> Message-ID: See below: On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it?s an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. I would like to find a middle ground. I am not one for asking people to think differently. I just don?t see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter?s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a ?safe harbor? would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 00:24:20 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 17:24:20 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> Message-ID: <074CC5CC-E7B3-407F-A8EB-B66279BFCB47@paypal.com> See my message re liability. Proxy services, whether operated by Registrars, Registries, or Affiliates, would be the a registrant of record. Inserting mandatory SLAs into the several agreements puts teeth into contractual compliance and forces action when appropriate. Liability will flow however the courts decide. Getting out of the way of that flow and those decisions is something ICANN should have an interest in (as should we). On Nov 30, 2011, at 4:06 PM, "Susan Kawaguchi" > wrote: I guess the key to me in clarifying the role of a proxy provider and liability as a registrant is where and what contract would we clarify and what mechanism do we have to hold them liable? From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Wednesday, November 30, 2011 4:03 PM To: Susan Kawaguchi; 'Kathy Kleiman' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it?s an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. I would like to find a middle ground. I am not one for asking people to think differently. I just don?t see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter?s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a ?safe harbor? would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 00:32:15 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 17:32:15 -0700 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <20111130232241.GA10339@belenus.iks-jena.de> References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> <20111130232241.GA10339@belenus.iks-jena.de> Message-ID: <942A1F28-195E-484C-9EC0-57FFA864D733@paypal.com> I'm very much in favor of this recommendation. It puts ICANN in a position where it can succeed or fail to live up to its commitment to provide timely, public access to accurate WHOIS information. On Nov 30, 2011, at 3:24 PM, "Lutz Donnerhacke" wrote: > On Wed, Nov 30, 2011 at 08:55:59PM -0200, Omar Kaminski wrote: >> I agree with you from the users' pow, but how to make the access >> "unrestricted and public" with proxy servers that have a restrictive >> access by its own purposes, even for privacy reasons? > > That's one of the problems with the AoC. We are not allowed to discuss the > AoC, but have to take it a the guide to the expected future. > > By interpeting the Consumer Inside Study a centralized "web search of Whois" > seems to be the natural solution, because almost all private run services of > this kind hide the results between advertisments (and confusing the reader), > proclaming arbitary restrictions to the data access, suffer from such > restrictions by the WHOIS server operators, or illegaly copy the data into > their repository. > > OTOH such a "web search" operated by ICANN has to opportunity to deal > correctly with the data (in terms of the existing policies and local laws), > is multilingual in the correct(TM) way, and can fullfil the AoC > requirements. The last point is simple, because ICANN (as the operator) is > bound to the AoC, and ICANN (as the operator) has contractual relationships > with the WHOIS server operators. > > If ICANN feels, that it can't run such a service as required by the AoC, > ICANN is the only institution which has the power to *change* those > requirements. > > And all of those things comes for free (no policy involved, updated, required). > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Thu Dec 1 00:38:45 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 00:38:45 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> Message-ID: HI Bill, Thank you for your thoughts I think your statement below is my biggest pain point. "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:20 PM To: Seth M Reiss Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language See below: On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it?s an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. I would like to find a middle ground. I am not one for asking people to think differently. I just don?t see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter?s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a ?safe harbor? would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/fa9a56d4/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 00:47:41 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 17:47:41 -0700 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: <20111130232818.GB10339@belenus.iks-jena.de> References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> <13BB755D-48DA-4124-B0CE-24676F4666C5@paypal.com> <20111130232818.GB10339@belenus.iks-jena.de> Message-ID: We're in agreement. On Nov 30, 2011, at 3:28 PM, Lutz Donnerhacke wrote: > On Wed, Nov 30, 2011 at 04:05:53PM -0700, Smith, Bill wrote: >> This wouldn't solve the proxy problem. It provides a single >> point of *access* to WHOIS data. What is returned, is whatever >> resides in "the registry of record". If a privacy or proxy services >> has been used, they will have inserted some of their own data into >> that registry. The "grand unified WHOIS service" simply returns that. > > There is no technical solution for social problems. > > By our (RT4) understanding of proxy services, the proxy is a full > replacement for the registrant, so - in terms of the ICANN policies - the > proxy *is* the registrant. Therefore the result from the WHOIS is correct. > > By our (RT4) understanding of privacy services, the operator does provider a > level of indirection between the WHOIS output and the final registrant. If > there will be an approbriate policy for privacy services sometimes in the > future, the result from the WHOIS is correct. > > There are recommendations which deals with those problems. The WHOIS results > itself are unaffected by those recommendations. From lynn at goodsecurityconsulting.com Thu Dec 1 00:57:52 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Thu, 1 Dec 2011 00:57:52 +0000 Subject: [Rt4-whois] Updated Recommendation 14 - Centralized Database In-Reply-To: References: <4ED69CE9.7030709@kathykleiman.com> <20111130222523.GD8383@belenus.iks-jena.de> <13BB755D-48DA-4124-B0CE-24676F4666C5@paypal.com> <20111130232818.GB10339@belenus.iks-jena.de> Message-ID: <1787706101-1322701065-cardhu_decombobulator_blackberry.rim.net-426224728-@b28.c9.bise6.blackberry> Thank you Lutz! Sent via BlackBerry by AT&T -----Original Message----- From: "Smith, Bill" Sender: rt4-whois-bounces at icann.org Date: Wed, 30 Nov 2011 17:47:41 To: Lutz Donnerhacke Cc: rt4-whois Subject: Re: [Rt4-whois] Updated Recommendation 14 - Centralized Database We're in agreement. On Nov 30, 2011, at 3:28 PM, Lutz Donnerhacke wrote: > On Wed, Nov 30, 2011 at 04:05:53PM -0700, Smith, Bill wrote: >> This wouldn't solve the proxy problem. It provides a single >> point of *access* to WHOIS data. What is returned, is whatever >> resides in "the registry of record". If a privacy or proxy services >> has been used, they will have inserted some of their own data into >> that registry. The "grand unified WHOIS service" simply returns that. > > There is no technical solution for social problems. > > By our (RT4) understanding of proxy services, the proxy is a full > replacement for the registrant, so - in terms of the ICANN policies - the > proxy *is* the registrant. Therefore the result from the WHOIS is correct. > > By our (RT4) understanding of privacy services, the operator does provider a > level of indirection between the WHOIS output and the final registrant. If > there will be an approbriate policy for privacy services sometimes in the > future, the result from the WHOIS is correct. > > There are recommendations which deals with those problems. The WHOIS results > itself are unaffected by those recommendations. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 01:18:49 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 18:18:49 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> Message-ID: <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> Susan, It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. I hope this makes sense. Bill On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: HI Bill, Thank you for your thoughts I think your statement below is my biggest pain point. "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:20 PM To: Seth M Reiss Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language See below: On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it?s an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. I would like to find a middle ground. I am not one for asking people to think differently. I just don?t see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter?s question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a ?safe harbor? would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Thu Dec 1 02:00:34 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Wed, 30 Nov 2011 21:00:34 -0500 Subject: [Rt4-whois] Master document v1.2 In-Reply-To: References: Message-ID: <4ED6DFC2.7040405@kathykleiman.com> Hi All, I wanted to thank Alice for a great job, and for amazing patience and perseverance. I enjoyed spending the day with everyone today, and thank you for all the discussions and edits. Good night! Kathy > Dear Review Team Members, > > My sincerest apologies for the confusion earlier today... > > Attached you will find the latest version of the master document. Also > available on the wiki: > https://community.icann.org/display/whoisreviewprivate/Draft+report > > Please read the report very carefully, in particular the last three > chapters which are "fairly new". Your feedback, final language and > edits are more than welcome! > For your convenience, I have enclosed the table of contents (see below). > > Any major amendments should be emailed to the list for Review Team > discussion. Typos and minor edits on the hand, should be emailed to me. > > Please do not hesitate to contact me should you have questions or > concerns. > > Many thanks in advance. > > Kind regards > > Very best regards > > Alice > > Table of Contents > > Chapter 1: Executive Summary10 > > Chapter 2: The WHOIS Review Team, Scope of Work & Key Definitions12 > > Chapter 3: The Complex History of WHOIS Policy17 > > Chapter 4: An Evaluation of ICANN's Efforts to Monitor and Enforce its > Policies "Compliance Efforts"32 > > Chapter 5: Internationalization Registrant Data and the Difficult > Problem of WHOIS Translation36 > > Chapter 6: Understanding the Needs of Stakeholders41 > > Chapter 7: Gap Analysis72 > > Chapter 8: Recommendations78 > > > -- > *Alice Jansen* > Assistant, Organizational Reviews > /6 Rond Point Schuman, Bt.5/ > /B-1040 Brussels/ > /Belgium/ > Direct dial: +32 2 234 78 64 > Mobile: +32 4 73 31 76 56 > Skype: alice_jansen_icann > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois + -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/859b59e7/attachment.html From seth.reiss at lex-ip.com Thu Dec 1 02:09:25 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 16:09:25 -1000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> Message-ID: <024301ccafce$4058d8b0$c10a8a10$@reiss@lex-ip.com> The way manufacturer/retailer liability works under American law is the individual harmed by a product sues the retailer, the retails impleads and sues the distributor for indemnity and defense, and the distributor impleads and sues the manufacturer for indemnity and defense. This relationship is a result of both provisions in the contracts between the manufacturer, distributor and retailer, but also from a law called the UCC and warranties that the law implies. The rules are so clear in this area that these things happen almost automatically, since there is no point in disputing them. But the court never says that the retailer is not liable simply because there are the contractual provisions that require middle men and manufacturers to indemnity and defend the retailer. Rather, the court maintains the lawsuit against the retailer and if manufacturer and/or distributor goes belly up, the retainer must make good on the claim. So retailers learn not to sell product from flaky distributors or manufactures. It might take a lawsuit or two to clarify the situation, but if a clear policy/statement is made by ICANN, and there is no other language or structure to make the waters murky, hopefully one or two lawsuits with clear and sensible results will be all it takes. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 3:19 PM To: Susan Kawaguchi Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Susan, It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. I hope this makes sense. Bill On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: HI Bill, Thank you for your thoughts I think your statement below is my biggest pain point. "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:20 PM To: Seth M Reiss Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language See below: On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Thu Dec 1 02:25:13 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 02:25:13 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> Message-ID: Hi Bill, This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. Is there a stronger recommendation that you and Seth could draft that outlines your view point? This is all that we said in the recommendations in Dakar "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" I cannot live with that what would you propose to strengthen the recommendation? At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. I am going to eat dinner and walk the dog so will be offline for an hour. Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 5:19 PM To: Susan Kawaguchi Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Susan, It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. I hope this makes sense. Bill On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: HI Bill, Thank you for your thoughts I think your statement below is my biggest pain point. "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:20 PM To: Seth M Reiss Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language See below: On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. Seth From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Wednesday, November 30, 2011 1:29 PM To: Kathy Kleiman; Seth M Reiss Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] streamlined proxy recommendation language HI Seth, I am going to respond to you out of order In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. Susan From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 3:15 PM To: Seth M Reiss Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language Great comments, Seth. I defer to Susan and James, as the experts on this material. Best, Kathy : Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. Seth From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, November 30, 2011 12:24 PM To: rt4-whois at icann.org Subject: [Rt4-whois] streamlined proxy recommendation language Hi All, I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. here's the text: Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. --- end same text attached Kathy -- -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 02:34:04 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 19:34:04 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> Message-ID: <353BBC59-7E4F-4284-B7CD-493D51A13447@paypal-inc.com> Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From seth.reiss at lex-ip.com Thu Dec 1 03:26:53 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 17:26:53 -1000 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <353BBC59-7E4F-4284-B7CD-493D51A13447@paypal-inc.com> References: <4ED6ACF3.7070808@kathykleiman.com> <01e501ccafb4$fabff540$f03fdfc0$@reiss@lex-ip.com> <4ED6B8E7.4040609@kathykleiman.com> <021301ccafbc$8cf4fd00$a6def700$@reiss@lex-ip.com> <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> <353BBC59-7E4F-4284-B7CD-493D51A13447@paypal-inc.com> Message-ID: <000b01ccafd9$12e42f50$38ac8df0$@reiss@lex-ip.com> mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From Peter.Nettlefold at dbcde.gov.au Thu Dec 1 03:33:04 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 14:33:04 +1100 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <000b01ccafd9$12e42f50$38ac8df0$@reiss@lex-ip.com> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From emily at emilytaylor.eu Thu Dec 1 04:25:27 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 04:25:27 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> Message-ID: Hi all Up way too early (couldn't sleep). Can you just bring me up to speed. Are Seth's proposals a substitute for the proxy recommendations, or additional findings? Are we ditching the voluntary practices recommendations, or are these in addition? Kind regards Emily On 1 December 2011 03:33, Nettlefold, Peter wrote: > Classification: UNCLASSIFIED > > Hi Seth, > > Thanks very much for taking the pen on this difficult issue. > > >From my perspective, this is a very good attempt to articulate findings > and recommendations, and I am happy to work with this position. > > I will wait to hear from others before diving into detail too much, to get > a sense if this is an approach we can work with. > > Thanks again. > > Peter > > ----- Original Message ----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 02:26 PM > To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > mmm, didn't really want that kind of pressure. > > Here's an attempt: > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in > which > the registrant is acting on behalf of another. The WHOIS data is that of > the > agent/proxy service and the agent/proxy service alone obtains all rights > and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > I suspect most of you are asleep by now anyway. If not, feel free to > comment or modify or supplement, or in the morning. > > Seth > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:34 PM > To: Seth M Reiss > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Seth, > > Any chance you cold take a crack at this? Your writing on the subject seems > on point and I suspect you could say it using fewer words than I. > > Bill > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > > > Hi Bill, > > > > This is a valuable (albeit frustrating) discussion and necessary to make > sure we get this right, I appreciate the argument. I think we all want the > end result but it is getting to that point that may be painful but we knew > this task could be painful when we signed on. > > > > Is there a stronger recommendation that you and Seth could draft that > outlines your view point? > > > > This is all that we said in the recommendations in Dakar > > > > "Remove proxy services from the RAA since the proxy, as an agent, is the > registrant. Expand and ? affirmative sentence" > > > > I cannot live with that what would you propose to strengthen the > recommendation? > > > > At this point, I am not willing to walk away from the best practices > recommendation but I am very willing to continue the discussion and see if > there is a way forward on a recommendation we all agree to. > > > > I am going to eat dinner and walk the dog so will be offline for an hour. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 5:19 PM > > To: Susan Kawaguchi > > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Susan, > > > > It may not seem like it but I am supportive, very supportive of your > position of to not rely on litigation to solve these types of problems. > Where we disagree is the best approach to avoid the litigation. > > > > I am not suggesting that cigarette-style litigation is the way forward. > Rather, I am concerned that proposal for retail proxy indemnification (if > I've read it right) will result in exactly that situation, some time far in > the future when society and the courts finally realize that allowing > unfettered criminal activity on the Internet is a bad idea. Retail proxies > will happily sell a service to people they don't know as long as they have > no liability. > > > > If instead of no liability, we insist that they have the liability of the > Registrant, since that's what they are, I strongly suspect that counsel for > these services will understand that they now carry at least some risk in > these transactions. Consequently, they will either recommend against them > or > insist on some mechanism to mitigate the risk, through insurance or other > mechanisms - perhaps even actually knowing something about their customers. > Any or all of these would involve higher costs hence higher prices making > these services less attractive to criminals, etc. > > > > By the addition of SLAs into contracts, and mandatory consequences, we > provide a means for ICANN to ensure that valid queries, information > requests, corrections, etc. are made in a timely manner. A registrant could > ignore a request knowing that the specific penalty for failing to comply > with such request. With mandatory revocation the consequence of last > resort, > we give the community and ICANN the ability to revoke a name (the only > thing > of value under our control). > > > > If a proxy is a party to any of these transactions, they act as the > Registrant and must respond either directly or with guidance from the > licensee per the agreement SLAs. Failure to do so results in the same > consequences. > > > > By setting SLAs and consequences appropriately, ICANN can influence the > behavior of Registrants and those that act as proxies for them. > > > > Even if we go with language you an James worked on, and I realize that > you > put in a great deal of effort on that, we'll still need something like what > I have outlined because as we discussed in Dakar, anyone can act as a proxy > for a Registrant no matter what ICANN tries to do to prevent it. If the > "best practices" ICANN develops for the retail trade prove too onerous, > proxy providers will simply step outside of the ICANN tent and provide > their > services likely failing to adhere to the best practices. > > > > I hope this makes sense. > > > > Bill > > > > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > > > HI Bill, > > > > Thank you for your thoughts I think your statement below is my biggest > pain point. > > > > "I think they are inherently contradictory. How a service is *sold* > should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability"." > > > > All of the cases you mention above relied on litigation to clarify the > existence of liability and impose that liability on the manufacturer. It > would be overwhelming and burdensome to rely on litigation to fix this > problem especially when it involves global entities as proxy service > providers. I think we have the opportunity to incentivize the registrars > to > help with the problem. > > > > If I or LE are forced to rely on litigation of any sort of court order to > get information on the licensee of a domain name to pursue a provider of > counterfeit drugs, for example, this would take years for each domain name > involved. > > > > If we take a very extreme step and recommend that proxy services are not > allowed in the gTlds (as .US has done) how would that ever be enforced? > Proxy registrations provide a vital service for many in the domain name > space. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 4:20 PM > > To: Seth M Reiss > > Cc: Susan Kawaguchi; Kathy Kleiman; > rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > See below: > > > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > seth.reiss at lex-i > p.com>> wrote: > > > > I am not advocating ignoring proxy services simply clarifying their role > and liability as registrant. I suspect we are very closely aligned > regarding outcome, just not how to reach there. > > > > I guess I'm advocating that we get as close to ignoring them as we can. > Recognizing them, even in the limited way the current RAA does gave the > Ninth Circuit everything it need to make its liability absolving decision. > > > > While the community may not be inclined to receive a proposal to "ignore > proxy services" with open arms, I hope they would consider it if we present > it as in the public interest. > > > > > > I think we disagree regarding whether we need to tolerate an industry > simply because it exists and has for a time. ICANN did not tolerate domain > name tasting, although it acted relatively quickly there and has not here. > > > > I believe it to be a dangerous proposition to say that we need to > accommodate existing practices simply because ICANN has allowed them to > exist for a period of time, although I think it's an unfortunately > circumstance. If you apply this line of reasoning broadly, you effectively > allow the industry to restrict what ICANN can and cannot do. > > > > If we make this assumption generally, our report would be very short. Yes > there are problems with WHOIS. However, it has existed in this manner for > too long and therefor it cannot be changed. > > > > > > I would like to find a middle ground. I am not one for asking people to > think differently. I just don't see how holding stating a proxy should be > held fully responsible, and then at the same time having retail proxy > services definitions and a voluntary best practices policy, will not be > viewed as inherently contradictory. > > > > I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability". > > > > Other than to satisfy, the current purveyors of these fine services, I > can't see any reason to develop a complex set of definitions and liability > flows. Together these give attorneys and courts ample room to for truck > driving. > > > > > > Seth > > > > > > From: Susan Kawaguchi [mailto:susank at fb.com] > > Sent: Wednesday, November 30, 2011 1:29 PM > > To: Kathy Kleiman; Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > > > HI Seth, > > > > I am going to respond to you out of order > > In all our discussions, I have still not heard a persuasive argument why > a > proxy service industry that can shield itself from liability is necessary > or > good or appropriate. I agree with you but it is what is. The situation > arose over 10 years ago and I do not think that advocating to do away with > proxy services is going to be well received by the ICANN community. Also > to date, there has been very few examples of a proxy service being held > liable. > > > > We need proxy services but we need responsive proxy services many of the > providers are acting responsibly it is the bad actors that I would like to > change their behavior. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > I am not sure that these definitions would be accepted outside of ICANN > and at least we would have a clearer picture of who we are dealing with. > > > > I am not convinced at all that just removing the language from the RAA > would impact the practices of the current proxy services. If you have > another argument let me know I am open to rethinking this but I am not open > to ignoring proxy service providers. > > > > Susan > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 3:15 PM > > To: Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Great comments, Seth. I defer to Susan and James, as the experts on this > material. > > Best, > > Kathy > > > > : > > Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. > > > > To respond to Peter's question about what would be legally enforceable, I > think if you look at bullet number 6, if this bullet was implemented in a > very clear and unambiguous way, by itself and without some of the other > material being proposal, then I think there would be reasonable expectation > that national courts would hold the registrant proxy service fully > responsible for harm caused by a website hosted at the domain name at > issue. > In other words, the Ninth Circuit decision that Susan highlighted would > have > been decided differently. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable for > the use of the domain name but can shield that liability by adopted and > fully complying the a specific set of reveal and relay processes etc. I > voluntary set of best practices would not do this, but a mandatory set of > provisions to qualify a proxy service for a "safe harbor" would. Such a > safe hard model would in my view be more difficult to implement and is > likely to give rise to a certain amount of uncertainty and inconsistent > outcomes even if prudently implemented. But this also assumes that we need > to have a proxy service in which proxies may shield themselves from > liability. In all our discussions, I have still not heard a persuasive > argument why a proxy service industry that can shield itself from liability > is necessary or good or appropriate. > > > > Seth > > > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 12:24 PM > > To: > rt4-whois at icann.org > > > Subject: [Rt4-whois] streamlined proxy recommendation language > > > > Hi All, > > I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, more, > on > streamlining the Proxy recommendations to look, sound and flow like the > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > requirement, but the rest is fairly close. > > > > They are below and attached. If you like them, we'll send them on to > Alice > for inclusion. Note: the definitions went into a footnote which should be > easy to see as it will be quite extensive. > > > > here's the text: > > > > Data Access- Proxy Service > > > > 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. > > > > 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. > > > > 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. > > > > Such voluntary guidelines may include: > > > > + Proxy services provide full contact details as required by the Whois > > > > + Publication by the proxy service of its process for revealing and > relaying information > > > > + Standardization of reveal and relay processes and timeframes, > consistent > with national laws > > > > + Maintenance of a dedicated abuse point of contact for the proxy service > provider > > > > + Due diligence checks on licensee contact information. > > > > 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. > > > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the > domain > name and its manner of use. > > > > Footnote 1 (all the remaining text) > > As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions > of > proxy service and different types of proxy service providers: > > > > - Proxy Service - a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. [KK: is this the definition we are using in other places > in the Report?] > > > > - Affiliated Registrar - another ICANN accredited registrar that operates > under a common controlling interest (2009 Registrar Accreditation > Agreement, > Section 1.20) > > > > - Affiliate retail proxy service provider - entity operating under a > common controlling interest of a registrar. > > > > - Retail proxy service provider - proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. > > > > - Limited proxy service provider - proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. > > > > > > --- end > > same text attached > > Kathy > > > > > > -- > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > _______________________________________________ > > Rt4-whois mailing list > > > Rt4-whois at icann.org > > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/22e7888a/attachment.html From emily at emilytaylor.eu Thu Dec 1 04:31:10 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 04:31:10 +0000 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] Message-ID: Hi I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes? On 1 December 2011 03:33, Nettlefold, Peter wrote: > Classification: UNCLASSIFIED > > Hi Seth, > > Thanks very much for taking the pen on this difficult issue. > > >From my perspective, this is a very good attempt to articulate findings > and recommendations, and I am happy to work with this position. > > I will wait to hear from others before diving into detail too much, to get > a sense if this is an approach we can work with. > > Thanks again. > > Peter > > ----- Original Message ----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 02:26 PM > To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > mmm, didn't really want that kind of pressure. > > Here's an attempt: > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in > which > the registrant is acting on behalf of another. The WHOIS data is that of > the > agent/proxy service and the agent/proxy service alone obtains all rights > and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > I suspect most of you are asleep by now anyway. If not, feel free to > comment or modify or supplement, or in the morning. > > Seth > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:34 PM > To: Seth M Reiss > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Seth, > > Any chance you cold take a crack at this? Your writing on the subject seems > on point and I suspect you could say it using fewer words than I. > > Bill > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > > > Hi Bill, > > > > This is a valuable (albeit frustrating) discussion and necessary to make > sure we get this right, I appreciate the argument. I think we all want the > end result but it is getting to that point that may be painful but we knew > this task could be painful when we signed on. > > > > Is there a stronger recommendation that you and Seth could draft that > outlines your view point? > > > > This is all that we said in the recommendations in Dakar > > > > "Remove proxy services from the RAA since the proxy, as an agent, is the > registrant. Expand and ? affirmative sentence" > > > > I cannot live with that what would you propose to strengthen the > recommendation? > > > > At this point, I am not willing to walk away from the best practices > recommendation but I am very willing to continue the discussion and see if > there is a way forward on a recommendation we all agree to. > > > > I am going to eat dinner and walk the dog so will be offline for an hour. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 5:19 PM > > To: Susan Kawaguchi > > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Susan, > > > > It may not seem like it but I am supportive, very supportive of your > position of to not rely on litigation to solve these types of problems. > Where we disagree is the best approach to avoid the litigation. > > > > I am not suggesting that cigarette-style litigation is the way forward. > Rather, I am concerned that proposal for retail proxy indemnification (if > I've read it right) will result in exactly that situation, some time far in > the future when society and the courts finally realize that allowing > unfettered criminal activity on the Internet is a bad idea. Retail proxies > will happily sell a service to people they don't know as long as they have > no liability. > > > > If instead of no liability, we insist that they have the liability of the > Registrant, since that's what they are, I strongly suspect that counsel for > these services will understand that they now carry at least some risk in > these transactions. Consequently, they will either recommend against them > or > insist on some mechanism to mitigate the risk, through insurance or other > mechanisms - perhaps even actually knowing something about their customers. > Any or all of these would involve higher costs hence higher prices making > these services less attractive to criminals, etc. > > > > By the addition of SLAs into contracts, and mandatory consequences, we > provide a means for ICANN to ensure that valid queries, information > requests, corrections, etc. are made in a timely manner. A registrant could > ignore a request knowing that the specific penalty for failing to comply > with such request. With mandatory revocation the consequence of last > resort, > we give the community and ICANN the ability to revoke a name (the only > thing > of value under our control). > > > > If a proxy is a party to any of these transactions, they act as the > Registrant and must respond either directly or with guidance from the > licensee per the agreement SLAs. Failure to do so results in the same > consequences. > > > > By setting SLAs and consequences appropriately, ICANN can influence the > behavior of Registrants and those that act as proxies for them. > > > > Even if we go with language you an James worked on, and I realize that > you > put in a great deal of effort on that, we'll still need something like what > I have outlined because as we discussed in Dakar, anyone can act as a proxy > for a Registrant no matter what ICANN tries to do to prevent it. If the > "best practices" ICANN develops for the retail trade prove too onerous, > proxy providers will simply step outside of the ICANN tent and provide > their > services likely failing to adhere to the best practices. > > > > I hope this makes sense. > > > > Bill > > > > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > > > HI Bill, > > > > Thank you for your thoughts I think your statement below is my biggest > pain point. > > > > "I think they are inherently contradictory. How a service is *sold* > should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability"." > > > > All of the cases you mention above relied on litigation to clarify the > existence of liability and impose that liability on the manufacturer. It > would be overwhelming and burdensome to rely on litigation to fix this > problem especially when it involves global entities as proxy service > providers. I think we have the opportunity to incentivize the registrars > to > help with the problem. > > > > If I or LE are forced to rely on litigation of any sort of court order to > get information on the licensee of a domain name to pursue a provider of > counterfeit drugs, for example, this would take years for each domain name > involved. > > > > If we take a very extreme step and recommend that proxy services are not > allowed in the gTlds (as .US has done) how would that ever be enforced? > Proxy registrations provide a vital service for many in the domain name > space. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 4:20 PM > > To: Seth M Reiss > > Cc: Susan Kawaguchi; Kathy Kleiman; > rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > See below: > > > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > seth.reiss at lex-i > p.com>> wrote: > > > > I am not advocating ignoring proxy services simply clarifying their role > and liability as registrant. I suspect we are very closely aligned > regarding outcome, just not how to reach there. > > > > I guess I'm advocating that we get as close to ignoring them as we can. > Recognizing them, even in the limited way the current RAA does gave the > Ninth Circuit everything it need to make its liability absolving decision. > > > > While the community may not be inclined to receive a proposal to "ignore > proxy services" with open arms, I hope they would consider it if we present > it as in the public interest. > > > > > > I think we disagree regarding whether we need to tolerate an industry > simply because it exists and has for a time. ICANN did not tolerate domain > name tasting, although it acted relatively quickly there and has not here. > > > > I believe it to be a dangerous proposition to say that we need to > accommodate existing practices simply because ICANN has allowed them to > exist for a period of time, although I think it's an unfortunately > circumstance. If you apply this line of reasoning broadly, you effectively > allow the industry to restrict what ICANN can and cannot do. > > > > If we make this assumption generally, our report would be very short. Yes > there are problems with WHOIS. However, it has existed in this manner for > too long and therefor it cannot be changed. > > > > > > I would like to find a middle ground. I am not one for asking people to > think differently. I just don't see how holding stating a proxy should be > held fully responsible, and then at the same time having retail proxy > services definitions and a voluntary best practices policy, will not be > viewed as inherently contradictory. > > > > I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability". > > > > Other than to satisfy, the current purveyors of these fine services, I > can't see any reason to develop a complex set of definitions and liability > flows. Together these give attorneys and courts ample room to for truck > driving. > > > > > > Seth > > > > > > From: Susan Kawaguchi [mailto:susank at fb.com] > > Sent: Wednesday, November 30, 2011 1:29 PM > > To: Kathy Kleiman; Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > > > HI Seth, > > > > I am going to respond to you out of order > > In all our discussions, I have still not heard a persuasive argument why > a > proxy service industry that can shield itself from liability is necessary > or > good or appropriate. I agree with you but it is what is. The situation > arose over 10 years ago and I do not think that advocating to do away with > proxy services is going to be well received by the ICANN community. Also > to date, there has been very few examples of a proxy service being held > liable. > > > > We need proxy services but we need responsive proxy services many of the > providers are acting responsibly it is the bad actors that I would like to > change their behavior. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > I am not sure that these definitions would be accepted outside of ICANN > and at least we would have a clearer picture of who we are dealing with. > > > > I am not convinced at all that just removing the language from the RAA > would impact the practices of the current proxy services. If you have > another argument let me know I am open to rethinking this but I am not open > to ignoring proxy service providers. > > > > Susan > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 3:15 PM > > To: Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Great comments, Seth. I defer to Susan and James, as the experts on this > material. > > Best, > > Kathy > > > > : > > Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. > > > > To respond to Peter's question about what would be legally enforceable, I > think if you look at bullet number 6, if this bullet was implemented in a > very clear and unambiguous way, by itself and without some of the other > material being proposal, then I think there would be reasonable expectation > that national courts would hold the registrant proxy service fully > responsible for harm caused by a website hosted at the domain name at > issue. > In other words, the Ninth Circuit decision that Susan highlighted would > have > been decided differently. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable for > the use of the domain name but can shield that liability by adopted and > fully complying the a specific set of reveal and relay processes etc. I > voluntary set of best practices would not do this, but a mandatory set of > provisions to qualify a proxy service for a "safe harbor" would. Such a > safe hard model would in my view be more difficult to implement and is > likely to give rise to a certain amount of uncertainty and inconsistent > outcomes even if prudently implemented. But this also assumes that we need > to have a proxy service in which proxies may shield themselves from > liability. In all our discussions, I have still not heard a persuasive > argument why a proxy service industry that can shield itself from liability > is necessary or good or appropriate. > > > > Seth > > > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 12:24 PM > > To: > rt4-whois at icann.org > > > Subject: [Rt4-whois] streamlined proxy recommendation language > > > > Hi All, > > I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, more, > on > streamlining the Proxy recommendations to look, sound and flow like the > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > requirement, but the rest is fairly close. > > > > They are below and attached. If you like them, we'll send them on to > Alice > for inclusion. Note: the definitions went into a footnote which should be > easy to see as it will be quite extensive. > > > > here's the text: > > > > Data Access- Proxy Service > > > > 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. > > > > 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. > > > > 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. > > > > Such voluntary guidelines may include: > > > > + Proxy services provide full contact details as required by the Whois > > > > + Publication by the proxy service of its process for revealing and > relaying information > > > > + Standardization of reveal and relay processes and timeframes, > consistent > with national laws > > > > + Maintenance of a dedicated abuse point of contact for the proxy service > provider > > > > + Due diligence checks on licensee contact information. > > > > 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. > > > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the > domain > name and its manner of use. > > > > Footnote 1 (all the remaining text) > > As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions > of > proxy service and different types of proxy service providers: > > > > - Proxy Service - a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. [KK: is this the definition we are using in other places > in the Report?] > > > > - Affiliated Registrar - another ICANN accredited registrar that operates > under a common controlling interest (2009 Registrar Accreditation > Agreement, > Section 1.20) > > > > - Affiliate retail proxy service provider - entity operating under a > common controlling interest of a registrar. > > > > - Retail proxy service provider - proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. > > > > - Limited proxy service provider - proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. > > > > > > --- end > > same text attached > > Kathy > > > > > > -- > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > _______________________________________________ > > Rt4-whois mailing list > > > Rt4-whois at icann.org > > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/8711b779/attachment.html From susank at fb.com Thu Dec 1 04:34:33 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 04:34:33 +0000 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: References: Message-ID: Seth, Bill and I were going back and forth discussing the proxy issue and I suggested they write a recommendation from their perspective. I am still not ready to give up on the best practice recommendation but they are making good points. I do not see it replacing #6 but as an alternative to the best practice recommendation. I think we need to take poll everyone and get an idea where we stand with both recommendations. And you are up way to early!!! From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Wednesday, November 30, 2011 8:31 PM To: Nettlefold, Peter Cc: rt4-whois at icann.org Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] Hi I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes? On 1 December 2011 03:33, Nettlefold, Peter > wrote: Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" > wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > p.com>> wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org>> > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org>> > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/1393d917/attachment.html From Peter.Nettlefold at dbcde.gov.au Thu Dec 1 04:36:00 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Thu, 1 Dec 2011 15:36:00 +1100 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64226E@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi Emily, I'm not sure who's still awake, so I'll have a try at this. I think this is to replace both. So it both expands and clarifies the very short recommendation we drafted in Dakar, and in so doing makes it unnecessary to have the voluntary best practice approach. I hope this helps, and also that I have understood correctly. Cheers Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Thursday, December 01, 2011 03:31 PM To: Nettlefold, Peter Cc: seth.reiss at lex-ip.com ; bill.smith at paypal-inc.com ; rt4-whois at icann.org Subject: Ignore my last message Re: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] Hi I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes? On 1 December 2011 03:33, Nettlefold, Peter > wrote: Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" > wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > p.com>> wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org>> > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org>> > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/26e545aa/attachment.html From emily at emilytaylor.eu Thu Dec 1 04:38:25 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 04:38:25 +0000 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: References: Message-ID: OK - here's what we do. We need everyone to have time to read and digest Seth's new language. I am in agreement to putting this to the group, but we need everyone to have time to raise objections if they have any. On 1 December 2011 04:34, Susan Kawaguchi wrote: > Seth, Bill and I were going back and forth discussing the proxy issue > and I suggested they write a recommendation from their perspective. I am > still not ready to give up on the best practice recommendation but they are > making good points. I do not see it replacing #6 but as an alternative > to the best practice recommendation. **** > > ** ** > > I think we need to take poll everyone and get an idea where we stand with > both recommendations. **** > > ** ** > > And you are up way to early!!!**** > > ** ** > > ** ** > > ** ** > > *From:* rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] *On > Behalf Of *Emily Taylor > *Sent:* Wednesday, November 30, 2011 8:31 PM > *To:* Nettlefold, Peter > *Cc:* rt4-whois at icann.org > *Subject:* [Rt4-whois] Ignore my last message Re: streamlined proxy > recommendation language [SEC=UNCLASSIFIED]**** > > ** ** > > Hi > > I've now read the e-mail thread, and understand what we're doing. > Substituting for 6, in order to prevent internal contradictions, yes? > > > **** > > On 1 December 2011 03:33, Nettlefold, Peter > wrote:**** > > Classification: UNCLASSIFIED > > Hi Seth, > > Thanks very much for taking the pen on this difficult issue. > > >From my perspective, this is a very good attempt to articulate findings > and recommendations, and I am happy to work with this position. > > I will wait to hear from others before diving into detail too much, to get > a sense if this is an approach we can work with. > > Thanks again. > > Peter > > ----- Original Message ----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 02:26 PM > To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > mmm, didn't really want that kind of pressure. > > Here's an attempt: > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in > which > the registrant is acting on behalf of another. The WHOIS data is that of > the > agent/proxy service and the agent/proxy service alone obtains all rights > and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > I suspect most of you are asleep by now anyway. If not, feel free to > comment or modify or supplement, or in the morning. > > Seth > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:34 PM > To: Seth M Reiss > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Seth, > > Any chance you cold take a crack at this? Your writing on the subject seems > on point and I suspect you could say it using fewer words than I. > > Bill > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > > > Hi Bill, > > > > This is a valuable (albeit frustrating) discussion and necessary to make > sure we get this right, I appreciate the argument. I think we all want the > end result but it is getting to that point that may be painful but we knew > this task could be painful when we signed on. > > > > Is there a stronger recommendation that you and Seth could draft that > outlines your view point? > > > > This is all that we said in the recommendations in Dakar > > > > "Remove proxy services from the RAA since the proxy, as an agent, is the > registrant. Expand and ? affirmative sentence" > > > > I cannot live with that what would you propose to strengthen the > recommendation? > > > > At this point, I am not willing to walk away from the best practices > recommendation but I am very willing to continue the discussion and see if > there is a way forward on a recommendation we all agree to. > > > > I am going to eat dinner and walk the dog so will be offline for an hour. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 5:19 PM > > To: Susan Kawaguchi > > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Susan, > > > > It may not seem like it but I am supportive, very supportive of your > position of to not rely on litigation to solve these types of problems. > Where we disagree is the best approach to avoid the litigation. > > > > I am not suggesting that cigarette-style litigation is the way forward. > Rather, I am concerned that proposal for retail proxy indemnification (if > I've read it right) will result in exactly that situation, some time far in > the future when society and the courts finally realize that allowing > unfettered criminal activity on the Internet is a bad idea. Retail proxies > will happily sell a service to people they don't know as long as they have > no liability. > > > > If instead of no liability, we insist that they have the liability of the > Registrant, since that's what they are, I strongly suspect that counsel for > these services will understand that they now carry at least some risk in > these transactions. Consequently, they will either recommend against them > or > insist on some mechanism to mitigate the risk, through insurance or other > mechanisms - perhaps even actually knowing something about their customers. > Any or all of these would involve higher costs hence higher prices making > these services less attractive to criminals, etc. > > > > By the addition of SLAs into contracts, and mandatory consequences, we > provide a means for ICANN to ensure that valid queries, information > requests, corrections, etc. are made in a timely manner. A registrant could > ignore a request knowing that the specific penalty for failing to comply > with such request. With mandatory revocation the consequence of last > resort, > we give the community and ICANN the ability to revoke a name (the only > thing > of value under our control). > > > > If a proxy is a party to any of these transactions, they act as the > Registrant and must respond either directly or with guidance from the > licensee per the agreement SLAs. Failure to do so results in the same > consequences. > > > > By setting SLAs and consequences appropriately, ICANN can influence the > behavior of Registrants and those that act as proxies for them. > > > > Even if we go with language you an James worked on, and I realize that > you > put in a great deal of effort on that, we'll still need something like what > I have outlined because as we discussed in Dakar, anyone can act as a proxy > for a Registrant no matter what ICANN tries to do to prevent it. If the > "best practices" ICANN develops for the retail trade prove too onerous, > proxy providers will simply step outside of the ICANN tent and provide > their > services likely failing to adhere to the best practices. > > > > I hope this makes sense. > > > > Bill > > > > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > > > HI Bill, > > > > Thank you for your thoughts I think your statement below is my biggest > pain point. > > > > "I think they are inherently contradictory. How a service is *sold* > should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability"." > > > > All of the cases you mention above relied on litigation to clarify the > existence of liability and impose that liability on the manufacturer. It > would be overwhelming and burdensome to rely on litigation to fix this > problem especially when it involves global entities as proxy service > providers. I think we have the opportunity to incentivize the registrars > to > help with the problem. > > > > If I or LE are forced to rely on litigation of any sort of court order to > get information on the licensee of a domain name to pursue a provider of > counterfeit drugs, for example, this would take years for each domain name > involved. > > > > If we take a very extreme step and recommend that proxy services are not > allowed in the gTlds (as .US has done) how would that ever be enforced? > Proxy registrations provide a vital service for many in the domain name > space. > > > > Susan > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 4:20 PM > > To: Seth M Reiss > > Cc: Susan Kawaguchi; Kathy Kleiman; > rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > See below: > > > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > seth.reiss at lex-i > p.com>> wrote: > > > > I am not advocating ignoring proxy services simply clarifying their role > and liability as registrant. I suspect we are very closely aligned > regarding outcome, just not how to reach there. > > > > I guess I'm advocating that we get as close to ignoring them as we can. > Recognizing them, even in the limited way the current RAA does gave the > Ninth Circuit everything it need to make its liability absolving decision. > > > > While the community may not be inclined to receive a proposal to "ignore > proxy services" with open arms, I hope they would consider it if we present > it as in the public interest. > > > > > > I think we disagree regarding whether we need to tolerate an industry > simply because it exists and has for a time. ICANN did not tolerate domain > name tasting, although it acted relatively quickly there and has not here. > > > > I believe it to be a dangerous proposition to say that we need to > accommodate existing practices simply because ICANN has allowed them to > exist for a period of time, although I think it's an unfortunately > circumstance. If you apply this line of reasoning broadly, you effectively > allow the industry to restrict what ICANN can and cannot do. > > > > If we make this assumption generally, our report would be very short. Yes > there are problems with WHOIS. However, it has existed in this manner for > too long and therefor it cannot be changed. > > > > > > I would like to find a middle ground. I am not one for asking people to > think differently. I just don't see how holding stating a proxy should be > held fully responsible, and then at the same time having retail proxy > services definitions and a voluntary best practices policy, will not be > viewed as inherently contradictory. > > > > I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability". > > > > Other than to satisfy, the current purveyors of these fine services, I > can't see any reason to develop a complex set of definitions and liability > flows. Together these give attorneys and courts ample room to for truck > driving. > > > > > > Seth > > > > > > From: Susan Kawaguchi [mailto:susank at fb.com] > > Sent: Wednesday, November 30, 2011 1:29 PM > > To: Kathy Kleiman; Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > > > HI Seth, > > > > I am going to respond to you out of order > > In all our discussions, I have still not heard a persuasive argument why > a > proxy service industry that can shield itself from liability is necessary > or > good or appropriate. I agree with you but it is what is. The situation > arose over 10 years ago and I do not think that advocating to do away with > proxy services is going to be well received by the ICANN community. Also > to date, there has been very few examples of a proxy service being held > liable. > > > > We need proxy services but we need responsive proxy services many of the > providers are acting responsibly it is the bad actors that I would like to > change their behavior. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > I am not sure that these definitions would be accepted outside of ICANN > and at least we would have a clearer picture of who we are dealing with. > > > > I am not convinced at all that just removing the language from the RAA > would impact the practices of the current proxy services. If you have > another argument let me know I am open to rethinking this but I am not open > to ignoring proxy service providers. > > > > Susan > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 3:15 PM > > To: Seth M Reiss > > Cc: > rt4-whois at icann.org > > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Great comments, Seth. I defer to Susan and James, as the experts on this > material. > > Best, > > Kathy > > > > : > > Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. > > > > To respond to Peter's question about what would be legally enforceable, I > think if you look at bullet number 6, if this bullet was implemented in a > very clear and unambiguous way, by itself and without some of the other > material being proposal, then I think there would be reasonable expectation > that national courts would hold the registrant proxy service fully > responsible for harm caused by a website hosted at the domain name at > issue. > In other words, the Ninth Circuit decision that Susan highlighted would > have > been decided differently. > > > > Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. > > > > The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable for > the use of the domain name but can shield that liability by adopted and > fully complying the a specific set of reveal and relay processes etc. I > voluntary set of best practices would not do this, but a mandatory set of > provisions to qualify a proxy service for a "safe harbor" would. Such a > safe hard model would in my view be more difficult to implement and is > likely to give rise to a certain amount of uncertainty and inconsistent > outcomes even if prudently implemented. But this also assumes that we need > to have a proxy service in which proxies may shield themselves from > liability. In all our discussions, I have still not heard a persuasive > argument why a proxy service industry that can shield itself from liability > is necessary or good or appropriate. > > > > Seth > > > > > > From: > rt4-whois-bounces at icann.org rt4-w > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman > > Sent: Wednesday, November 30, 2011 12:24 PM > > To: > rt4-whois at icann.org > > > Subject: [Rt4-whois] streamlined proxy recommendation language > > > > Hi All, > > I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, more, > on > streamlining the Proxy recommendations to look, sound and flow like the > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > requirement, but the rest is fairly close. > > > > They are below and attached. If you like them, we'll send them on to > Alice > for inclusion. Note: the definitions went into a footnote which should be > easy to see as it will be quite extensive. > > > > here's the text: > > > > Data Access- Proxy Service > > > > 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. > > > > 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. > > > > 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. > > > > Such voluntary guidelines may include: > > > > + Proxy services provide full contact details as required by the Whois > > > > + Publication by the proxy service of its process for revealing and > relaying information > > > > + Standardization of reveal and relay processes and timeframes, > consistent > with national laws > > > > + Maintenance of a dedicated abuse point of contact for the proxy service > provider > > > > + Due diligence checks on licensee contact information. > > > > 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. > > > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the > domain > name and its manner of use. > > > > Footnote 1 (all the remaining text) > > As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions > of > proxy service and different types of proxy service providers: > > > > - Proxy Service - a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. [KK: is this the definition we are using in other places > in the Report?] > > > > - Affiliated Registrar - another ICANN accredited registrar that operates > under a common controlling interest (2009 Registrar Accreditation > Agreement, > Section 1.20) > > > > - Affiliate retail proxy service provider - entity operating under a > common controlling interest of a registrar. > > > > - Retail proxy service provider - proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. > > > > - Limited proxy service provider - proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. > > > > > > --- end > > same text attached > > Kathy > > > > > > -- > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > _______________________________________________ > > Rt4-whois mailing list > > > Rt4-whois at icann.org > > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois**** > > > > > -- > > > **** > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713.**** > > ** ** > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/b56c8d59/attachment.html From seth.reiss at lex-ip.com Thu Dec 1 04:39:49 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Wed, 30 Nov 2011 18:39:49 -1000 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: References: Message-ID: <004a01ccafe3$43a5ad30$caf10790$@reiss@lex-ip.com> yes, but now it's my time to leave - please carry on and improve in my absence Seth From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Wednesday, November 30, 2011 6:31 PM To: Nettlefold, Peter Cc: seth.reiss at lex-ip.com; bill.smith at paypal-inc.com; rt4-whois at icann.org Subject: Ignore my last message Re: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] Hi I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes? On 1 December 2011 03:33, Nettlefold, Peter wrote: Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ---------------------------------------------------------------------------- --- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ---------------------------------------------------------------------------- --- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111130/800af1ad/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 04:41:51 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 21:41:51 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> Message-ID: <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> >From my perspective this sets appropriately sets the stage. I'm sure we can whack and whittle at he words and "improve" them. I think we do need some companion language that builds of some of our (informal?) findings that a set of sliding/escalating consequences for failure to act is required. Without that, nothing in the ICANN contracts compels anyone contracted part, direct or otherwise, to do anything. That needs to be corrected. On Nov 30, 2011, at 7:34 PM, "Nettlefold, Peter" wrote: > Classification: UNCLASSIFIED > > Hi Seth, > > Thanks very much for taking the pen on this difficult issue. > > From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. > > I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. > > Thanks again. > > Peter > > ----- Original Message ----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 02:26 PM > To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > mmm, didn't really want that kind of pressure. > > Here's an attempt: > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in which > the registrant is acting on behalf of another. The WHOIS data is that of the > agent/proxy service and the agent/proxy service alone obtains all rights and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > I suspect most of you are asleep by now anyway. If not, feel free to > comment or modify or supplement, or in the morning. > > Seth > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:34 PM > To: Seth M Reiss > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Seth, > > Any chance you cold take a crack at this? Your writing on the subject seems > on point and I suspect you could say it using fewer words than I. > > Bill > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> This is a valuable (albeit frustrating) discussion and necessary to make > sure we get this right, I appreciate the argument. I think we all want the > end result but it is getting to that point that may be painful but we knew > this task could be painful when we signed on. >> >> Is there a stronger recommendation that you and Seth could draft that > outlines your view point? >> >> This is all that we said in the recommendations in Dakar >> >> "Remove proxy services from the RAA since the proxy, as an agent, is the > registrant. Expand and ? affirmative sentence" >> >> I cannot live with that what would you propose to strengthen the > recommendation? >> >> At this point, I am not willing to walk away from the best practices > recommendation but I am very willing to continue the discussion and see if > there is a way forward on a recommendation we all agree to. >> >> I am going to eat dinner and walk the dog so will be offline for an hour. >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Wednesday, November 30, 2011 5:19 PM >> To: Susan Kawaguchi >> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> Susan, >> >> It may not seem like it but I am supportive, very supportive of your > position of to not rely on litigation to solve these types of problems. > Where we disagree is the best approach to avoid the litigation. >> >> I am not suggesting that cigarette-style litigation is the way forward. > Rather, I am concerned that proposal for retail proxy indemnification (if > I've read it right) will result in exactly that situation, some time far in > the future when society and the courts finally realize that allowing > unfettered criminal activity on the Internet is a bad idea. Retail proxies > will happily sell a service to people they don't know as long as they have > no liability. >> >> If instead of no liability, we insist that they have the liability of the > Registrant, since that's what they are, I strongly suspect that counsel for > these services will understand that they now carry at least some risk in > these transactions. Consequently, they will either recommend against them or > insist on some mechanism to mitigate the risk, through insurance or other > mechanisms - perhaps even actually knowing something about their customers. > Any or all of these would involve higher costs hence higher prices making > these services less attractive to criminals, etc. >> >> By the addition of SLAs into contracts, and mandatory consequences, we > provide a means for ICANN to ensure that valid queries, information > requests, corrections, etc. are made in a timely manner. A registrant could > ignore a request knowing that the specific penalty for failing to comply > with such request. With mandatory revocation the consequence of last resort, > we give the community and ICANN the ability to revoke a name (the only thing > of value under our control). >> >> If a proxy is a party to any of these transactions, they act as the > Registrant and must respond either directly or with guidance from the > licensee per the agreement SLAs. Failure to do so results in the same > consequences. >> >> By setting SLAs and consequences appropriately, ICANN can influence the > behavior of Registrants and those that act as proxies for them. >> >> Even if we go with language you an James worked on, and I realize that you > put in a great deal of effort on that, we'll still need something like what > I have outlined because as we discussed in Dakar, anyone can act as a proxy > for a Registrant no matter what ICANN tries to do to prevent it. If the > "best practices" ICANN develops for the retail trade prove too onerous, > proxy providers will simply step outside of the ICANN tent and provide their > services likely failing to adhere to the best practices. >> >> I hope this makes sense. >> >> Bill >> >> >> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: >> >> HI Bill, >> >> Thank you for your thoughts I think your statement below is my biggest > pain point. >> >> "I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability"." >> >> All of the cases you mention above relied on litigation to clarify the > existence of liability and impose that liability on the manufacturer. It > would be overwhelming and burdensome to rely on litigation to fix this > problem especially when it involves global entities as proxy service > providers. I think we have the opportunity to incentivize the registrars to > help with the problem. >> >> If I or LE are forced to rely on litigation of any sort of court order to > get information on the licensee of a domain name to pursue a provider of > counterfeit drugs, for example, this would take years for each domain name > involved. >> >> If we take a very extreme step and recommend that proxy services are not > allowed in the gTlds (as .US has done) how would that ever be enforced? > Proxy registrations provide a vital service for many in the domain name > space. >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Wednesday, November 30, 2011 4:20 PM >> To: Seth M Reiss >> Cc: Susan Kawaguchi; Kathy Kleiman; > rt4-whois at icann.org >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> See below: >> >> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > p.com>> wrote: >> >> I am not advocating ignoring proxy services simply clarifying their role > and liability as registrant. I suspect we are very closely aligned > regarding outcome, just not how to reach there. >> >> I guess I'm advocating that we get as close to ignoring them as we can. > Recognizing them, even in the limited way the current RAA does gave the > Ninth Circuit everything it need to make its liability absolving decision. >> >> While the community may not be inclined to receive a proposal to "ignore > proxy services" with open arms, I hope they would consider it if we present > it as in the public interest. >> >> >> I think we disagree regarding whether we need to tolerate an industry > simply because it exists and has for a time. ICANN did not tolerate domain > name tasting, although it acted relatively quickly there and has not here. >> >> I believe it to be a dangerous proposition to say that we need to > accommodate existing practices simply because ICANN has allowed them to > exist for a period of time, although I think it's an unfortunately > circumstance. If you apply this line of reasoning broadly, you effectively > allow the industry to restrict what ICANN can and cannot do. >> >> If we make this assumption generally, our report would be very short. Yes > there are problems with WHOIS. However, it has existed in this manner for > too long and therefor it cannot be changed. >> >> >> I would like to find a middle ground. I am not one for asking people to > think differently. I just don't see how holding stating a proxy should be > held fully responsible, and then at the same time having retail proxy > services definitions and a voluntary best practices policy, will not be > viewed as inherently contradictory. >> >> I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability". >> >> Other than to satisfy, the current purveyors of these fine services, I > can't see any reason to develop a complex set of definitions and liability > flows. Together these give attorneys and courts ample room to for truck > driving. >> >> >> Seth >> >> >> From: Susan Kawaguchi [mailto:susank at fb.com] >> Sent: Wednesday, November 30, 2011 1:29 PM >> To: Kathy Kleiman; Seth M Reiss >> Cc: > rt4-whois at icann.org >> Subject: RE: [Rt4-whois] streamlined proxy recommendation language >> >> HI Seth, >> >> I am going to respond to you out of order >> In all our discussions, I have still not heard a persuasive argument why a > proxy service industry that can shield itself from liability is necessary or > good or appropriate. I agree with you but it is what is. The situation > arose over 10 years ago and I do not think that advocating to do away with > proxy services is going to be well received by the ICANN community. Also > to date, there has been very few examples of a proxy service being held > liable. >> >> We need proxy services but we need responsive proxy services many of the > providers are acting responsibly it is the bad actors that I would like to > change their behavior. >> >> Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. >> >> I am not sure that these definitions would be accepted outside of ICANN > and at least we would have a clearer picture of who we are dealing with. >> >> I am not convinced at all that just removing the language from the RAA > would impact the practices of the current proxy services. If you have > another argument let me know I am open to rethinking this but I am not open > to ignoring proxy service providers. >> >> Susan >> >> From: > rt4-whois-bounces at icann.org hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman >> Sent: Wednesday, November 30, 2011 3:15 PM >> To: Seth M Reiss >> Cc: > rt4-whois at icann.org >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> Great comments, Seth. I defer to Susan and James, as the experts on this > material. >> Best, >> Kathy >> >> : >> Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. >> >> To respond to Peter's question about what would be legally enforceable, I > think if you look at bullet number 6, if this bullet was implemented in a > very clear and unambiguous way, by itself and without some of the other > material being proposal, then I think there would be reasonable expectation > that national courts would hold the registrant proxy service fully > responsible for harm caused by a website hosted at the domain name at issue. > In other words, the Ninth Circuit decision that Susan highlighted would have > been decided differently. >> >> Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. >> >> The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable for > the use of the domain name but can shield that liability by adopted and > fully complying the a specific set of reveal and relay processes etc. I > voluntary set of best practices would not do this, but a mandatory set of > provisions to qualify a proxy service for a "safe harbor" would. Such a > safe hard model would in my view be more difficult to implement and is > likely to give rise to a certain amount of uncertainty and inconsistent > outcomes even if prudently implemented. But this also assumes that we need > to have a proxy service in which proxies may shield themselves from > liability. In all our discussions, I have still not heard a persuasive > argument why a proxy service industry that can shield itself from liability > is necessary or good or appropriate. >> >> Seth >> >> >> From: > rt4-whois-bounces at icann.org hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman >> Sent: Wednesday, November 30, 2011 12:24 PM >> To: > rt4-whois at icann.org >> Subject: [Rt4-whois] streamlined proxy recommendation language >> >> Hi All, >> I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, more, on > streamlining the Proxy recommendations to look, sound and flow like the > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > requirement, but the rest is fairly close. >> >> They are below and attached. If you like them, we'll send them on to Alice > for inclusion. Note: the definitions went into a footnote which should be > easy to see as it will be quite extensive. >> >> here's the text: >> >> Data Access- Proxy Service >> >> 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. >> >> 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. >> >> 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. >> >> Such voluntary guidelines may include: >> >> + Proxy services provide full contact details as required by the Whois >> >> + Publication by the proxy service of its process for revealing and > relaying information >> >> + Standardization of reveal and relay processes and timeframes, consistent > with national laws >> >> + Maintenance of a dedicated abuse point of contact for the proxy service > provider >> >> + Due diligence checks on licensee contact information. >> >> 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. >> >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the domain > name and its manner of use. >> >> Footnote 1 (all the remaining text) >> As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions of > proxy service and different types of proxy service providers: >> >> - Proxy Service - a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. [KK: is this the definition we are using in other places > in the Report?] >> >> - Affiliated Registrar - another ICANN accredited registrar that operates > under a common controlling interest (2009 Registrar Accreditation Agreement, > Section 1.20) >> >> - Affiliate retail proxy service provider - entity operating under a > common controlling interest of a registrar. >> >> - Retail proxy service provider - proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. >> >> - Limited proxy service provider - proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. >> >> >> --- end >> same text attached >> Kathy >> >> >> -- >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> > Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > From emily at emilytaylor.eu Thu Dec 1 04:44:18 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 04:44:18 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> Message-ID: Just a quick one, Bill. We do have escalated sanctions in the recommendations. On 1 December 2011 04:41, Smith, Bill wrote: > >From my perspective this sets appropriately sets the stage. I'm sure we > can whack and whittle at he words and "improve" them. I think we do need > some companion language that builds of some of our (informal?) findings > that a set of sliding/escalating consequences for failure to act is > required. Without that, nothing in the ICANN contracts compels anyone > contracted part, direct or otherwise, to do anything. That needs to be > corrected. > > On Nov 30, 2011, at 7:34 PM, "Nettlefold, Peter" < > Peter.Nettlefold at dbcde.gov.au> wrote: > > > Classification: UNCLASSIFIED > > > > Hi Seth, > > > > Thanks very much for taking the pen on this difficult issue. > > > > From my perspective, this is a very good attempt to articulate findings > and recommendations, and I am happy to work with this position. > > > > I will wait to hear from others before diving into detail too much, to > get a sense if this is an approach we can work with. > > > > Thanks again. > > > > Peter > > > > ----- Original Message ----- > > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > > Sent: Thursday, December 01, 2011 02:26 PM > > To: 'Smith, Bill' > > Cc: rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > mmm, didn't really want that kind of pressure. > > > > Here's an attempt: > > > > Data Access- Proxy Service > > > > 1. The Review Team considers a Proxy Service as a relationship in > which > > the registrant is acting on behalf of another. The WHOIS data is that of > the > > agent/proxy service and the agent/proxy service alone obtains all rights > and > > assumes all responsibility for the domain name and its manner of use. > > 2. ICANN should clarify that any registrant that may be acting as a > > proxy service for another is in all respects still the registrant and, in > > ICANN's view, should be held fully responsible for the use of the domain > > name including for any and all harm that results from the use of the > domain > > name. > > 2. Because of ICANN's position on proxy services to date, which > > tolerates the proxy service industry that has arisen and which through > RAA > > provisions gives recognition and attempts to regulate that industry, has > > been used by courts and others to allow proxy services to escape > liability > > for bad acts of the proxy service customers, ICANN should either delete > or > > amend those provisions of the RAA that can or have been used to allow > proxy > > services to escape liability. > > 3. The Review Team acknowledges that there may be legitimate reasons > > for the occasional use of a proxy service, as for example to protect a > > valuable trade secret at product launch. At the same time proxy services > > should not be viewed or used as a substitute for privacy services that > are > > designed to shield an individual's personal contact information. The > > legitimate use a proxy service would be the exception and not widespread. > > 4. A proxy service industry willing to accept full risks and > liabilities > > for the manner in which domain names through its service will be used > will > > take the necessary precautionary measures, in its relationship with its > > customers, such that domain names so registered are unlikely to be > misused > > and, if misused, a remedy for those victimized will more likely be > > available. > > > > I suspect most of you are asleep by now anyway. If not, feel free to > > comment or modify or supplement, or in the morning. > > > > Seth > > > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 4:34 PM > > To: Seth M Reiss > > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Seth, > > > > Any chance you cold take a crack at this? Your writing on the subject > seems > > on point and I suspect you could say it using fewer words than I. > > > > Bill > > > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > > > >> Hi Bill, > >> > >> This is a valuable (albeit frustrating) discussion and necessary to make > > sure we get this right, I appreciate the argument. I think we all want > the > > end result but it is getting to that point that may be painful but we > knew > > this task could be painful when we signed on. > >> > >> Is there a stronger recommendation that you and Seth could draft that > > outlines your view point? > >> > >> This is all that we said in the recommendations in Dakar > >> > >> "Remove proxy services from the RAA since the proxy, as an agent, is the > > registrant. Expand and ? affirmative sentence" > >> > >> I cannot live with that what would you propose to strengthen the > > recommendation? > >> > >> At this point, I am not willing to walk away from the best practices > > recommendation but I am very willing to continue the discussion and see > if > > there is a way forward on a recommendation we all agree to. > >> > >> I am going to eat dinner and walk the dog so will be offline for an > hour. > >> > >> Susan > >> > >> -----Original Message----- > >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > >> Sent: Wednesday, November 30, 2011 5:19 PM > >> To: Susan Kawaguchi > >> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> Susan, > >> > >> It may not seem like it but I am supportive, very supportive of your > > position of to not rely on litigation to solve these types of problems. > > Where we disagree is the best approach to avoid the litigation. > >> > >> I am not suggesting that cigarette-style litigation is the way forward. > > Rather, I am concerned that proposal for retail proxy indemnification (if > > I've read it right) will result in exactly that situation, some time far > in > > the future when society and the courts finally realize that allowing > > unfettered criminal activity on the Internet is a bad idea. Retail > proxies > > will happily sell a service to people they don't know as long as they > have > > no liability. > >> > >> If instead of no liability, we insist that they have the liability of > the > > Registrant, since that's what they are, I strongly suspect that counsel > for > > these services will understand that they now carry at least some risk in > > these transactions. Consequently, they will either recommend against > them or > > insist on some mechanism to mitigate the risk, through insurance or other > > mechanisms - perhaps even actually knowing something about their > customers. > > Any or all of these would involve higher costs hence higher prices making > > these services less attractive to criminals, etc. > >> > >> By the addition of SLAs into contracts, and mandatory consequences, we > > provide a means for ICANN to ensure that valid queries, information > > requests, corrections, etc. are made in a timely manner. A registrant > could > > ignore a request knowing that the specific penalty for failing to comply > > with such request. With mandatory revocation the consequence of last > resort, > > we give the community and ICANN the ability to revoke a name (the only > thing > > of value under our control). > >> > >> If a proxy is a party to any of these transactions, they act as the > > Registrant and must respond either directly or with guidance from the > > licensee per the agreement SLAs. Failure to do so results in the same > > consequences. > >> > >> By setting SLAs and consequences appropriately, ICANN can influence the > > behavior of Registrants and those that act as proxies for them. > >> > >> Even if we go with language you an James worked on, and I realize that > you > > put in a great deal of effort on that, we'll still need something like > what > > I have outlined because as we discussed in Dakar, anyone can act as a > proxy > > for a Registrant no matter what ICANN tries to do to prevent it. If the > > "best practices" ICANN develops for the retail trade prove too onerous, > > proxy providers will simply step outside of the ICANN tent and provide > their > > services likely failing to adhere to the best practices. > >> > >> I hope this makes sense. > >> > >> Bill > >> > >> > >> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > >> > >> HI Bill, > >> > >> Thank you for your thoughts I think your statement below is my biggest > > pain point. > >> > >> "I think they are inherently contradictory. How a service is *sold* > should > > not determine liability. If this were the case and we applied the > proposed > > definitions to consumer products, untold numbers of tort cases would be > > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > > properly claim, "I don't know the buyer therefor I have no liability"." > >> > >> All of the cases you mention above relied on litigation to clarify the > > existence of liability and impose that liability on the manufacturer. > It > > would be overwhelming and burdensome to rely on litigation to fix this > > problem especially when it involves global entities as proxy service > > providers. I think we have the opportunity to incentivize the > registrars to > > help with the problem. > >> > >> If I or LE are forced to rely on litigation of any sort of court order > to > > get information on the licensee of a domain name to pursue a provider of > > counterfeit drugs, for example, this would take years for each domain > name > > involved. > >> > >> If we take a very extreme step and recommend that proxy services are not > > allowed in the gTlds (as .US has done) how would that ever be enforced? > > Proxy registrations provide a vital service for many in the domain name > > space. > >> > >> Susan > >> > >> -----Original Message----- > >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > >> Sent: Wednesday, November 30, 2011 4:20 PM > >> To: Seth M Reiss > >> Cc: Susan Kawaguchi; Kathy Kleiman; > > rt4-whois at icann.org > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> See below: > >> > >> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > > seth.reiss at lex-i > > p.com>> wrote: > >> > >> I am not advocating ignoring proxy services simply clarifying their role > > and liability as registrant. I suspect we are very closely aligned > > regarding outcome, just not how to reach there. > >> > >> I guess I'm advocating that we get as close to ignoring them as we can. > > Recognizing them, even in the limited way the current RAA does gave the > > Ninth Circuit everything it need to make its liability absolving > decision. > >> > >> While the community may not be inclined to receive a proposal to "ignore > > proxy services" with open arms, I hope they would consider it if we > present > > it as in the public interest. > >> > >> > >> I think we disagree regarding whether we need to tolerate an industry > > simply because it exists and has for a time. ICANN did not tolerate > domain > > name tasting, although it acted relatively quickly there and has not > here. > >> > >> I believe it to be a dangerous proposition to say that we need to > > accommodate existing practices simply because ICANN has allowed them to > > exist for a period of time, although I think it's an unfortunately > > circumstance. If you apply this line of reasoning broadly, you > effectively > > allow the industry to restrict what ICANN can and cannot do. > >> > >> If we make this assumption generally, our report would be very short. > Yes > > there are problems with WHOIS. However, it has existed in this manner for > > too long and therefor it cannot be changed. > >> > >> > >> I would like to find a middle ground. I am not one for asking people to > > think differently. I just don't see how holding stating a proxy should > be > > held fully responsible, and then at the same time having retail proxy > > services definitions and a voluntary best practices policy, will not be > > viewed as inherently contradictory. > >> > >> I think they are inherently contradictory. How a service is *sold* > should > > not determine liability. If this were the case and we applied the > proposed > > definitions to consumer products, untold numbers of tort cases would be > > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > > properly claim, "I don't know the buyer therefor I have no liability". > >> > >> Other than to satisfy, the current purveyors of these fine services, I > > can't see any reason to develop a complex set of definitions and > liability > > flows. Together these give attorneys and courts ample room to for truck > > driving. > >> > >> > >> Seth > >> > >> > >> From: Susan Kawaguchi [mailto:susank at fb.com] > >> Sent: Wednesday, November 30, 2011 1:29 PM > >> To: Kathy Kleiman; Seth M Reiss > >> Cc: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: RE: [Rt4-whois] streamlined proxy recommendation language > >> > >> HI Seth, > >> > >> I am going to respond to you out of order > >> In all our discussions, I have still not heard a persuasive argument > why a > > proxy service industry that can shield itself from liability is > necessary or > > good or appropriate. I agree with you but it is what is. The > situation > > arose over 10 years ago and I do not think that advocating to do away > with > > proxy services is going to be well received by the ICANN community. > Also > > to date, there has been very few examples of a proxy service being held > > liable. > >> > >> We need proxy services but we need responsive proxy services many of the > > providers are acting responsibly it is the bad actors that I would like > to > > change their behavior. > >> > >> Once you introduce definitions concerning affiliates, retail services > and > > different flavors of proxy services, the cheap ones with flimsy > > relationships, and the expensive ones with fiduciary type relationships, > it > > will appear to the court that you do not really mean what you saying in > > bullet number 6. This will confuse the courts (and the public) and the > > registrant proxy services is more likely to be able to weasel out of > being > > held liable. > >> > >> I am not sure that these definitions would be accepted outside of ICANN > > and at least we would have a clearer picture of who we are dealing with. > >> > >> I am not convinced at all that just removing the language from the RAA > > would impact the practices of the current proxy services. If you have > > another argument let me know I am open to rethinking this but I am not > open > > to ignoring proxy service providers. > >> > >> Susan > >> > >> From: > > rt4-whois-bounces at icann.org rt4-w > > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf > Of > > Kathy Kleiman > >> Sent: Wednesday, November 30, 2011 3:15 PM > >> To: Seth M Reiss > >> Cc: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> Great comments, Seth. I defer to Susan and James, as the experts on this > > material. > >> Best, > >> Kathy > >> > >> : > >> Thank you Kathy for breaking this out. I have not been good about > > reviewing the entire document. > >> > >> To respond to Peter's question about what would be legally enforceable, > I > > think if you look at bullet number 6, if this bullet was implemented in a > > very clear and unambiguous way, by itself and without some of the other > > material being proposal, then I think there would be reasonable > expectation > > that national courts would hold the registrant proxy service fully > > responsible for harm caused by a website hosted at the domain name at > issue. > > In other words, the Ninth Circuit decision that Susan highlighted would > have > > been decided differently. > >> > >> Once you introduce definitions concerning affiliates, retail services > and > > different flavors of proxy services, the cheap ones with flimsy > > relationships, and the expensive ones with fiduciary type relationships, > it > > will appear to the court that you do not really mean what you saying in > > bullet number 6. This will confuse the courts (and the public) and the > > registrant proxy services is more likely to be able to weasel out of > being > > held liable. > >> > >> The current proposal on the table suggests to me a somewhat more > > complicated model whereby the registrant proxy service is fully liable > for > > the use of the domain name but can shield that liability by adopted and > > fully complying the a specific set of reveal and relay processes etc. I > > voluntary set of best practices would not do this, but a mandatory set of > > provisions to qualify a proxy service for a "safe harbor" would. Such a > > safe hard model would in my view be more difficult to implement and is > > likely to give rise to a certain amount of uncertainty and inconsistent > > outcomes even if prudently implemented. But this also assumes that we > need > > to have a proxy service in which proxies may shield themselves from > > liability. In all our discussions, I have still not heard a persuasive > > argument why a proxy service industry that can shield itself from > liability > > is necessary or good or appropriate. > >> > >> Seth > >> > >> > >> From: > > rt4-whois-bounces at icann.org rt4-w > > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf > Of > > Kathy Kleiman > >> Sent: Wednesday, November 30, 2011 12:24 PM > >> To: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: [Rt4-whois] streamlined proxy recommendation language > >> > >> Hi All, > >> I feel like I am sending altogether too many emails today. Sorry :-)! > > Anyway, here's one more. I worked with James, a little, and Susan, > more, on > > streamlining the Proxy recommendations to look, sound and flow like the > > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > > requirement, but the rest is fairly close. > >> > >> They are below and attached. If you like them, we'll send them on to > Alice > > for inclusion. Note: the definitions went into a footnote which should be > > easy to see as it will be quite extensive. > >> > >> here's the text: > >> > >> Data Access- Proxy Service > >> > >> 1. ICANN should facilitate the review of existing practices by > > reaching out to proxy providers to create a discussion which sets out > > current processes followed by proxy service providers. > >> > >> 2. Registrars should be required to disclosure their relationship > > with any Affiliated Retail proxy service provider to ICANN. > >> > >> 3. ICANN should develop and manage a set of voluntary best practice > > guidelines for appropriate proxy services [footnote 1] consistent with > > national laws. These voluntary guidelines should strike an appropriate > > balance between stakeholders with competing but legitimate interests. At > a > > minimum this would include privacy, law enforcement and the industry > around > > law enforcement. > >> > >> Such voluntary guidelines may include: > >> > >> + Proxy services provide full contact details as required by the Whois > >> > >> + Publication by the proxy service of its process for revealing and > > relaying information > >> > >> + Standardization of reveal and relay processes and timeframes, > consistent > > with national laws > >> > >> + Maintenance of a dedicated abuse point of contact for the proxy > service > > provider > >> > >> + Due diligence checks on licensee contact information. > >> > >> 5. ICANN should encourage and incentivize registrars to interact with > the > > retail service providers that adopt the best practices. > >> > >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in > > Recommendation 1 above, should include an affirmative statement that > > clarifies that a proxy means a relationship in which the Registrant is > > acting on behalf of another. The WHOIS data is that of the agent, and the > > agent alone obtains all rights and assumes all responsibility for the > domain > > name and its manner of use. > >> > >> Footnote 1 (all the remaining text) > >> As guidance to the Community and as useful background for the Proxy > > Service Recommendations, the Review Team provides its working > definitions of > > proxy service and different types of proxy service providers: > >> > >> - Proxy Service - a relationship in which the registrant is acting on > > behalf of another The WHOIS data is that of the agent and the agent alone > > obtains all rights and assumes all responsibility for the domain name and > > its manner of use. [KK: is this the definition we are using in other > places > > in the Report?] > >> > >> - Affiliated Registrar - another ICANN accredited registrar that > operates > > under a common controlling interest (2009 Registrar Accreditation > Agreement, > > Section 1.20) > >> > >> - Affiliate retail proxy service provider - entity operating under a > > common controlling interest of a registrar. > >> > >> - Retail proxy service provider - proxy service with little or no > > knowledge of the entity or individual requesting the service beyond > their > > ability to pay and their agreement to the general terms and conditions. > >> > >> - Limited proxy service provider - proxy service for an entity or > > individual in which there is an ongoing business relationship bound by a > > contract that is specific to the relationship. > >> > >> > >> --- end > >> same text attached > >> Kathy > >> > >> > >> -- > >> > >> > >> > >> > >> > >> > >> > >> -- > >> > >> > >> > >> > >> > >> _______________________________________________ > >> Rt4-whois mailing list > >> > > Rt4-whois at icann.org Rt4-whois at icann.org> > >> https://mm.icann.org/mailman/listinfo/rt4-whois > >> > > > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > > > ------------------------------------------------------------------------------- > > > > NOTICE: This email message is for the sole use of the intended > recipient(s) > > and may contain confidential and privileged information. Any unauthorized > > review, use, disclosure or distribution is prohibited. If you are not the > > intended recipient, please contact the sender by reply email and destroy > all > > copies of the original message. > > > > This message has been content scanned by the Axway MailGate. > > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > > > > ------------------------------------------------------------------------------- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/67bbb88d/attachment.html From emily at emilytaylor.eu Thu Dec 1 04:44:22 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 04:44:22 +0000 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> Message-ID: Just a quick one, Bill. We do have escalated sanctions in the recommendations. On 1 December 2011 04:41, Smith, Bill wrote: > >From my perspective this sets appropriately sets the stage. I'm sure we > can whack and whittle at he words and "improve" them. I think we do need > some companion language that builds of some of our (informal?) findings > that a set of sliding/escalating consequences for failure to act is > required. Without that, nothing in the ICANN contracts compels anyone > contracted part, direct or otherwise, to do anything. That needs to be > corrected. > > On Nov 30, 2011, at 7:34 PM, "Nettlefold, Peter" < > Peter.Nettlefold at dbcde.gov.au> wrote: > > > Classification: UNCLASSIFIED > > > > Hi Seth, > > > > Thanks very much for taking the pen on this difficult issue. > > > > From my perspective, this is a very good attempt to articulate findings > and recommendations, and I am happy to work with this position. > > > > I will wait to hear from others before diving into detail too much, to > get a sense if this is an approach we can work with. > > > > Thanks again. > > > > Peter > > > > ----- Original Message ----- > > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > > Sent: Thursday, December 01, 2011 02:26 PM > > To: 'Smith, Bill' > > Cc: rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > mmm, didn't really want that kind of pressure. > > > > Here's an attempt: > > > > Data Access- Proxy Service > > > > 1. The Review Team considers a Proxy Service as a relationship in > which > > the registrant is acting on behalf of another. The WHOIS data is that of > the > > agent/proxy service and the agent/proxy service alone obtains all rights > and > > assumes all responsibility for the domain name and its manner of use. > > 2. ICANN should clarify that any registrant that may be acting as a > > proxy service for another is in all respects still the registrant and, in > > ICANN's view, should be held fully responsible for the use of the domain > > name including for any and all harm that results from the use of the > domain > > name. > > 2. Because of ICANN's position on proxy services to date, which > > tolerates the proxy service industry that has arisen and which through > RAA > > provisions gives recognition and attempts to regulate that industry, has > > been used by courts and others to allow proxy services to escape > liability > > for bad acts of the proxy service customers, ICANN should either delete > or > > amend those provisions of the RAA that can or have been used to allow > proxy > > services to escape liability. > > 3. The Review Team acknowledges that there may be legitimate reasons > > for the occasional use of a proxy service, as for example to protect a > > valuable trade secret at product launch. At the same time proxy services > > should not be viewed or used as a substitute for privacy services that > are > > designed to shield an individual's personal contact information. The > > legitimate use a proxy service would be the exception and not widespread. > > 4. A proxy service industry willing to accept full risks and > liabilities > > for the manner in which domain names through its service will be used > will > > take the necessary precautionary measures, in its relationship with its > > customers, such that domain names so registered are unlikely to be > misused > > and, if misused, a remedy for those victimized will more likely be > > available. > > > > I suspect most of you are asleep by now anyway. If not, feel free to > > comment or modify or supplement, or in the morning. > > > > Seth > > > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Wednesday, November 30, 2011 4:34 PM > > To: Seth M Reiss > > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > > > Seth, > > > > Any chance you cold take a crack at this? Your writing on the subject > seems > > on point and I suspect you could say it using fewer words than I. > > > > Bill > > > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" wrote: > > > >> Hi Bill, > >> > >> This is a valuable (albeit frustrating) discussion and necessary to make > > sure we get this right, I appreciate the argument. I think we all want > the > > end result but it is getting to that point that may be painful but we > knew > > this task could be painful when we signed on. > >> > >> Is there a stronger recommendation that you and Seth could draft that > > outlines your view point? > >> > >> This is all that we said in the recommendations in Dakar > >> > >> "Remove proxy services from the RAA since the proxy, as an agent, is the > > registrant. Expand and ? affirmative sentence" > >> > >> I cannot live with that what would you propose to strengthen the > > recommendation? > >> > >> At this point, I am not willing to walk away from the best practices > > recommendation but I am very willing to continue the discussion and see > if > > there is a way forward on a recommendation we all agree to. > >> > >> I am going to eat dinner and walk the dog so will be offline for an > hour. > >> > >> Susan > >> > >> -----Original Message----- > >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > >> Sent: Wednesday, November 30, 2011 5:19 PM > >> To: Susan Kawaguchi > >> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> Susan, > >> > >> It may not seem like it but I am supportive, very supportive of your > > position of to not rely on litigation to solve these types of problems. > > Where we disagree is the best approach to avoid the litigation. > >> > >> I am not suggesting that cigarette-style litigation is the way forward. > > Rather, I am concerned that proposal for retail proxy indemnification (if > > I've read it right) will result in exactly that situation, some time far > in > > the future when society and the courts finally realize that allowing > > unfettered criminal activity on the Internet is a bad idea. Retail > proxies > > will happily sell a service to people they don't know as long as they > have > > no liability. > >> > >> If instead of no liability, we insist that they have the liability of > the > > Registrant, since that's what they are, I strongly suspect that counsel > for > > these services will understand that they now carry at least some risk in > > these transactions. Consequently, they will either recommend against > them or > > insist on some mechanism to mitigate the risk, through insurance or other > > mechanisms - perhaps even actually knowing something about their > customers. > > Any or all of these would involve higher costs hence higher prices making > > these services less attractive to criminals, etc. > >> > >> By the addition of SLAs into contracts, and mandatory consequences, we > > provide a means for ICANN to ensure that valid queries, information > > requests, corrections, etc. are made in a timely manner. A registrant > could > > ignore a request knowing that the specific penalty for failing to comply > > with such request. With mandatory revocation the consequence of last > resort, > > we give the community and ICANN the ability to revoke a name (the only > thing > > of value under our control). > >> > >> If a proxy is a party to any of these transactions, they act as the > > Registrant and must respond either directly or with guidance from the > > licensee per the agreement SLAs. Failure to do so results in the same > > consequences. > >> > >> By setting SLAs and consequences appropriately, ICANN can influence the > > behavior of Registrants and those that act as proxies for them. > >> > >> Even if we go with language you an James worked on, and I realize that > you > > put in a great deal of effort on that, we'll still need something like > what > > I have outlined because as we discussed in Dakar, anyone can act as a > proxy > > for a Registrant no matter what ICANN tries to do to prevent it. If the > > "best practices" ICANN develops for the retail trade prove too onerous, > > proxy providers will simply step outside of the ICANN tent and provide > their > > services likely failing to adhere to the best practices. > >> > >> I hope this makes sense. > >> > >> Bill > >> > >> > >> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > >> > >> HI Bill, > >> > >> Thank you for your thoughts I think your statement below is my biggest > > pain point. > >> > >> "I think they are inherently contradictory. How a service is *sold* > should > > not determine liability. If this were the case and we applied the > proposed > > definitions to consumer products, untold numbers of tort cases would be > > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > > properly claim, "I don't know the buyer therefor I have no liability"." > >> > >> All of the cases you mention above relied on litigation to clarify the > > existence of liability and impose that liability on the manufacturer. > It > > would be overwhelming and burdensome to rely on litigation to fix this > > problem especially when it involves global entities as proxy service > > providers. I think we have the opportunity to incentivize the > registrars to > > help with the problem. > >> > >> If I or LE are forced to rely on litigation of any sort of court order > to > > get information on the licensee of a domain name to pursue a provider of > > counterfeit drugs, for example, this would take years for each domain > name > > involved. > >> > >> If we take a very extreme step and recommend that proxy services are not > > allowed in the gTlds (as .US has done) how would that ever be enforced? > > Proxy registrations provide a vital service for many in the domain name > > space. > >> > >> Susan > >> > >> -----Original Message----- > >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > >> Sent: Wednesday, November 30, 2011 4:20 PM > >> To: Seth M Reiss > >> Cc: Susan Kawaguchi; Kathy Kleiman; > > rt4-whois at icann.org > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> See below: > >> > >> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > > seth.reiss at lex-i > > p.com>> wrote: > >> > >> I am not advocating ignoring proxy services simply clarifying their role > > and liability as registrant. I suspect we are very closely aligned > > regarding outcome, just not how to reach there. > >> > >> I guess I'm advocating that we get as close to ignoring them as we can. > > Recognizing them, even in the limited way the current RAA does gave the > > Ninth Circuit everything it need to make its liability absolving > decision. > >> > >> While the community may not be inclined to receive a proposal to "ignore > > proxy services" with open arms, I hope they would consider it if we > present > > it as in the public interest. > >> > >> > >> I think we disagree regarding whether we need to tolerate an industry > > simply because it exists and has for a time. ICANN did not tolerate > domain > > name tasting, although it acted relatively quickly there and has not > here. > >> > >> I believe it to be a dangerous proposition to say that we need to > > accommodate existing practices simply because ICANN has allowed them to > > exist for a period of time, although I think it's an unfortunately > > circumstance. If you apply this line of reasoning broadly, you > effectively > > allow the industry to restrict what ICANN can and cannot do. > >> > >> If we make this assumption generally, our report would be very short. > Yes > > there are problems with WHOIS. However, it has existed in this manner for > > too long and therefor it cannot be changed. > >> > >> > >> I would like to find a middle ground. I am not one for asking people to > > think differently. I just don't see how holding stating a proxy should > be > > held fully responsible, and then at the same time having retail proxy > > services definitions and a voluntary best practices policy, will not be > > viewed as inherently contradictory. > >> > >> I think they are inherently contradictory. How a service is *sold* > should > > not determine liability. If this were the case and we applied the > proposed > > definitions to consumer products, untold numbers of tort cases would be > > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > > properly claim, "I don't know the buyer therefor I have no liability". > >> > >> Other than to satisfy, the current purveyors of these fine services, I > > can't see any reason to develop a complex set of definitions and > liability > > flows. Together these give attorneys and courts ample room to for truck > > driving. > >> > >> > >> Seth > >> > >> > >> From: Susan Kawaguchi [mailto:susank at fb.com] > >> Sent: Wednesday, November 30, 2011 1:29 PM > >> To: Kathy Kleiman; Seth M Reiss > >> Cc: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: RE: [Rt4-whois] streamlined proxy recommendation language > >> > >> HI Seth, > >> > >> I am going to respond to you out of order > >> In all our discussions, I have still not heard a persuasive argument > why a > > proxy service industry that can shield itself from liability is > necessary or > > good or appropriate. I agree with you but it is what is. The > situation > > arose over 10 years ago and I do not think that advocating to do away > with > > proxy services is going to be well received by the ICANN community. > Also > > to date, there has been very few examples of a proxy service being held > > liable. > >> > >> We need proxy services but we need responsive proxy services many of the > > providers are acting responsibly it is the bad actors that I would like > to > > change their behavior. > >> > >> Once you introduce definitions concerning affiliates, retail services > and > > different flavors of proxy services, the cheap ones with flimsy > > relationships, and the expensive ones with fiduciary type relationships, > it > > will appear to the court that you do not really mean what you saying in > > bullet number 6. This will confuse the courts (and the public) and the > > registrant proxy services is more likely to be able to weasel out of > being > > held liable. > >> > >> I am not sure that these definitions would be accepted outside of ICANN > > and at least we would have a clearer picture of who we are dealing with. > >> > >> I am not convinced at all that just removing the language from the RAA > > would impact the practices of the current proxy services. If you have > > another argument let me know I am open to rethinking this but I am not > open > > to ignoring proxy service providers. > >> > >> Susan > >> > >> From: > > rt4-whois-bounces at icann.org rt4-w > > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf > Of > > Kathy Kleiman > >> Sent: Wednesday, November 30, 2011 3:15 PM > >> To: Seth M Reiss > >> Cc: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language > >> > >> Great comments, Seth. I defer to Susan and James, as the experts on this > > material. > >> Best, > >> Kathy > >> > >> : > >> Thank you Kathy for breaking this out. I have not been good about > > reviewing the entire document. > >> > >> To respond to Peter's question about what would be legally enforceable, > I > > think if you look at bullet number 6, if this bullet was implemented in a > > very clear and unambiguous way, by itself and without some of the other > > material being proposal, then I think there would be reasonable > expectation > > that national courts would hold the registrant proxy service fully > > responsible for harm caused by a website hosted at the domain name at > issue. > > In other words, the Ninth Circuit decision that Susan highlighted would > have > > been decided differently. > >> > >> Once you introduce definitions concerning affiliates, retail services > and > > different flavors of proxy services, the cheap ones with flimsy > > relationships, and the expensive ones with fiduciary type relationships, > it > > will appear to the court that you do not really mean what you saying in > > bullet number 6. This will confuse the courts (and the public) and the > > registrant proxy services is more likely to be able to weasel out of > being > > held liable. > >> > >> The current proposal on the table suggests to me a somewhat more > > complicated model whereby the registrant proxy service is fully liable > for > > the use of the domain name but can shield that liability by adopted and > > fully complying the a specific set of reveal and relay processes etc. I > > voluntary set of best practices would not do this, but a mandatory set of > > provisions to qualify a proxy service for a "safe harbor" would. Such a > > safe hard model would in my view be more difficult to implement and is > > likely to give rise to a certain amount of uncertainty and inconsistent > > outcomes even if prudently implemented. But this also assumes that we > need > > to have a proxy service in which proxies may shield themselves from > > liability. In all our discussions, I have still not heard a persuasive > > argument why a proxy service industry that can shield itself from > liability > > is necessary or good or appropriate. > >> > >> Seth > >> > >> > >> From: > > rt4-whois-bounces at icann.org rt4-w > > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf > Of > > Kathy Kleiman > >> Sent: Wednesday, November 30, 2011 12:24 PM > >> To: > > rt4-whois at icann.org rt4-whois at icann.org> > >> Subject: [Rt4-whois] streamlined proxy recommendation language > >> > >> Hi All, > >> I feel like I am sending altogether too many emails today. Sorry :-)! > > Anyway, here's one more. I worked with James, a little, and Susan, > more, on > > streamlining the Proxy recommendations to look, sound and flow like the > > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > > requirement, but the rest is fairly close. > >> > >> They are below and attached. If you like them, we'll send them on to > Alice > > for inclusion. Note: the definitions went into a footnote which should be > > easy to see as it will be quite extensive. > >> > >> here's the text: > >> > >> Data Access- Proxy Service > >> > >> 1. ICANN should facilitate the review of existing practices by > > reaching out to proxy providers to create a discussion which sets out > > current processes followed by proxy service providers. > >> > >> 2. Registrars should be required to disclosure their relationship > > with any Affiliated Retail proxy service provider to ICANN. > >> > >> 3. ICANN should develop and manage a set of voluntary best practice > > guidelines for appropriate proxy services [footnote 1] consistent with > > national laws. These voluntary guidelines should strike an appropriate > > balance between stakeholders with competing but legitimate interests. At > a > > minimum this would include privacy, law enforcement and the industry > around > > law enforcement. > >> > >> Such voluntary guidelines may include: > >> > >> + Proxy services provide full contact details as required by the Whois > >> > >> + Publication by the proxy service of its process for revealing and > > relaying information > >> > >> + Standardization of reveal and relay processes and timeframes, > consistent > > with national laws > >> > >> + Maintenance of a dedicated abuse point of contact for the proxy > service > > provider > >> > >> + Due diligence checks on licensee contact information. > >> > >> 5. ICANN should encourage and incentivize registrars to interact with > the > > retail service providers that adopt the best practices. > >> > >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in > > Recommendation 1 above, should include an affirmative statement that > > clarifies that a proxy means a relationship in which the Registrant is > > acting on behalf of another. The WHOIS data is that of the agent, and the > > agent alone obtains all rights and assumes all responsibility for the > domain > > name and its manner of use. > >> > >> Footnote 1 (all the remaining text) > >> As guidance to the Community and as useful background for the Proxy > > Service Recommendations, the Review Team provides its working > definitions of > > proxy service and different types of proxy service providers: > >> > >> - Proxy Service - a relationship in which the registrant is acting on > > behalf of another The WHOIS data is that of the agent and the agent alone > > obtains all rights and assumes all responsibility for the domain name and > > its manner of use. [KK: is this the definition we are using in other > places > > in the Report?] > >> > >> - Affiliated Registrar - another ICANN accredited registrar that > operates > > under a common controlling interest (2009 Registrar Accreditation > Agreement, > > Section 1.20) > >> > >> - Affiliate retail proxy service provider - entity operating under a > > common controlling interest of a registrar. > >> > >> - Retail proxy service provider - proxy service with little or no > > knowledge of the entity or individual requesting the service beyond > their > > ability to pay and their agreement to the general terms and conditions. > >> > >> - Limited proxy service provider - proxy service for an entity or > > individual in which there is an ongoing business relationship bound by a > > contract that is specific to the relationship. > >> > >> > >> --- end > >> same text attached > >> Kathy > >> > >> > >> -- > >> > >> > >> > >> > >> > >> > >> > >> -- > >> > >> > >> > >> > >> > >> _______________________________________________ > >> Rt4-whois mailing list > >> > > Rt4-whois at icann.org Rt4-whois at icann.org> > >> https://mm.icann.org/mailman/listinfo/rt4-whois > >> > > > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > > > ------------------------------------------------------------------------------- > > > > NOTICE: This email message is for the sole use of the intended > recipient(s) > > and may contain confidential and privileged information. Any unauthorized > > review, use, disclosure or distribution is prohibited. If you are not the > > intended recipient, please contact the sender by reply email and destroy > all > > copies of the original message. > > > > This message has been content scanned by the Axway MailGate. > > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > > > > ------------------------------------------------------------------------------- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/48ef9334/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 04:47:40 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 21:47:40 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> Message-ID: There was a dialogue about the proxy language while you were "at the theater". (I trust our daughter's play went well and all enjoyed themselves.) Some of us are of the mind that the voluntary practices language codifies existing poor policy and can be easily circumvented. Recall from Dakar that we agreed that anyone could serve as a proxy with or without ICANN's approval. If ICANN is going to address the issue of proxies, it needs to do so in way that doesn't permit the free flow of liability away from those providing services and using domains, as is the current practice. My quick, and possibly skewed view. On Nov 30, 2011, at 8:26 PM, "Emily Taylor" > wrote: Hi all Up way too early (couldn't sleep). Can you just bring me up to speed. Are Seth's proposals a substitute for the proxy recommendations, or additional findings? Are we ditching the voluntary practices recommendations, or are these in addition? Kind regards Emily On 1 December 2011 03:33, Nettlefold, Peter > wrote: Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" > wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > p.com>> wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org>> > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org>> > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. From bill.smith at paypal-inc.com Thu Dec 1 04:48:03 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 21:48:03 -0700 Subject: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D64226C@EMB01.dept.gov.au> <791D782F-E457-4C3B-94D1-39A0A58DD7F0@paypal-inc.com> Message-ID: Excellent! On Nov 30, 2011, at 8:44 PM, "Emily Taylor" > wrote: Just a quick one, Bill. We do have escalated sanctions in the recommendations. On 1 December 2011 04:41, Smith, Bill > wrote: >From my perspective this sets appropriately sets the stage. I'm sure we can whack and whittle at he words and "improve" them. I think we do need some companion language that builds of some of our (informal?) findings that a set of sliding/escalating consequences for failure to act is required. Without that, nothing in the ICANN contracts compels anyone contracted part, direct or otherwise, to do anything. That needs to be corrected. On Nov 30, 2011, at 7:34 PM, "Nettlefold, Peter" > wrote: > Classification: UNCLASSIFIED > > Hi Seth, > > Thanks very much for taking the pen on this difficult issue. > > From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. > > I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. > > Thanks again. > > Peter > > ----- Original Message ----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 02:26 PM > To: 'Smith, Bill' > > Cc: rt4-whois at icann.org > > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > mmm, didn't really want that kind of pressure. > > Here's an attempt: > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in which > the registrant is acting on behalf of another. The WHOIS data is that of the > agent/proxy service and the agent/proxy service alone obtains all rights and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > I suspect most of you are asleep by now anyway. If not, feel free to > comment or modify or supplement, or in the morning. > > Seth > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:34 PM > To: Seth M Reiss > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Seth, > > Any chance you cold take a crack at this? Your writing on the subject seems > on point and I suspect you could say it using fewer words than I. > > Bill > > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" > wrote: > >> Hi Bill, >> >> This is a valuable (albeit frustrating) discussion and necessary to make > sure we get this right, I appreciate the argument. I think we all want the > end result but it is getting to that point that may be painful but we knew > this task could be painful when we signed on. >> >> Is there a stronger recommendation that you and Seth could draft that > outlines your view point? >> >> This is all that we said in the recommendations in Dakar >> >> "Remove proxy services from the RAA since the proxy, as an agent, is the > registrant. Expand and ? affirmative sentence" >> >> I cannot live with that what would you propose to strengthen the > recommendation? >> >> At this point, I am not willing to walk away from the best practices > recommendation but I am very willing to continue the discussion and see if > there is a way forward on a recommendation we all agree to. >> >> I am going to eat dinner and walk the dog so will be offline for an hour. >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Wednesday, November 30, 2011 5:19 PM >> To: Susan Kawaguchi >> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> Susan, >> >> It may not seem like it but I am supportive, very supportive of your > position of to not rely on litigation to solve these types of problems. > Where we disagree is the best approach to avoid the litigation. >> >> I am not suggesting that cigarette-style litigation is the way forward. > Rather, I am concerned that proposal for retail proxy indemnification (if > I've read it right) will result in exactly that situation, some time far in > the future when society and the courts finally realize that allowing > unfettered criminal activity on the Internet is a bad idea. Retail proxies > will happily sell a service to people they don't know as long as they have > no liability. >> >> If instead of no liability, we insist that they have the liability of the > Registrant, since that's what they are, I strongly suspect that counsel for > these services will understand that they now carry at least some risk in > these transactions. Consequently, they will either recommend against them or > insist on some mechanism to mitigate the risk, through insurance or other > mechanisms - perhaps even actually knowing something about their customers. > Any or all of these would involve higher costs hence higher prices making > these services less attractive to criminals, etc. >> >> By the addition of SLAs into contracts, and mandatory consequences, we > provide a means for ICANN to ensure that valid queries, information > requests, corrections, etc. are made in a timely manner. A registrant could > ignore a request knowing that the specific penalty for failing to comply > with such request. With mandatory revocation the consequence of last resort, > we give the community and ICANN the ability to revoke a name (the only thing > of value under our control). >> >> If a proxy is a party to any of these transactions, they act as the > Registrant and must respond either directly or with guidance from the > licensee per the agreement SLAs. Failure to do so results in the same > consequences. >> >> By setting SLAs and consequences appropriately, ICANN can influence the > behavior of Registrants and those that act as proxies for them. >> >> Even if we go with language you an James worked on, and I realize that you > put in a great deal of effort on that, we'll still need something like what > I have outlined because as we discussed in Dakar, anyone can act as a proxy > for a Registrant no matter what ICANN tries to do to prevent it. If the > "best practices" ICANN develops for the retail trade prove too onerous, > proxy providers will simply step outside of the ICANN tent and provide their > services likely failing to adhere to the best practices. >> >> I hope this makes sense. >> >> Bill >> >> >> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: >> >> HI Bill, >> >> Thank you for your thoughts I think your statement below is my biggest > pain point. >> >> "I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability"." >> >> All of the cases you mention above relied on litigation to clarify the > existence of liability and impose that liability on the manufacturer. It > would be overwhelming and burdensome to rely on litigation to fix this > problem especially when it involves global entities as proxy service > providers. I think we have the opportunity to incentivize the registrars to > help with the problem. >> >> If I or LE are forced to rely on litigation of any sort of court order to > get information on the licensee of a domain name to pursue a provider of > counterfeit drugs, for example, this would take years for each domain name > involved. >> >> If we take a very extreme step and recommend that proxy services are not > allowed in the gTlds (as .US has done) how would that ever be enforced? > Proxy registrations provide a vital service for many in the domain name > space. >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Wednesday, November 30, 2011 4:20 PM >> To: Seth M Reiss >> Cc: Susan Kawaguchi; Kathy Kleiman; > rt4-whois at icann.org> >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> See below: >> >> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > > > p.com>> wrote: >> >> I am not advocating ignoring proxy services simply clarifying their role > and liability as registrant. I suspect we are very closely aligned > regarding outcome, just not how to reach there. >> >> I guess I'm advocating that we get as close to ignoring them as we can. > Recognizing them, even in the limited way the current RAA does gave the > Ninth Circuit everything it need to make its liability absolving decision. >> >> While the community may not be inclined to receive a proposal to "ignore > proxy services" with open arms, I hope they would consider it if we present > it as in the public interest. >> >> >> I think we disagree regarding whether we need to tolerate an industry > simply because it exists and has for a time. ICANN did not tolerate domain > name tasting, although it acted relatively quickly there and has not here. >> >> I believe it to be a dangerous proposition to say that we need to > accommodate existing practices simply because ICANN has allowed them to > exist for a period of time, although I think it's an unfortunately > circumstance. If you apply this line of reasoning broadly, you effectively > allow the industry to restrict what ICANN can and cannot do. >> >> If we make this assumption generally, our report would be very short. Yes > there are problems with WHOIS. However, it has existed in this manner for > too long and therefor it cannot be changed. >> >> >> I would like to find a middle ground. I am not one for asking people to > think differently. I just don't see how holding stating a proxy should be > held fully responsible, and then at the same time having retail proxy > services definitions and a voluntary best practices policy, will not be > viewed as inherently contradictory. >> >> I think they are inherently contradictory. How a service is *sold* should > not determine liability. If this were the case and we applied the proposed > definitions to consumer products, untold numbers of tort cases would be > summarily thrown out. Cigarette, toy, and asbestos manufacturers could > properly claim, "I don't know the buyer therefor I have no liability". >> >> Other than to satisfy, the current purveyors of these fine services, I > can't see any reason to develop a complex set of definitions and liability > flows. Together these give attorneys and courts ample room to for truck > driving. >> >> >> Seth >> >> >> From: Susan Kawaguchi [mailto:susank at fb.com] >> Sent: Wednesday, November 30, 2011 1:29 PM >> To: Kathy Kleiman; Seth M Reiss >> Cc: > rt4-whois at icann.org>> >> Subject: RE: [Rt4-whois] streamlined proxy recommendation language >> >> HI Seth, >> >> I am going to respond to you out of order >> In all our discussions, I have still not heard a persuasive argument why a > proxy service industry that can shield itself from liability is necessary or > good or appropriate. I agree with you but it is what is. The situation > arose over 10 years ago and I do not think that advocating to do away with > proxy services is going to be well received by the ICANN community. Also > to date, there has been very few examples of a proxy service being held > liable. >> >> We need proxy services but we need responsive proxy services many of the > providers are acting responsibly it is the bad actors that I would like to > change their behavior. >> >> Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. >> >> I am not sure that these definitions would be accepted outside of ICANN > and at least we would have a clearer picture of who we are dealing with. >> >> I am not convinced at all that just removing the language from the RAA > would impact the practices of the current proxy services. If you have > another argument let me know I am open to rethinking this but I am not open > to ignoring proxy service providers. >> >> Susan >> >> From: > rt4-whois-bounces at icann.org> > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman >> Sent: Wednesday, November 30, 2011 3:15 PM >> To: Seth M Reiss >> Cc: > rt4-whois at icann.org>> >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language >> >> Great comments, Seth. I defer to Susan and James, as the experts on this > material. >> Best, >> Kathy >> >> : >> Thank you Kathy for breaking this out. I have not been good about > reviewing the entire document. >> >> To respond to Peter's question about what would be legally enforceable, I > think if you look at bullet number 6, if this bullet was implemented in a > very clear and unambiguous way, by itself and without some of the other > material being proposal, then I think there would be reasonable expectation > that national courts would hold the registrant proxy service fully > responsible for harm caused by a website hosted at the domain name at issue. > In other words, the Ninth Circuit decision that Susan highlighted would have > been decided differently. >> >> Once you introduce definitions concerning affiliates, retail services and > different flavors of proxy services, the cheap ones with flimsy > relationships, and the expensive ones with fiduciary type relationships, it > will appear to the court that you do not really mean what you saying in > bullet number 6. This will confuse the courts (and the public) and the > registrant proxy services is more likely to be able to weasel out of being > held liable. >> >> The current proposal on the table suggests to me a somewhat more > complicated model whereby the registrant proxy service is fully liable for > the use of the domain name but can shield that liability by adopted and > fully complying the a specific set of reveal and relay processes etc. I > voluntary set of best practices would not do this, but a mandatory set of > provisions to qualify a proxy service for a "safe harbor" would. Such a > safe hard model would in my view be more difficult to implement and is > likely to give rise to a certain amount of uncertainty and inconsistent > outcomes even if prudently implemented. But this also assumes that we need > to have a proxy service in which proxies may shield themselves from > liability. In all our discussions, I have still not heard a persuasive > argument why a proxy service industry that can shield itself from liability > is necessary or good or appropriate. >> >> Seth >> >> >> From: > rt4-whois-bounces at icann.org> > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of > Kathy Kleiman >> Sent: Wednesday, November 30, 2011 12:24 PM >> To: > rt4-whois at icann.org>> >> Subject: [Rt4-whois] streamlined proxy recommendation language >> >> Hi All, >> I feel like I am sending altogether too many emails today. Sorry :-)! > Anyway, here's one more. I worked with James, a little, and Susan, more, on > streamlining the Proxy recommendations to look, sound and flow like the > Privacy recommendations. Of course, proxy is voluntary, and privacy is a > requirement, but the rest is fairly close. >> >> They are below and attached. If you like them, we'll send them on to Alice > for inclusion. Note: the definitions went into a footnote which should be > easy to see as it will be quite extensive. >> >> here's the text: >> >> Data Access- Proxy Service >> >> 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. >> >> 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. >> >> 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. >> >> Such voluntary guidelines may include: >> >> + Proxy services provide full contact details as required by the Whois >> >> + Publication by the proxy service of its process for revealing and > relaying information >> >> + Standardization of reveal and relay processes and timeframes, consistent > with national laws >> >> + Maintenance of a dedicated abuse point of contact for the proxy service > provider >> >> + Due diligence checks on licensee contact information. >> >> 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. >> >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the domain > name and its manner of use. >> >> Footnote 1 (all the remaining text) >> As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions of > proxy service and different types of proxy service providers: >> >> - Proxy Service - a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. [KK: is this the definition we are using in other places > in the Report?] >> >> - Affiliated Registrar - another ICANN accredited registrar that operates > under a common controlling interest (2009 Registrar Accreditation Agreement, > Section 1.20) >> >> - Affiliate retail proxy service provider - entity operating under a > common controlling interest of a registrar. >> >> - Retail proxy service provider - proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. >> >> - Limited proxy service provider - proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. >> >> >> --- end >> same text attached >> Kathy >> >> >> -- >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> > Rt4-whois at icann.org>> >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. > > > ------------------------------------------------------------------------------- > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. From bill.smith at paypal-inc.com Thu Dec 1 04:49:28 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Wed, 30 Nov 2011 21:49:28 -0700 Subject: [Rt4-whois] Ignore my last message Re: streamlined proxy recommendation language [SEC=UNCLASSIFIED] In-Reply-To: <004a01ccafe3$43a5ad30$caf10790$@reiss@lex-ip.com> References: <004a01ccafe3$43a5ad30$caf10790$@reiss@lex-ip.com> Message-ID: Nothing like global editing; rock around the clock. On Nov 30, 2011, at 8:40 PM, "Seth M Reiss" > wrote: yes, but now it?s my time to leave ? please carry on and improve in my absence Seth From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Wednesday, November 30, 2011 6:31 PM To: Nettlefold, Peter Cc: seth.reiss at lex-ip.com; bill.smith at paypal-inc.com; rt4-whois at icann.org Subject: Ignore my last message Re: [Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED] Hi I've now read the e-mail thread, and understand what we're doing. Substituting for 6, in order to prevent internal contradictions, yes? On 1 December 2011 03:33, Nettlefold, Peter > wrote: Classification: UNCLASSIFIED Hi Seth, Thanks very much for taking the pen on this difficult issue. >From my perspective, this is a very good attempt to articulate findings and recommendations, and I am happy to work with this position. I will wait to hear from others before diving into detail too much, to get a sense if this is an approach we can work with. Thanks again. Peter ----- Original Message ----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 02:26 PM To: 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language mmm, didn't really want that kind of pressure. Here's an attempt: Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. I suspect most of you are asleep by now anyway. If not, feel free to comment or modify or supplement, or in the morning. Seth -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Wednesday, November 30, 2011 4:34 PM To: Seth M Reiss Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi Subject: Re: [Rt4-whois] streamlined proxy recommendation language Seth, Any chance you cold take a crack at this? Your writing on the subject seems on point and I suspect you could say it using fewer words than I. Bill On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" > wrote: > Hi Bill, > > This is a valuable (albeit frustrating) discussion and necessary to make sure we get this right, I appreciate the argument. I think we all want the end result but it is getting to that point that may be painful but we knew this task could be painful when we signed on. > > Is there a stronger recommendation that you and Seth could draft that outlines your view point? > > This is all that we said in the recommendations in Dakar > > "Remove proxy services from the RAA since the proxy, as an agent, is the registrant. Expand and ? affirmative sentence" > > I cannot live with that what would you propose to strengthen the recommendation? > > At this point, I am not willing to walk away from the best practices recommendation but I am very willing to continue the discussion and see if there is a way forward on a recommendation we all agree to. > > I am going to eat dinner and walk the dog so will be offline for an hour. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 5:19 PM > To: Susan Kawaguchi > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Susan, > > It may not seem like it but I am supportive, very supportive of your position of to not rely on litigation to solve these types of problems. Where we disagree is the best approach to avoid the litigation. > > I am not suggesting that cigarette-style litigation is the way forward. Rather, I am concerned that proposal for retail proxy indemnification (if I've read it right) will result in exactly that situation, some time far in the future when society and the courts finally realize that allowing unfettered criminal activity on the Internet is a bad idea. Retail proxies will happily sell a service to people they don't know as long as they have no liability. > > If instead of no liability, we insist that they have the liability of the Registrant, since that's what they are, I strongly suspect that counsel for these services will understand that they now carry at least some risk in these transactions. Consequently, they will either recommend against them or insist on some mechanism to mitigate the risk, through insurance or other mechanisms - perhaps even actually knowing something about their customers. Any or all of these would involve higher costs hence higher prices making these services less attractive to criminals, etc. > > By the addition of SLAs into contracts, and mandatory consequences, we provide a means for ICANN to ensure that valid queries, information requests, corrections, etc. are made in a timely manner. A registrant could ignore a request knowing that the specific penalty for failing to comply with such request. With mandatory revocation the consequence of last resort, we give the community and ICANN the ability to revoke a name (the only thing of value under our control). > > If a proxy is a party to any of these transactions, they act as the Registrant and must respond either directly or with guidance from the licensee per the agreement SLAs. Failure to do so results in the same consequences. > > By setting SLAs and consequences appropriately, ICANN can influence the behavior of Registrants and those that act as proxies for them. > > Even if we go with language you an James worked on, and I realize that you put in a great deal of effort on that, we'll still need something like what I have outlined because as we discussed in Dakar, anyone can act as a proxy for a Registrant no matter what ICANN tries to do to prevent it. If the "best practices" ICANN develops for the retail trade prove too onerous, proxy providers will simply step outside of the ICANN tent and provide their services likely failing to adhere to the best practices. > > I hope this makes sense. > > Bill > > > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote: > > HI Bill, > > Thank you for your thoughts I think your statement below is my biggest pain point. > > "I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability"." > > All of the cases you mention above relied on litigation to clarify the existence of liability and impose that liability on the manufacturer. It would be overwhelming and burdensome to rely on litigation to fix this problem especially when it involves global entities as proxy service providers. I think we have the opportunity to incentivize the registrars to help with the problem. > > If I or LE are forced to rely on litigation of any sort of court order to get information on the licensee of a domain name to pursue a provider of counterfeit drugs, for example, this would take years for each domain name involved. > > If we take a very extreme step and recommend that proxy services are not allowed in the gTlds (as .US has done) how would that ever be enforced? Proxy registrations provide a vital service for many in the domain name space. > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Wednesday, November 30, 2011 4:20 PM > To: Seth M Reiss > Cc: Susan Kawaguchi; Kathy Kleiman; rt4-whois at icann.org> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > See below: > > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss" > p.com>> wrote: > > I am not advocating ignoring proxy services simply clarifying their role and liability as registrant. I suspect we are very closely aligned regarding outcome, just not how to reach there. > > I guess I'm advocating that we get as close to ignoring them as we can. Recognizing them, even in the limited way the current RAA does gave the Ninth Circuit everything it need to make its liability absolving decision. > > While the community may not be inclined to receive a proposal to "ignore proxy services" with open arms, I hope they would consider it if we present it as in the public interest. > > > I think we disagree regarding whether we need to tolerate an industry simply because it exists and has for a time. ICANN did not tolerate domain name tasting, although it acted relatively quickly there and has not here. > > I believe it to be a dangerous proposition to say that we need to accommodate existing practices simply because ICANN has allowed them to exist for a period of time, although I think it's an unfortunately circumstance. If you apply this line of reasoning broadly, you effectively allow the industry to restrict what ICANN can and cannot do. > > If we make this assumption generally, our report would be very short. Yes there are problems with WHOIS. However, it has existed in this manner for too long and therefor it cannot be changed. > > > I would like to find a middle ground. I am not one for asking people to think differently. I just don't see how holding stating a proxy should be held fully responsible, and then at the same time having retail proxy services definitions and a voluntary best practices policy, will not be viewed as inherently contradictory. > > I think they are inherently contradictory. How a service is *sold* should not determine liability. If this were the case and we applied the proposed definitions to consumer products, untold numbers of tort cases would be summarily thrown out. Cigarette, toy, and asbestos manufacturers could properly claim, "I don't know the buyer therefor I have no liability". > > Other than to satisfy, the current purveyors of these fine services, I can't see any reason to develop a complex set of definitions and liability flows. Together these give attorneys and courts ample room to for truck driving. > > > Seth > > > From: Susan Kawaguchi [mailto:susank at fb.com] > Sent: Wednesday, November 30, 2011 1:29 PM > To: Kathy Kleiman; Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language > > HI Seth, > > I am going to respond to you out of order > In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. I agree with you but it is what is. The situation arose over 10 years ago and I do not think that advocating to do away with proxy services is going to be well received by the ICANN community. Also to date, there has been very few examples of a proxy service being held liable. > > We need proxy services but we need responsive proxy services many of the providers are acting responsibly it is the bad actors that I would like to change their behavior. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > I am not sure that these definitions would be accepted outside of ICANN and at least we would have a clearer picture of who we are dealing with. > > I am not convinced at all that just removing the language from the RAA would impact the practices of the current proxy services. If you have another argument let me know I am open to rethinking this but I am not open to ignoring proxy service providers. > > Susan > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 3:15 PM > To: Seth M Reiss > Cc: rt4-whois at icann.org>> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language > > Great comments, Seth. I defer to Susan and James, as the experts on this material. > Best, > Kathy > > : > Thank you Kathy for breaking this out. I have not been good about reviewing the entire document. > > To respond to Peter's question about what would be legally enforceable, I think if you look at bullet number 6, if this bullet was implemented in a very clear and unambiguous way, by itself and without some of the other material being proposal, then I think there would be reasonable expectation that national courts would hold the registrant proxy service fully responsible for harm caused by a website hosted at the domain name at issue. In other words, the Ninth Circuit decision that Susan highlighted would have been decided differently. > > Once you introduce definitions concerning affiliates, retail services and different flavors of proxy services, the cheap ones with flimsy relationships, and the expensive ones with fiduciary type relationships, it will appear to the court that you do not really mean what you saying in bullet number 6. This will confuse the courts (and the public) and the registrant proxy services is more likely to be able to weasel out of being held liable. > > The current proposal on the table suggests to me a somewhat more complicated model whereby the registrant proxy service is fully liable for the use of the domain name but can shield that liability by adopted and fully complying the a specific set of reveal and relay processes etc. I voluntary set of best practices would not do this, but a mandatory set of provisions to qualify a proxy service for a "safe harbor" would. Such a safe hard model would in my view be more difficult to implement and is likely to give rise to a certain amount of uncertainty and inconsistent outcomes even if prudently implemented. But this also assumes that we need to have a proxy service in which proxies may shield themselves from liability. In all our discussions, I have still not heard a persuasive argument why a proxy service industry that can shield itself from liability is necessary or good or appropriate. > > Seth > > > From: rt4-whois-bounces at icann.org> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman > Sent: Wednesday, November 30, 2011 12:24 PM > To: rt4-whois at icann.org>> > Subject: [Rt4-whois] streamlined proxy recommendation language > > Hi All, > I feel like I am sending altogether too many emails today. Sorry :-)! Anyway, here's one more. I worked with James, a little, and Susan, more, on streamlining the Proxy recommendations to look, sound and flow like the Privacy recommendations. Of course, proxy is voluntary, and privacy is a requirement, but the rest is fairly close. > > They are below and attached. If you like them, we'll send them on to Alice for inclusion. Note: the definitions went into a footnote which should be easy to see as it will be quite extensive. > > here's the text: > > Data Access- Proxy Service > > 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service - a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider - entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > --- end > same text attached > Kathy > > > -- > > > > > > > > -- > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org>> > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. From lutz at iks-jena.de Thu Dec 1 07:33:56 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Thu, 1 Dec 2011 08:33:56 +0100 Subject: [Rt4-whois] streamlined proxy recommendation language In-Reply-To: <000b01ccafd9$12e42f50$38ac8df0$@reiss@lex-ip.com> References: <4ED6ACF3.7070808@kathykleiman.com> <4ED6B8E7.4040609@kathykleiman.com> <81466CDE-ED88-4324-833E-A939B1BCB237@paypal-inc.com> <353BBC59-7E4F-4284-B7CD-493D51A13447@paypal-inc.com> <000b01ccafd9$12e42f50$38ac8df0$@reiss@lex-ip.com> Message-ID: <20111201073356.GA18581@belenus.iks-jena.de> On Wed, Nov 30, 2011 at 05:26:53PM -1000, Seth M Reiss wrote: > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in which > the registrant is acting on behalf of another. The WHOIS data is that of the > agent/proxy service and the agent/proxy service alone obtains all rights and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. Despite it's a bit hard to read, it's a very good piece of work. Thank you. The most hard to read passage is: "any registrant that may be acting as a proxy service for another" The word "registrant" is overloaded by implicit meanings. Common understanding of proxy services does not consider the proxy to be the registran. But ob behalf of ICANN policies, the proxy is the registrant and the commonly considered registrant is something which does not really exist. From kathy at kathykleiman.com Thu Dec 1 13:32:53 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Thu, 01 Dec 2011 08:32:53 -0500 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: Message-ID: <4ED78205.7030505@kathykleiman.com> Hi All, What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. Otherwise, there are some fascinating legal concepts, and my brain already hurts! Thinking hard first thing in the AM and still reviewing. I would like to know what James thinks, Kathy > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in > which > the registrant is acting on behalf of another. The WHOIS data is that > of the > agent/proxy service and the agent/proxy service alone obtains all > rights and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the > domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow > proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and > liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/5aa44bb5/attachment.html From omar at kaminski.adv.br Thu Dec 1 13:45:53 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Thu, 1 Dec 2011 11:45:53 -0200 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <4ED78205.7030505@kathykleiman.com> References: <4ED78205.7030505@kathykleiman.com> Message-ID: "The Review Team considers a Proxy Service as a (*contractual*) relationship in which the registrant is acting on behalf of another (*by an agreement and subject to local and international laws*). "The legitimate use a proxy service would be the exception and not widespread." I support that, even if "legitimate reasons" could be just to protect a trade secret (IMO a weak reason, since the domain could be register under any other name, like a lawyer office). Omar 2011/12/1 Kathy Kleiman : > Hi All, > What a night!? I can see the 24*7 party of the WRT continued.? Thanks so > very much! > > Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) > > Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. > > Otherwise, there are some fascinating legal concepts, and my brain already > hurts! > Thinking hard first thing in the AM and still reviewing. > I would like to know what James thinks, > Kathy > > > Data Access- Proxy Service > > 1.??????The Review Team considers a Proxy Service as a relationship in which > the registrant is acting on behalf of another. The WHOIS data is that of the > agent/proxy service and the agent/proxy service alone obtains all rights and > assumes all responsibility for the domain name and its manner of use. > 2.??????ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2.??????Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3.??????The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information.??The > legitimate use a proxy service would be the exception and not widespread. > 4.????A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From bill.smith at paypal-inc.com Thu Dec 1 14:13:06 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 07:13:06 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <4ED78205.7030505@kathykleiman.com> References: <4ED78205.7030505@kathykleiman.com> Message-ID: <50B4EB97-406D-46D6-A350-D91014EDFABE@paypal.com> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: > Hi All, > What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! > > Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) > > Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. > > Otherwise, there are some fascinating legal concepts, and my brain already hurts! > Thinking hard first thing in the AM and still reviewing. > I would like to know what James thinks, > Kathy > >> >> Data Access- Proxy Service >> >> 1. The Review Team considers a Proxy Service as a relationship in which >> the registrant is acting on behalf of another. The WHOIS data is that of the >> agent/proxy service and the agent/proxy service alone obtains all rights and >> assumes all responsibility for the domain name and its manner of use. >> 2. ICANN should clarify that any registrant that may be acting as a >> proxy service for another is in all respects still the registrant and, in >> ICANN's view, should be held fully responsible for the use of the domain >> name including for any and all harm that results from the use of the domain >> name. >> 2. Because of ICANN's position on proxy services to date, which >> tolerates the proxy service industry that has arisen and which through RAA >> provisions gives recognition and attempts to regulate that industry, has >> been used by courts and others to allow proxy services to escape liability >> for bad acts of the proxy service customers, ICANN should either delete or >> amend those provisions of the RAA that can or have been used to allow proxy >> services to escape liability. >> 3. The Review Team acknowledges that there may be legitimate reasons >> for the occasional use of a proxy service, as for example to protect a >> valuable trade secret at product launch. At the same time proxy services >> should not be viewed or used as a substitute for privacy services that are >> designed to shield an individual's personal contact information. The >> legitimate use a proxy service would be the exception and not widespread. >> 4. A proxy service industry willing to accept full risks and liabilities >> for the manner in which domain names through its service will be used will >> take the necessary precautionary measures, in its relationship with its >> customers, such that domain names so registered are unlikely to be misused >> and, if misused, a remedy for those victimized will more likely be >> available. >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From kathy at kathykleiman.com Thu Dec 1 14:17:36 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Thu, 01 Dec 2011 09:17:36 -0500 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <50B4EB97-406D-46D6-A350-D91014EDFABE@paypal.com> References: <4ED78205.7030505@kathykleiman.com> <50B4EB97-406D-46D6-A350-D91014EDFABE@paypal.com> Message-ID: <4ED78C80.10605@kathykleiman.com> But what James and Susan did so brilliantly, and for the first time in history, was to begin to bring the proxy services into the ICANN tent and into sight. The idea of disclosing relationships, sharing ownership and contractual relationships, is an enormous step forward. I think we are losing something now... Kathy: > My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". > > Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. > > As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. > > What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. > > These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. > > The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. > > On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: > >> Hi All, >> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >> >> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >> >> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >> >> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >> Thinking hard first thing in the AM and still reviewing. >> I would like to know what James thinks, >> Kathy >> >>> Data Access- Proxy Service >>> >>> 1. The Review Team considers a Proxy Service as a relationship in which >>> the registrant is acting on behalf of another. The WHOIS data is that of the >>> agent/proxy service and the agent/proxy service alone obtains all rights and >>> assumes all responsibility for the domain name and its manner of use. >>> 2. ICANN should clarify that any registrant that may be acting as a >>> proxy service for another is in all respects still the registrant and, in >>> ICANN's view, should be held fully responsible for the use of the domain >>> name including for any and all harm that results from the use of the domain >>> name. >>> 2. Because of ICANN's position on proxy services to date, which >>> tolerates the proxy service industry that has arisen and which through RAA >>> provisions gives recognition and attempts to regulate that industry, has >>> been used by courts and others to allow proxy services to escape liability >>> for bad acts of the proxy service customers, ICANN should either delete or >>> amend those provisions of the RAA that can or have been used to allow proxy >>> services to escape liability. >>> 3. The Review Team acknowledges that there may be legitimate reasons >>> for the occasional use of a proxy service, as for example to protect a >>> valuable trade secret at product launch. At the same time proxy services >>> should not be viewed or used as a substitute for privacy services that are >>> designed to shield an individual's personal contact information. The >>> legitimate use a proxy service would be the exception and not widespread. >>> 4. A proxy service industry willing to accept full risks and liabilities >>> for the manner in which domain names through its service will be used will >>> take the necessary precautionary measures, in its relationship with its >>> customers, such that domain names so registered are unlikely to be misused >>> and, if misused, a remedy for those victimized will more likely be >>> available. >>> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- From bill.smith at paypal-inc.com Thu Dec 1 14:33:10 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 07:33:10 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <4ED78C80.10605@kathykleiman.com> References: <4ED78205.7030505@kathykleiman.com> <50B4EB97-406D-46D6-A350-D91014EDFABE@paypal.com> <4ED78C80.10605@kathykleiman.com> Message-ID: <4F5BB9BC-A27E-499F-ACBA-5F5254C7C80C@paypal.com> That can still be a recommendation, for any "related entity". What we need to remember is no matter how many words we write, or how big we make the tent, anyone can act as a proxy for another and fail to live by the rules. Without mandatory, actionable, *penalties* for such failure, we are destined to perpetuate the current system. I thought we had agreed in Dakar to recommend change. I think I've demonstrated how the proposed voluntary system can be subverted, even if every proxy service initially signs up to the code. As soon as one breaks away or a new, non-signatory springs up, others will follow and we will be back to the current state. I don't want to lose the valuable work that was done. My suggestions is for that language and the concepts behind it to find its way into a set of comprehensive SLAs that will, for the first time, tie all parties in the Domain Name Registration system together in a meaningful way that will make it significantly harder to cause long-term harm. On Dec 1, 2011, at 6:17 AM, Kathy Kleiman wrote: > But what James and Susan did so brilliantly, and for the first time in > history, was to begin to bring the proxy services into the ICANN tent > and into sight. The idea of disclosing relationships, sharing ownership > and contractual relationships, is an enormous step forward. I think we > are losing something now... > > Kathy: >> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >> >> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >> >> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >> >> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >> >> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >> >> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >> >> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >> >>> Hi All, >>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>> >>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>> >>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>> >>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>> Thinking hard first thing in the AM and still reviewing. >>> I would like to know what James thinks, >>> Kathy >>> >>>> Data Access- Proxy Service >>>> >>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>> assumes all responsibility for the domain name and its manner of use. >>>> 2. ICANN should clarify that any registrant that may be acting as a >>>> proxy service for another is in all respects still the registrant and, in >>>> ICANN's view, should be held fully responsible for the use of the domain >>>> name including for any and all harm that results from the use of the domain >>>> name. >>>> 2. Because of ICANN's position on proxy services to date, which >>>> tolerates the proxy service industry that has arisen and which through RAA >>>> provisions gives recognition and attempts to regulate that industry, has >>>> been used by courts and others to allow proxy services to escape liability >>>> for bad acts of the proxy service customers, ICANN should either delete or >>>> amend those provisions of the RAA that can or have been used to allow proxy >>>> services to escape liability. >>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>> for the occasional use of a proxy service, as for example to protect a >>>> valuable trade secret at product launch. At the same time proxy services >>>> should not be viewed or used as a substitute for privacy services that are >>>> designed to shield an individual's personal contact information. The >>>> legitimate use a proxy service would be the exception and not widespread. >>>> 4. A proxy service industry willing to accept full risks and liabilities >>>> for the manner in which domain names through its service will be used will >>>> take the necessary precautionary measures, in its relationship with its >>>> customers, such that domain names so registered are unlikely to be misused >>>> and, if misused, a remedy for those victimized will more likely be >>>> available. >>>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Thu Dec 1 14:58:33 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 14:58:33 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <4ED78C80.10605@kathykleiman.com> References: <4ED78205.7030505@kathykleiman.com> <50B4EB97-406D-46D6-A350-D91014EDFABE@paypal.com>, <4ED78C80.10605@kathykleiman.com> Message-ID: <819777D5-DAF4-4228-A2FC-CD269F2BDF7A@fb.com> Hi Kathy I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. Susan Sent from my iPhone On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" wrote: > But what James and Susan did so brilliantly, and for the first time in > history, was to begin to bring the proxy services into the ICANN tent > and into sight. The idea of disclosing relationships, sharing ownership > and contractual relationships, is an enormous step forward. I think we > are losing something now... > > Kathy: >> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >> >> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >> >> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >> >> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >> >> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >> >> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >> >> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >> >>> Hi All, >>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>> >>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>> >>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>> >>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>> Thinking hard first thing in the AM and still reviewing. >>> I would like to know what James thinks, >>> Kathy >>> >>>> Data Access- Proxy Service >>>> >>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>> assumes all responsibility for the domain name and its manner of use. >>>> 2. ICANN should clarify that any registrant that may be acting as a >>>> proxy service for another is in all respects still the registrant and, in >>>> ICANN's view, should be held fully responsible for the use of the domain >>>> name including for any and all harm that results from the use of the domain >>>> name. >>>> 2. Because of ICANN's position on proxy services to date, which >>>> tolerates the proxy service industry that has arisen and which through RAA >>>> provisions gives recognition and attempts to regulate that industry, has >>>> been used by courts and others to allow proxy services to escape liability >>>> for bad acts of the proxy service customers, ICANN should either delete or >>>> amend those provisions of the RAA that can or have been used to allow proxy >>>> services to escape liability. >>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>> for the occasional use of a proxy service, as for example to protect a >>>> valuable trade secret at product launch. At the same time proxy services >>>> should not be viewed or used as a substitute for privacy services that are >>>> designed to shield an individual's personal contact information. The >>>> legitimate use a proxy service would be the exception and not widespread. >>>> 4. A proxy service industry willing to accept full risks and liabilities >>>> for the manner in which domain names through its service will be used will >>>> take the necessary precautionary measures, in its relationship with its >>>> customers, such that domain names so registered are unlikely to be misused >>>> and, if misused, a remedy for those victimized will more likely be >>>> available. >>>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From emily at emilytaylor.eu Thu Dec 1 15:18:04 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 15:18:04 +0000 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP Message-ID: Hi I went to bed last night thinking that we were nearly in agreement on the proxy recommendations that James, Susan and Kathy have been working on over the past weeks. In the middle of the night, I awoke to find new text on the table. You all know that our cut off date was yesterday, and we are now on negative time. However, I do want to go through the time zones so that we all have a chance to consider the options. Broadly, we have three alternatives. 1. Adopt the very brief text agreed in Dakar and no more 2. Adopt the relatively stable text drafted by that small group which includes good practices 3. Adopt the new text, drafted last night by Seth on behalf of another small team. We act by consensus. But we also have a deadline. I'm therefore going to call it before I go to sleep tonight, and in default of an alternative agreement we will have to go back to what we agreed in Dakar. I know that some people are not happy with it, but it has a simplicity, and avoids confusion about whether or not the good practices conflicts with the idea of liability. Alternatively, we can adopt different text, but it has to be by consensus. Remember, folks, that's difficult to achieve, and leaves everyone feeling a little bit frustrated, and like they could have got more if they pushed harder. Please try to bear in mind that we have a very, very strong full report. This is one part of the whole puzzle, which has to be seen within its own context. There will be further studies on proxies/privacy. There will be another review team on WHOIS which will kick off in less than 2 years. To speak for a moment in support of voluntary good practices, this is a well known regulatory step. It's what you do when you're not happy with the current situation (check), but you're not quite sure what will be an effective regulatory intervention (check). So, you explore the landscape - as I think the draft recommendations (alternative 2 below) very eloquently do. I should emphasise that good practices are not the final word. They are an interim plug, a step in the right direction. If, having gone through that, Bill and others are right and it's all still a mess, that's when you go for the next incremental step - but the important bit is, industry has been given a chance to clean out the stables after being told in no uncertain terms that there's a problem . That's where we are now. The third choice is that we adopt the new text, maybe with tweaks or changes. If that's what we're doing, I would be failing in my duties as your Chair if I did not set some deadline for this. We have known the issues for a long time, we have been wrestling with them, and reaching consensus is hard. I don't think that this is a case of "just a bit more time", but I'm very willing to be proved wrong. So, my challenge to you is - tell me what you have *all* agreed on proxies by 10pm UTC. If the answer is "nothing" we go with what we agreed in Dakar. Whatever the outcome, we have done a wonderful job on this report. Take it in its entirety, it represents a lot of work, and a lot of willpower and cooperation, plus - importantly - a willingness to step outside of one's individual, commercial interests and think about the public interest. I have been marvelling at the sheer energy that has been focused on this mailing list and the incredible progress we have made since the weekend (remember, I'm a Brit, not American, so I don't say these sort of things easily!). Keep up this discussion. But please focus your thoughts and exchanges on the give and take that's necessary for consensus. To assist those who may not be fully up to speed, the text for the three alternatives are below. Whatever happens, we are closing this discussion in just under 7 hours. Good luck! Kind regards Emily --------- Alternative 1 the text we agreed in Dakar on proxy definition and proxy liability For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use Alternative 2 The text on best practices worked on by Susan, James and Kathy last night (latest version) *Data Access- Proxy Service* 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - *Proxy Service *? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. *[KK: is this the definition we are using in other places in the Report?]* *- **Affiliated Registrar **- *another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - *Affiliate retail proxy service provider *? entity operating under a common controlling interest of a registrar. - *Retail proxy service provider *- proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - *Limited proxy service provider *- proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Alternative 3 Seth's proposal. Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/a9813700/attachment.html From jbladel at godaddy.com Thu Dec 1 15:23:11 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Thu, 01 Dec 2011 08:23:11 -0700 Subject: [Rt4-whois] The New Proxy Language Message-ID: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/8a802e2f/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 15:44:04 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 08:44:04 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> Message-ID: <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. >From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: Agree with Susan. These are very significant changes coming very late in the game. J. -------- Original Message -------- Subject: Re: [Rt4-whois] The New Proxy Language From: Susan Kawaguchi > Date: Thu, December 01, 2011 8:58 am To: Kathy Kleiman > Cc: "rt4-whois at icann.org" > Hi Kathy I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. Susan Sent from my iPhone On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > But what James and Susan did so brilliantly, and for the first time in > history, was to begin to bring the proxy services into the ICANN tent > and into sight. The idea of disclosing relationships, sharing ownership > and contractual relationships, is an enormous step forward. I think we > are losing something now... > > Kathy: >> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >> >> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >> >> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >> >> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >> >> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >> >> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >> >> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >> >>> Hi All, >>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>> >>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>> >>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>> >>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>> Thinking hard first thing in the AM and still reviewing. >>> I would like to know what James thinks, >>> Kathy >>> >>>> Data Access- Proxy Service >>>> >>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>> assumes all responsibility for the domain name and its manner of use. >>>> 2. ICANN should clarify that any registrant that may be acting as a >>>> proxy service for another is in all respects still the registrant and, in >>>> ICANN's view, should be held fully responsible for the use of the domain >>>> name including for any and all harm that results from the use of the domain >>>> name. >>>> 2. Because of ICANN's position on proxy services to date, which >>>> tolerates the proxy service industry that has arisen and which through RAA >>>> provisions gives recognition and attempts to regulate that industry, has >>>> been used by courts and others to allow proxy services to escape liability >>>> for bad acts of the proxy service customers, ICANN should either delete or >>>> amend those provisions of the RAA that can or have been used to allow proxy >>>> services to escape liability. >>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>> for the occasional use of a proxy service, as for example to protect a >>>> valuable trade secret at product launch. At the same time proxy services >>>> should not be viewed or used as a substitute for privacy services that are >>>> designed to shield an individual's personal contact information. The >>>> legitimate use a proxy service would be the exception and not widespread. >>>> 4. A proxy service industry willing to accept full risks and liabilities >>>> for the manner in which domain names through its service will be used will >>>> take the necessary precautionary measures, in its relationship with its >>>> customers, such that domain names so registered are unlikely to be misused >>>> and, if misused, a remedy for those victimized will more likely be >>>> available. >>>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From lynn at goodsecurityconsulting.com Thu Dec 1 15:52:37 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Thu, 01 Dec 2011 08:52:37 -0700 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP Message-ID: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/97879fe6/attachment.html From omar at kaminski.adv.br Thu Dec 1 16:57:30 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Thu, 1 Dec 2011 14:57:30 -0200 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> References: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> Message-ID: I second Lynn, path #2 but without any given definition? And I second Emily about the (hard and productive) work being done specially in the last days or weeks. What a Team. Omar 2011/12/1 > I am in favor of #2: adopt the text drafted by Susan and James which > includes good practices. > This is a good and fair compromise and will make a realistic step forward > in improving the abusive activities > which ultimately harm everyone in the domain name industry. > > As an independent expert on this team, I feel it is important for us to be > mindful that the AoC review requirement is an alternative to formal > government regulation and it is a form of self-regulation. I have fully > supported that approach. But it will fail if we do not consider the public > interest and the trend of escalating fraud on the Internet. > > Lynn > > > -------- Original Message -------- > Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP > From: Emily Taylor > Date: Thu, December 01, 2011 10:18 am > To: rt4-whois at icann.org > > Hi > > I went to bed last night thinking that we were nearly in agreement on the > proxy recommendations that James, Susan and Kathy have been working on over > the past weeks. > > In the middle of the night, I awoke to find new text on the table. > > You all know that our cut off date was yesterday, and we are now on > negative time. However, I do want to go through the time zones so that we > all have a chance to consider the options. > > Broadly, we have three alternatives. > > 1. Adopt the very brief text agreed in Dakar and no more > 2. Adopt the relatively stable text drafted by that small group which > includes good practices > 3. Adopt the new text, drafted last night by Seth on behalf of another > small team. > > We act by consensus. But we also have a deadline. I'm therefore going to > call it before I go to sleep tonight, and in default of an alternative > agreement we will have to go back to what we agreed in Dakar. I know that > some people are not happy with it, but it has a simplicity, and avoids > confusion about whether or not the good practices conflicts with the idea > of liability. > > Alternatively, we can adopt different text, but it has to be by > consensus. Remember, folks, that's difficult to achieve, and leaves > everyone feeling a little bit frustrated, and like they could have got more > if they pushed harder. > > Please try to bear in mind that we have a very, very strong full report. > This is one part of the whole puzzle, which has to be seen within its own > context. There will be further studies on proxies/privacy. There will be > another review team on WHOIS which will kick off in less than 2 years. To > speak for a moment in support of voluntary good practices, this is a well > known regulatory step. It's what you do when you're not happy with the > current situation (check), but you're not quite sure what will be an > effective regulatory intervention (check). So, you explore the landscape - > as I think the draft recommendations (alternative 2 below) very eloquently > do. I should emphasise that good practices are not the final word. They > are an interim plug, a step in the right direction. If, having gone > through that, Bill and others are right and it's all still a mess, that's > when you go for the next incremental step - but the important bit is, > industry has been given a chance to clean out the stables after being told > in no uncertain terms that there's a problem . That's where we are now. > > The third choice is that we adopt the new text, maybe with tweaks or > changes. If that's what we're doing, I would be failing in my duties as > your Chair if I did not set some deadline for this. We have known the > issues for a long time, we have been wrestling with them, and reaching > consensus is hard. I don't think that this is a case of "just a bit more > time", but I'm very willing to be proved wrong. > > So, my challenge to you is - tell me what you have *all* agreed on > proxies by 10pm UTC. If the answer is "nothing" we go with what we agreed > in Dakar. > > Whatever the outcome, we have done a wonderful job on this report. Take > it in its entirety, it represents a lot of work, and a lot of willpower and > cooperation, plus - importantly - a willingness to step outside of one's > individual, commercial interests and think about the public interest. I > have been marvelling at the sheer energy that has been focused on this > mailing list and the incredible progress we have made since the weekend > (remember, I'm a Brit, not American, so I don't say these sort of things > easily!). > > Keep up this discussion. But please focus your thoughts and exchanges on > the give and take that's necessary for consensus. > > To assist those who may not be fully up to speed, the text for the three > alternatives are below. Whatever happens, we are closing this discussion > in just under 7 hours. Good luck! > > Kind regards > > Emily > > --------- > > Alternative 1 > the text we agreed in Dakar on proxy definition and proxy liability > For the avoidance of doubt, the WHOIS Policy[, referred to in > Recommendation 1 above], should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the > domain name and its manner of use > Alternative 2 > The text on best practices worked on by Susan, James and Kathy last night > (latest version) > *Data Access- Proxy Service* > 1. ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets out > current processes followed by proxy service providers. > 2. Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. > 3. ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent with > national laws. These voluntary guidelines should strike an appropriate > balance between stakeholders with competing but legitimate interests. At a > minimum this would include privacy, law enforcement and the industry around > law enforcement. > Such voluntary guidelines may include: > + Proxy services provide full contact details as required by the Whois > + Publication by the proxy service of its process for revealing and > relaying information > + Standardization of reveal and relay processes and timeframes, consistent > with national laws > + Maintenance of a dedicated abuse point of contact for the proxy service > provider > + Due diligence checks on licensee contact information. > 5. ICANN should encourage and incentivize registrars to interact with the > retail service providers that adopt the best practices. > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement that > clarifies that a proxy means a relationship in which the Registrant is > acting on behalf of another. The WHOIS data is that of the agent, and the > agent alone obtains all rights and assumes all responsibility for the > domain name and its manner of use. > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy > Service Recommendations, the Review Team provides its working definitions > of proxy service and different types of proxy service providers: > - *Proxy Service *? a relationship in which the registrant is acting on > behalf of another The WHOIS data is that of the agent and the agent alone > obtains all rights and assumes all responsibility for the domain name and > its manner of use. *[KK: is this the definition we are using in other > places in the Report?]* > *- **Affiliated Registrar **- *another ICANN accredited registrar that > operates under a common controlling interest (2009 Registrar Accreditation > Agreement, Section 1.20) > - *Affiliate retail proxy service provider *? entity operating under a > common controlling interest of a registrar. > - *Retail proxy service provider *- proxy service with little or no > knowledge of the entity or individual requesting the service beyond their > ability to pay and their agreement to the general terms and conditions. > - *Limited proxy service provider *- proxy service for an entity or > individual in which there is an ongoing business relationship bound by a > contract that is specific to the relationship. > > > Alternative 3 > Seth's proposal. > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a relationship in > which > the registrant is acting on behalf of another. The WHOIS data is that of > the > agent/proxy service and the agent/proxy service alone obtains all rights > and > assumes all responsibility for the domain name and its manner of use. > 2. ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. The > legitimate use a proxy service would be the exception and not widespread. > 4. A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > > > -- > > > > > * > * > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk* > > Emily Taylor Consultancy Limited is a company registered in England and > Wales No. 730471. VAT No. 114487713. > > ------------------------------ > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/67397d5f/attachment.html From m.yakushev at corp.mail.ru Thu Dec 1 17:00:17 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Thu, 1 Dec 2011 17:00:17 +0000 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> References: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> Message-ID: <71B38F372F86D940B9C644A99264FA313E7545@M2EMBS1.mail.msk> I am in favor of Lynn?s proposal. Option 2. Rgds, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of lynn at goodsecurityconsulting.com Sent: Thursday, December 01, 2011 6:53 PM To: Emily Taylor Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP I am in favor of #2: adopt the text drafted by Susan and James which includes good practices. This is a good and fair compromise and will make a realistic step forward in improving the abusive activities which ultimately harm everyone in the domain name industry. As an independent expert on this team, I feel it is important for us to be mindful that the AoC review requirement is an alternative to formal government regulation and it is a form of self-regulation. I have fully supported that approach. But it will fail if we do not consider the public interest and the trend of escalating fraud on the Internet. Lynn -------- Original Message -------- Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP From: Emily Taylor > Date: Thu, December 01, 2011 10:18 am To: rt4-whois at icann.org Hi I went to bed last night thinking that we were nearly in agreement on the proxy recommendations that James, Susan and Kathy have been working on over the past weeks. In the middle of the night, I awoke to find new text on the table. You all know that our cut off date was yesterday, and we are now on negative time. However, I do want to go through the time zones so that we all have a chance to consider the options. Broadly, we have three alternatives. 1. Adopt the very brief text agreed in Dakar and no more 2. Adopt the relatively stable text drafted by that small group which includes good practices 3. Adopt the new text, drafted last night by Seth on behalf of another small team. We act by consensus. But we also have a deadline. I'm therefore going to call it before I go to sleep tonight, and in default of an alternative agreement we will have to go back to what we agreed in Dakar. I know that some people are not happy with it, but it has a simplicity, and avoids confusion about whether or not the good practices conflicts with the idea of liability. Alternatively, we can adopt different text, but it has to be by consensus. Remember, folks, that's difficult to achieve, and leaves everyone feeling a little bit frustrated, and like they could have got more if they pushed harder. Please try to bear in mind that we have a very, very strong full report. This is one part of the whole puzzle, which has to be seen within its own context. There will be further studies on proxies/privacy. There will be another review team on WHOIS which will kick off in less than 2 years. To speak for a moment in support of voluntary good practices, this is a well known regulatory step. It's what you do when you're not happy with the current situation (check), but you're not quite sure what will be an effective regulatory intervention (check). So, you explore the landscape - as I think the draft recommendations (alternative 2 below) very eloquently do. I should emphasise that good practices are not the final word. They are an interim plug, a step in the right direction. If, having gone through that, Bill and others are right and it's all still a mess, that's when you go for the next incremental step - but the important bit is, industry has been given a chance to clean out the stables after being told in no uncertain terms that there's a problem . That's where we are now. The third choice is that we adopt the new text, maybe with tweaks or changes. If that's what we're doing, I would be failing in my duties as your Chair if I did not set some deadline for this. We have known the issues for a long time, we have been wrestling with them, and reaching consensus is hard. I don't think that this is a case of "just a bit more time", but I'm very willing to be proved wrong. So, my challenge to you is - tell me what you have all agreed on proxies by 10pm UTC. If the answer is "nothing" we go with what we agreed in Dakar. Whatever the outcome, we have done a wonderful job on this report. Take it in its entirety, it represents a lot of work, and a lot of willpower and cooperation, plus - importantly - a willingness to step outside of one's individual, commercial interests and think about the public interest. I have been marvelling at the sheer energy that has been focused on this mailing list and the incredible progress we have made since the weekend (remember, I'm a Brit, not American, so I don't say these sort of things easily!). Keep up this discussion. But please focus your thoughts and exchanges on the give and take that's necessary for consensus. To assist those who may not be fully up to speed, the text for the three alternatives are below. Whatever happens, we are closing this discussion in just under 7 hours. Good luck! Kind regards Emily --------- Alternative 1 the text we agreed in Dakar on proxy definition and proxy liability For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use Alternative 2 The text on best practices worked on by Susan, James and Kathy last night (latest version) Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Alternative 3 Seth's proposal. Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. [Description: Image removed by sender.] -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/cd013bdb/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/cd013bdb/WRD000.jpg From susank at fb.com Thu Dec 1 17:03:45 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 17:03:45 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> Message-ID: Hi Bill, I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. What if we added the voluntary best practices to #4? Susan -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 7:44 AM To: James M. Bladel Cc: Susan Kawaguchi; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. >From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: Agree with Susan. These are very significant changes coming very late in the game. J. -------- Original Message -------- Subject: Re: [Rt4-whois] The New Proxy Language From: Susan Kawaguchi > Date: Thu, December 01, 2011 8:58 am To: Kathy Kleiman > Cc: "rt4-whois at icann.org" > Hi Kathy I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. Susan Sent from my iPhone On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > But what James and Susan did so brilliantly, and for the first time in > history, was to begin to bring the proxy services into the ICANN tent > and into sight. The idea of disclosing relationships, sharing ownership > and contractual relationships, is an enormous step forward. I think we > are losing something now... > > Kathy: >> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >> >> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >> >> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >> >> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >> >> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >> >> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >> >> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >> >>> Hi All, >>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>> >>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>> >>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>> >>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>> Thinking hard first thing in the AM and still reviewing. >>> I would like to know what James thinks, >>> Kathy >>> >>>> Data Access- Proxy Service >>>> >>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>> assumes all responsibility for the domain name and its manner of use. >>>> 2. ICANN should clarify that any registrant that may be acting as a >>>> proxy service for another is in all respects still the registrant and, in >>>> ICANN's view, should be held fully responsible for the use of the domain >>>> name including for any and all harm that results from the use of the domain >>>> name. >>>> 2. Because of ICANN's position on proxy services to date, which >>>> tolerates the proxy service industry that has arisen and which through RAA >>>> provisions gives recognition and attempts to regulate that industry, has >>>> been used by courts and others to allow proxy services to escape liability >>>> for bad acts of the proxy service customers, ICANN should either delete or >>>> amend those provisions of the RAA that can or have been used to allow proxy >>>> services to escape liability. >>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>> for the occasional use of a proxy service, as for example to protect a >>>> valuable trade secret at product launch. At the same time proxy services >>>> should not be viewed or used as a substitute for privacy services that are >>>> designed to shield an individual's personal contact information. The >>>> legitimate use a proxy service would be the exception and not widespread. >>>> 4. A proxy service industry willing to accept full risks and liabilities >>>> for the manner in which domain names through its service will be used will >>>> take the necessary precautionary measures, in its relationship with its >>>> customers, such that domain names so registered are unlikely to be misused >>>> and, if misused, a remedy for those victimized will more likely be >>>> available. >>>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > -- > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Thu Dec 1 17:05:37 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Thu, 1 Dec 2011 15:05:37 -0200 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: References: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> Message-ID: I mean, Dakar's or best practices' (I assume the definition was taken from there): - *Proxy Service *? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. *[KK: is this the definition we are using in other places in the Report?] *versus* * For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use For a team purpose makes more sense to me to adopt an agreed definition (2 plus RT definition on 1, see KK observation). Omar 2011/12/1 Omar Kaminski > I second Lynn, path #2 but without any given definition? > > And I second Emily about the (hard and productive) work being done > specially in the last days or weeks. What a Team. > > Omar > > > > 2011/12/1 > > I am in favor of #2: adopt the text drafted by Susan and James which >> includes good practices. >> This is a good and fair compromise and will make a realistic step forward >> in improving the abusive activities >> which ultimately harm everyone in the domain name industry. >> >> As an independent expert on this team, I feel it is important for us to >> be mindful that the AoC review requirement is an alternative to formal >> government regulation and it is a form of self-regulation. I have fully >> supported that approach. But it will fail if we do not consider the public >> interest and the trend of escalating fraud on the Internet. >> >> Lynn >> >> >> -------- Original Message -------- >> Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP >> From: Emily Taylor >> Date: Thu, December 01, 2011 10:18 am >> To: rt4-whois at icann.org >> >> Hi >> >> I went to bed last night thinking that we were nearly in agreement on the >> proxy recommendations that James, Susan and Kathy have been working on over >> the past weeks. >> >> In the middle of the night, I awoke to find new text on the table. >> >> You all know that our cut off date was yesterday, and we are now on >> negative time. However, I do want to go through the time zones so that we >> all have a chance to consider the options. >> >> Broadly, we have three alternatives. >> >> 1. Adopt the very brief text agreed in Dakar and no more >> 2. Adopt the relatively stable text drafted by that small group which >> includes good practices >> 3. Adopt the new text, drafted last night by Seth on behalf of another >> small team. >> >> We act by consensus. But we also have a deadline. I'm therefore going >> to call it before I go to sleep tonight, and in default of an alternative >> agreement we will have to go back to what we agreed in Dakar. I know that >> some people are not happy with it, but it has a simplicity, and avoids >> confusion about whether or not the good practices conflicts with the idea >> of liability. >> >> Alternatively, we can adopt different text, but it has to be by >> consensus. Remember, folks, that's difficult to achieve, and leaves >> everyone feeling a little bit frustrated, and like they could have got more >> if they pushed harder. >> >> Please try to bear in mind that we have a very, very strong full report. >> This is one part of the whole puzzle, which has to be seen within its own >> context. There will be further studies on proxies/privacy. There will be >> another review team on WHOIS which will kick off in less than 2 years. To >> speak for a moment in support of voluntary good practices, this is a well >> known regulatory step. It's what you do when you're not happy with the >> current situation (check), but you're not quite sure what will be an >> effective regulatory intervention (check). So, you explore the landscape - >> as I think the draft recommendations (alternative 2 below) very eloquently >> do. I should emphasise that good practices are not the final word. They >> are an interim plug, a step in the right direction. If, having gone >> through that, Bill and others are right and it's all still a mess, that's >> when you go for the next incremental step - but the important bit is, >> industry has been given a chance to clean out the stables after being told >> in no uncertain terms that there's a problem . That's where we are now. >> >> The third choice is that we adopt the new text, maybe with tweaks or >> changes. If that's what we're doing, I would be failing in my duties as >> your Chair if I did not set some deadline for this. We have known the >> issues for a long time, we have been wrestling with them, and reaching >> consensus is hard. I don't think that this is a case of "just a bit more >> time", but I'm very willing to be proved wrong. >> >> So, my challenge to you is - tell me what you have *all* agreed on >> proxies by 10pm UTC. If the answer is "nothing" we go with what we agreed >> in Dakar. >> >> Whatever the outcome, we have done a wonderful job on this report. Take >> it in its entirety, it represents a lot of work, and a lot of willpower and >> cooperation, plus - importantly - a willingness to step outside of one's >> individual, commercial interests and think about the public interest. I >> have been marvelling at the sheer energy that has been focused on this >> mailing list and the incredible progress we have made since the weekend >> (remember, I'm a Brit, not American, so I don't say these sort of things >> easily!). >> >> Keep up this discussion. But please focus your thoughts and exchanges on >> the give and take that's necessary for consensus. >> >> To assist those who may not be fully up to speed, the text for the three >> alternatives are below. Whatever happens, we are closing this discussion >> in just under 7 hours. Good luck! >> >> Kind regards >> >> Emily >> >> --------- >> >> Alternative 1 >> the text we agreed in Dakar on proxy definition and proxy liability >> For the avoidance of doubt, the WHOIS Policy[, referred to in >> Recommendation 1 above], should include an affirmative statement that >> clarifies that a proxy means a relationship in which the Registrant is >> acting on behalf of another. The WHOIS data is that of the agent, and the >> agent alone obtains all rights and assumes all responsibility for the >> domain name and its manner of use >> Alternative 2 >> The text on best practices worked on by Susan, James and Kathy last night >> (latest version) >> *Data Access- Proxy Service* >> 1. ICANN should facilitate the review of existing practices by >> reaching out to proxy providers to create a discussion which sets out >> current processes followed by proxy service providers. >> 2. Registrars should be required to disclosure their relationship >> with any Affiliated Retail proxy service provider to ICANN. >> 3. ICANN should develop and manage a set of voluntary best practice >> guidelines for appropriate proxy services [footnote 1] consistent with >> national laws. These voluntary guidelines should strike an appropriate >> balance between stakeholders with competing but legitimate interests. At a >> minimum this would include privacy, law enforcement and the industry around >> law enforcement. >> Such voluntary guidelines may include: >> + Proxy services provide full contact details as required by the Whois >> + Publication by the proxy service of its process for revealing and >> relaying information >> + Standardization of reveal and relay processes and timeframes, >> consistent with national laws >> + Maintenance of a dedicated abuse point of contact for the proxy service >> provider >> + Due diligence checks on licensee contact information. >> 5. ICANN should encourage and incentivize registrars to interact with the >> retail service providers that adopt the best practices. >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in >> Recommendation 1 above, should include an affirmative statement that >> clarifies that a proxy means a relationship in which the Registrant is >> acting on behalf of another. The WHOIS data is that of the agent, and the >> agent alone obtains all rights and assumes all responsibility for the >> domain name and its manner of use. >> Footnote 1 (all the remaining text) >> As guidance to the Community and as useful background for the Proxy >> Service Recommendations, the Review Team provides its working definitions >> of proxy service and different types of proxy service providers: >> - *Proxy Service *? a relationship in which the registrant is acting on >> behalf of another The WHOIS data is that of the agent and the agent alone >> obtains all rights and assumes all responsibility for the domain name and >> its manner of use. *[KK: is this the definition we are using in other >> places in the Report?]* >> *- **Affiliated Registrar **- *another ICANN accredited registrar that >> operates under a common controlling interest (2009 Registrar Accreditation >> Agreement, Section 1.20) >> - *Affiliate retail proxy service provider *? entity operating under a >> common controlling interest of a registrar. >> - *Retail proxy service provider *- proxy service with little or no >> knowledge of the entity or individual requesting the service beyond their >> ability to pay and their agreement to the general terms and conditions. >> - *Limited proxy service provider *- proxy service for an entity or >> individual in which there is an ongoing business relationship bound by a >> contract that is specific to the relationship. >> >> >> Alternative 3 >> Seth's proposal. >> Data Access- Proxy Service >> >> 1. The Review Team considers a Proxy Service as a relationship in >> which >> the registrant is acting on behalf of another. The WHOIS data is that of >> the >> agent/proxy service and the agent/proxy service alone obtains all rights >> and >> assumes all responsibility for the domain name and its manner of use. >> 2. ICANN should clarify that any registrant that may be acting as a >> proxy service for another is in all respects still the registrant and, in >> ICANN's view, should be held fully responsible for the use of the domain >> name including for any and all harm that results from the use of the >> domain >> name. >> 2. Because of ICANN's position on proxy services to date, which >> tolerates the proxy service industry that has arisen and which through RAA >> provisions gives recognition and attempts to regulate that industry, has >> been used by courts and others to allow proxy services to escape liability >> for bad acts of the proxy service customers, ICANN should either delete or >> amend those provisions of the RAA that can or have been used to allow >> proxy >> services to escape liability. >> 3. The Review Team acknowledges that there may be legitimate reasons >> for the occasional use of a proxy service, as for example to protect a >> valuable trade secret at product launch. At the same time proxy services >> should not be viewed or used as a substitute for privacy services that are >> designed to shield an individual's personal contact information. The >> legitimate use a proxy service would be the exception and not widespread. >> 4. A proxy service industry willing to accept full risks and >> liabilities >> for the manner in which domain names through its service will be used will >> take the necessary precautionary measures, in its relationship with its >> customers, such that domain names so registered are unlikely to be misused >> and, if misused, a remedy for those victimized will more likely be >> available. >> >> >> -- >> >> >> >> >> * >> * >> >> 76 Temple Road, Oxford OX4 2EZ UK >> t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 >> emily at emilytaylor.eu >> >> *www.etlaw.co.uk* >> >> Emily Taylor Consultancy Limited is a company registered in England and >> Wales No. 730471. VAT No. 114487713. >> >> ------------------------------ >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/0056cd2e/attachment.html From kathy at kathykleiman.com Thu Dec 1 17:09:55 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Thu, 01 Dec 2011 12:09:55 -0500 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: <71B38F372F86D940B9C644A99264FA313E7545@M2EMBS1.mail.msk> References: <20111201085237.00ef555ff13978e3e1b8d2179880f99e.396fddf4e8.wbe@email12.secureserver.net> <71B38F372F86D940B9C644A99264FA313E7545@M2EMBS1.mail.msk> Message-ID: <4ED7B4E3.7030504@kathykleiman.com> +1 Kathy I am in favor of Lynn's proposal. > > Option 2. > > Rgds, > > Michael > > *From:*rt4-whois-bounces at icann.org > [mailto:rt4-whois-bounces at icann.org] *On Behalf Of > *lynn at goodsecurityconsulting.com > *Sent:* Thursday, December 01, 2011 6:53 PM > *To:* Emily Taylor > *Cc:* rt4-whois at icann.org > *Subject:* Re: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP > > I am in favor of #2: adopt the text drafted by Susan and James which > includes good practices. > > This is a good and fair compromise and will make a realistic step > forward in improving the abusive activities > > which ultimately harm everyone in the domain name industry. > > As an independent expert on this team, I feel it is important for us > to be mindful that the AoC review requirement is an alternative to > formal government regulation and it is a form of self-regulation. I > have fully supported that approach. But it will fail if we do not > consider the public interest and the trend of escalating fraud on the > Internet. > > Lynn > > -------- Original Message -------- > Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP > From: Emily Taylor > > Date: Thu, December 01, 2011 10:18 am > To: rt4-whois at icann.org > > Hi > > I went to bed last night thinking that we were nearly in agreement > on the proxy recommendations that James, Susan and Kathy have been > working on over the past weeks. > > In the middle of the night, I awoke to find new text on the table. > > You all know that our cut off date was yesterday, and we are now > on negative time. However, I do want to go through the time zones > so that we all have a chance to consider the options. > > Broadly, we have three alternatives. > > 1. Adopt the very brief text agreed in Dakar and no more > 2. Adopt the relatively stable text drafted by that small group > which includes good practices > 3. Adopt the new text, drafted last night by Seth on behalf of > another small team. > > We act by consensus. But we also have a deadline. I'm therefore > going to call it before I go to sleep tonight, and in default of > an alternative agreement we will have to go back to what we agreed > in Dakar. I know that some people are not happy with it, but it > has a simplicity, and avoids confusion about whether or not the > good practices conflicts with the idea of liability. > > Alternatively, we can adopt different text, but it has to be by > consensus. Remember, folks, that's difficult to achieve, and > leaves everyone feeling a little bit frustrated, and like they > could have got more if they pushed harder. > > Please try to bear in mind that we have a very, very strong full > report. This is one part of the whole puzzle, which has to be > seen within its own context. There will be further studies on > proxies/privacy. There will be another review team on WHOIS which > will kick off in less than 2 years. To speak for a moment in > support of voluntary good practices, this is a well known > regulatory step. It's what you do when you're not happy with the > current situation (check), but you're not quite sure what will be > an effective regulatory intervention (check). So, you explore the > landscape - as I think the draft recommendations (alternative 2 > below) very eloquently do. I should emphasise that good practices > are not the final word. They are an interim plug, a step in the > right direction. If, having gone through that, Bill and others > are right and it's all still a mess, that's when you go for the > next incremental step - but the important bit is, industry has > been given a chance to clean out the stables after being told in > no uncertain terms that there's a problem . That's where we are now. > > The third choice is that we adopt the new text, maybe with tweaks > or changes. If that's what we're doing, I would be failing in my > duties as your Chair if I did not set some deadline for this. We > have known the issues for a long time, we have been wrestling with > them, and reaching consensus is hard. I don't think that this is > a case of "just a bit more time", but I'm very willing to be > proved wrong. > > So, my challenge to you is - tell me what you have *all* agreed on > proxies by 10pm UTC. If the answer is "nothing" we go with what > we agreed in Dakar. > > Whatever the outcome, we have done a wonderful job on this > report. Take it in its entirety, it represents a lot of work, and > a lot of willpower and cooperation, plus - importantly - a > willingness to step outside of one's individual, commercial > interests and think about the public interest. I have been > marvelling at the sheer energy that has been focused on this > mailing list and the incredible progress we have made since the > weekend (remember, I'm a Brit, not American, so I don't say these > sort of things easily!). > > Keep up this discussion. But please focus your thoughts and > exchanges on the give and take that's necessary for consensus. > > To assist those who may not be fully up to speed, the text for the > three alternatives are below. Whatever happens, we are closing > this discussion in just under 7 hours. Good luck! > > Kind regards > > Emily > > --------- > > Alternative 1 > the text we agreed in Dakar on proxy definition and proxy liability > > For the avoidance of doubt, the WHOIS Policy[, referred to in > Recommendation 1 above], should include an affirmative statement > that clarifies that a proxy means a relationship in which the > Registrant is acting on behalf of another. The WHOIS data is that > of the agent, and the agent alone obtains all rights and assumes > all responsibility for the domain name and its manner of use > > Alternative 2 > The text on best practices worked on by Susan, James and Kathy > last night (latest version) > > *Data Access- Proxy Service* > > 1.ICANN should facilitate the review of existing practices by > reaching out to proxy providers to create a discussion which sets > out current processes followed by proxy service providers. > > 2.Registrars should be required to disclosure their relationship > with any Affiliated Retail proxy service provider to ICANN. > > 3.ICANN should develop and manage a set of voluntary best practice > guidelines for appropriate proxy services [footnote 1] consistent > with national laws. These voluntary guidelines should strike an > appropriate balance between stakeholders with competing but > legitimate interests. At a minimum this would include privacy, law > enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing > and relaying information > > + Standardization of reveal and relay processes and timeframes, > consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy > service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact > with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in > Recommendation 1 above, should include an affirmative statement > that clarifies that a proxy means a relationship in which the > Registrant is acting on behalf of another. The WHOIS data is that > of the agent, and the agent alone obtains all rights and assumes > all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the > Proxy Service Recommendations, the Review Team provides its > working definitions of proxy service and different types of proxy > service providers: > > - *_Proxy Service_ *-- a relationship in which the registrant is > acting on behalf of another The WHOIS data is that of the agent > and the agent alone obtains all rights and assumes all > responsibility for the domain name and its manner of use. /[KK: is > this the definition we are using in other places in the Report?]/ > > /- /*_Affiliated Registrar _*_- _another ICANN accredited > registrar that operates under a common controlling interest (2009 > Registrar Accreditation Agreement, Section 1.20) > > - *Affiliate retail proxy service provider *-- entity operating > under a common controlling interest of a registrar. > > - *Retail proxy service provider *- proxy service with little or > no knowledge of the entity or individual requesting the service > beyond their ability to pay and their agreement to the general > terms and conditions. > > - *_Limited proxy service provider _*- proxy service for an entity > or individual in which there is an ongoing business relationship > bound by a contract that is specific to the relationship. > > > Alternative 3 > Seth's proposal. > > Data Access- Proxy Service > > 1. The Review Team considers a Proxy Service as a > relationship in which > > the registrant is acting on behalf of another. The WHOIS data is > that of the > > agent/proxy service and the agent/proxy service alone obtains all > rights and > > assumes all responsibility for the domain name and its manner of use. > > 2. ICANN should clarify that any registrant that may be > acting as a > > proxy service for another is in all respects still the registrant > and, in > > ICANN's view, should be held fully responsible for the use of the > domain > > name including for any and all harm that results from the use of > the domain > > name. > > 2. Because of ICANN's position on proxy services to date, which > > tolerates the proxy service industry that has arisen and which > through RAA > > provisions gives recognition and attempts to regulate that > industry, has > > been used by courts and others to allow proxy services to escape > liability > > for bad acts of the proxy service customers, ICANN should either > delete or > > amend those provisions of the RAA that can or have been used to > allow proxy > > services to escape liability. > > 3. The Review Team acknowledges that there may be legitimate > reasons > > for the occasional use of a proxy service, as for example to protect a > > valuable trade secret at product launch. At the same time proxy > services > > should not be viewed or used as a substitute for privacy services > that are > > designed to shield an individual's personal contact information. The > > legitimate use a proxy service would be the exception and not > widespread. > > 4. A proxy service industry willing to accept full risks and > liabilities > > for the manner in which domain names through its service will be > used will > > take the necessary precautionary measures, in its relationship > with its > > customers, such that domain names so registered are unlikely to be > misused > > and, if misused, a remedy for those victimized will more likely be > > available. > > Description: Image removed by sender. > > > > -- > > > Description: Image removed by sender. > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: > +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in > England and Wales No. 730471. VAT No. 114487713. > > ------------------------------------------------------------------------ > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/05254ff1/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/jpeg Size: 823 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/05254ff1/attachment.jpe From jbladel at godaddy.com Thu Dec 1 17:12:27 2011 From: jbladel at godaddy.com (James M. Bladel) Date: Thu, 01 Dec 2011 10:12:27 -0700 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP Message-ID: <20111201101227.9c1b16d3983f34082b49b9baf8cec04a.ae6c11bb2c.wbe@email00.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/bd3922f2/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/bd3922f2/WRD000.jpg From bill.smith at paypal-inc.com Thu Dec 1 17:45:48 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 10:45:48 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> Message-ID: <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From bill.smith at paypal-inc.com Thu Dec 1 18:09:46 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 11:09:46 -0700 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: References: Message-ID: <925450D4-06CA-40F5-943C-D6B487B7444F@paypal.com> Dakar or Seth's language. >From my perspective, 2 doesn't sufficiently advance us from the current situation. Everything is voluntary and when it's voluntary, the bad actors will act in their own best interest forcing a race to the bottom for all. On Dec 1, 2011, at 7:19 AM, "Emily Taylor" > wrote: Hi I went to bed last night thinking that we were nearly in agreement on the proxy recommendations that James, Susan and Kathy have been working on over the past weeks. In the middle of the night, I awoke to find new text on the table. You all know that our cut off date was yesterday, and we are now on negative time. However, I do want to go through the time zones so that we all have a chance to consider the options. Broadly, we have three alternatives. 1. Adopt the very brief text agreed in Dakar and no more 2. Adopt the relatively stable text drafted by that small group which includes good practices 3. Adopt the new text, drafted last night by Seth on behalf of another small team. We act by consensus. But we also have a deadline. I'm therefore going to call it before I go to sleep tonight, and in default of an alternative agreement we will have to go back to what we agreed in Dakar. I know that some people are not happy with it, but it has a simplicity, and avoids confusion about whether or not the good practices conflicts with the idea of liability. Alternatively, we can adopt different text, but it has to be by consensus. Remember, folks, that's difficult to achieve, and leaves everyone feeling a little bit frustrated, and like they could have got more if they pushed harder. Please try to bear in mind that we have a very, very strong full report. This is one part of the whole puzzle, which has to be seen within its own context. There will be further studies on proxies/privacy. There will be another review team on WHOIS which will kick off in less than 2 years. To speak for a moment in support of voluntary good practices, this is a well known regulatory step. It's what you do when you're not happy with the current situation (check), but you're not quite sure what will be an effective regulatory intervention (check). So, you explore the landscape - as I think the draft recommendations (alternative 2 below) very eloquently do. I should emphasise that good practices are not the final word. They are an interim plug, a step in the right direction. If, having gone through that, Bill and others are right and it's all still a mess, that's when you go for the next incremental step - but the important bit is, industry has been given a chance to clean out the stables after being told in no uncertain terms that there's a problem . That's where we are now. The third choice is that we adopt the new text, maybe with tweaks or changes. If that's what we're doing, I would be failing in my duties as your Chair if I did not set some deadline for this. We have known the issues for a long time, we have been wrestling with them, and reaching consensus is hard. I don't think that this is a case of "just a bit more time", but I'm very willing to be proved wrong. So, my challenge to you is - tell me what you have all agreed on proxies by 10pm UTC. If the answer is "nothing" we go with what we agreed in Dakar. Whatever the outcome, we have done a wonderful job on this report. Take it in its entirety, it represents a lot of work, and a lot of willpower and cooperation, plus - importantly - a willingness to step outside of one's individual, commercial interests and think about the public interest. I have been marvelling at the sheer energy that has been focused on this mailing list and the incredible progress we have made since the weekend (remember, I'm a Brit, not American, so I don't say these sort of things easily!). Keep up this discussion. But please focus your thoughts and exchanges on the give and take that's necessary for consensus. To assist those who may not be fully up to speed, the text for the three alternatives are below. Whatever happens, we are closing this discussion in just under 7 hours. Good luck! Kind regards Emily --------- Alternative 1 the text we agreed in Dakar on proxy definition and proxy liability For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use Alternative 2 The text on best practices worked on by Susan, James and Kathy last night (latest version) Data Access- Proxy Service 1. ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. 2. Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. 3. ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. Such voluntary guidelines may include: + Proxy services provide full contact details as required by the Whois + Publication by the proxy service of its process for revealing and relaying information + Standardization of reveal and relay processes and timeframes, consistent with national laws + Maintenance of a dedicated abuse point of contact for the proxy service provider + Due diligence checks on licensee contact information. 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. Footnote 1 (all the remaining text) As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service beyond their ability to pay and their agreement to the general terms and conditions. - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. Alternative 3 Seth's proposal. Data Access- Proxy Service 1. The Review Team considers a Proxy Service as a relationship in which the registrant is acting on behalf of another. The WHOIS data is that of the agent/proxy service and the agent/proxy service alone obtains all rights and assumes all responsibility for the domain name and its manner of use. 2. ICANN should clarify that any registrant that may be acting as a proxy service for another is in all respects still the registrant and, in ICANN's view, should be held fully responsible for the use of the domain name including for any and all harm that results from the use of the domain name. 2. Because of ICANN's position on proxy services to date, which tolerates the proxy service industry that has arisen and which through RAA provisions gives recognition and attempts to regulate that industry, has been used by courts and others to allow proxy services to escape liability for bad acts of the proxy service customers, ICANN should either delete or amend those provisions of the RAA that can or have been used to allow proxy services to escape liability. 3. The Review Team acknowledges that there may be legitimate reasons for the occasional use of a proxy service, as for example to protect a valuable trade secret at product launch. At the same time proxy services should not be viewed or used as a substitute for privacy services that are designed to shield an individual's personal contact information. The legitimate use a proxy service would be the exception and not widespread. 4. A proxy service industry willing to accept full risks and liabilities for the manner in which domain names through its service will be used will take the necessary precautionary measures, in its relationship with its customers, such that domain names so registered are unlikely to be misused and, if misused, a remedy for those victimized will more likely be available. [http://images/cleardot.gif] -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From susank at fb.com Thu Dec 1 18:10:50 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 18:10:50 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> Message-ID: Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. I still do not see our two recommendations as polar opposites. I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. (I am not comparing the DMCA to this situation but I think this is a good example) When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. Why can't we advocate for both positions? I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 9:46 AM To: Susan Kawaguchi Cc: James M. Bladel; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From bill.smith at paypal-inc.com Thu Dec 1 18:32:00 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 11:32:00 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> Message-ID: I can live with both, but I want be sure that we recommend some mandatory penalty provisions in contracts for non-compliance. Whether that recommendation is made here or elsewhere in the report isn't a significant concern of mine, but I do think we should reference those recommendation and remind the reader of their mandatory nature. Registrants, proxied or otherwise, won't respond unless pushed. The bad actors may never respond and for them, we have provisions that will address their non-coloance. On Dec 1, 2011, at 10:12 AM, "Susan Kawaguchi" wrote: > Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good example) > When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. >> >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. >> >> From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. >> >> I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. >> >> One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. >> >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in the game. >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi > >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman > >> Cc: "rt4-whois at icann.org" > >> >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. >> >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: >> >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>>> >>>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>>> >>>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>>> >>>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>>> >>>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>>> >>>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>>> >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>>> >>>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>>> >>>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>>> >>>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, in >>>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>>> name including for any and all harm that results from the use of the domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>>> provisions gives recognition and attempts to regulate that industry, has >>>>>> been used by courts and others to allow proxy services to escape liability >>>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy services >>>>>> should not be viewed or used as a substitute for privacy services that are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not widespread. >>>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>>> for the manner in which domain names through its service will be used will >>>>>> take the necessary precautionary measures, in its relationship with its >>>>>> customers, such that domain names so registered are unlikely to be misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> From omar at kaminski.adv.br Thu Dec 1 18:44:50 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Thu, 1 Dec 2011 16:44:50 -0200 Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP In-Reply-To: <925450D4-06CA-40F5-943C-D6B487B7444F@paypal.com> References: <925450D4-06CA-40F5-943C-D6B487B7444F@paypal.com> Message-ID: Since Seth got the definition from Dakar, how about to put 2 and 3? Could Seth's perspective be considered more opinative and represents the RT view "in other hand"? I believe so, a guideline is a good intent but the possibility of misuse can't be forgotten and reasons to attract civil and even penal liability for all parties related. Omar 2011/12/1 Smith, Bill : > Dakar or Seth's language. > > From my perspective, 2 doesn't sufficiently advance us from the current situation. Everything is voluntary and when it's voluntary, the bad actors will act in their own best interest forcing a race to the bottom for all. > > On Dec 1, 2011, at 7:19 AM, "Emily Taylor" > wrote: > > Hi > > I went to bed last night thinking that we were nearly in agreement on the proxy recommendations that James, Susan and Kathy have been working on over the past weeks. > > In the middle of the night, I awoke to find new text on the table. > > You all know that our cut off date was yesterday, and we are now on negative time. ?However, I do want to go through the time zones so that we all have a chance to consider the options. > > Broadly, we have three alternatives. > > 1. Adopt the very brief text agreed in Dakar and no more > 2. Adopt the relatively stable text drafted by that small group which includes good practices > 3. Adopt the new text, drafted last night by Seth on behalf of another small team. > > We act by consensus. ?But we also have a deadline. ?I'm therefore going to call it before I go to sleep tonight, and in default of an alternative agreement we will have to go back to what we agreed in Dakar. ?I know that some people are not happy with it, but it has a simplicity, and avoids confusion about whether or not the good practices conflicts with the idea of liability. > > Alternatively, we can adopt different text, but it has to be by consensus. ?Remember, folks, that's difficult to achieve, and leaves everyone feeling a little bit frustrated, and like they could have got more if they pushed harder. > > Please try to bear in mind that we have a very, very strong full report. ?This is one part of the whole puzzle, which has to be seen within its own context. ?There will be further studies on proxies/privacy. ?There will be another review team on WHOIS which will kick off in less than 2 years. ?To speak for a moment in support of voluntary good practices, this is a well known regulatory step. ?It's what you do when you're not happy with the current situation (check), but you're not quite sure what will be an effective regulatory intervention (check). ?So, you explore the landscape - as I think the draft recommendations (alternative 2 below) very eloquently do. ?I should emphasise that good practices are not the final word. ?They are an interim plug, a step in the right direction. ?If, having gone through that, Bill and others are right and it's all still a mess, that's when you go for the next incremental step - but the important bit is, industry has been given a chance to clean out the stables after being told in no uncertain terms that there's a problem . That's where we are now. > > The third choice is that we adopt the new text, maybe with tweaks or changes. ?If that's what we're doing, I would be failing in my duties as your Chair if I did not set some deadline for this. ?We have known the issues for a long time, we have been wrestling with them, and reaching consensus is hard. ?I don't think that this is a case of "just a bit more time", but I'm very willing to be proved wrong. > > So, my challenge to you is - tell me what you have all agreed on proxies by 10pm UTC. ?If the answer is "nothing" we go with what we agreed in Dakar. > > Whatever the outcome, we have done a wonderful job on this report. ?Take it in its entirety, it represents a lot of work, and a lot of willpower and cooperation, plus - importantly - a willingness to step outside of one's individual, commercial interests and think about the public interest. ?I have been marvelling at the sheer energy that has been focused on this mailing list and the incredible progress we have made since the weekend ?(remember, I'm a Brit, not American, so I don't say these sort of things easily!). > > Keep up this discussion. ?But please focus your thoughts and exchanges on the give and take that's necessary for consensus. > > To assist those who may not be fully up to speed, the text for the three alternatives are below. ?Whatever happens, we are closing this discussion in just under 7 hours. ?Good luck! > > Kind regards > > Emily > > --------- > > Alternative 1 > the text we agreed in Dakar on proxy definition and proxy liability > > For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use > > Alternative 2 > The text on best practices worked on by Susan, James and Kathy last night (latest version) > > Data Access- Proxy Service > > 1. ? ? ?ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers. > > 2. ? ? ?Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN. > > 3. ? ? ?ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement. > > Such voluntary guidelines may include: > > + Proxy services provide full contact details as required by the Whois > > + Publication by the proxy service of its process for revealing and relaying information > > + Standardization of reveal and relay processes and timeframes, consistent with national laws > > + Maintenance of a dedicated abuse point of contact for the proxy service provider > > + Due diligence checks on licensee contact information. > > 5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices. > > 6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. > > Footnote 1 (all the remaining text) > As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers: > > - Proxy Service ? a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?] > > - Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20) > > - Affiliate retail proxy service provider ? entity operating under a common controlling interest of a registrar. > > - Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service ?beyond their ability to pay and their agreement to the ?general terms and conditions. > > - Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship. > > > Alternative 3 > Seth's proposal. > Data Access- Proxy Service > > 1. ? ? ?The Review Team considers a Proxy Service as a relationship in which > the registrant is acting on behalf of another. The WHOIS data is that of the > agent/proxy service and the agent/proxy service alone obtains all rights and > assumes all responsibility for the domain name and its manner of use. > 2. ? ? ?ICANN should clarify that any registrant that may be acting as a > proxy service for another is in all respects still the registrant and, in > ICANN's view, should be held fully responsible for the use of the domain > name including for any and all harm that results from the use of the domain > name. > 2. ? ? ?Because of ICANN's position on proxy services to date, which > tolerates the proxy service industry that has arisen and which through RAA > provisions gives recognition and attempts to regulate that industry, has > been used by courts and others to allow proxy services to escape liability > for bad acts of the proxy service customers, ICANN should either delete or > amend those provisions of the RAA that can or have been used to allow proxy > services to escape liability. > 3. ? ? ?The Review Team acknowledges that there may be legitimate reasons > for the occasional use of a proxy service, as for example to protect a > valuable trade secret at product launch. At the same time proxy services > should not be viewed or used as a substitute for privacy services that are > designed to shield an individual's personal contact information. ?The > legitimate use a proxy service would be the exception and not widespread. > 4. ? ?A proxy service industry willing to accept full risks and liabilities > for the manner in which domain names through its service will be used will > take the necessary precautionary measures, in its relationship with its > customers, such that domain names so registered are unlikely to be misused > and, if misused, a remedy for those victimized will more likely be > available. > [http://images/cleardot.gif] > > > -- > > > ? [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] > > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From seth.reiss at lex-ip.com Thu Dec 1 18:51:53 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Thu, 1 Dec 2011 08:51:53 -1000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> Message-ID: <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> OK, guys, I finally woke up. But now I kind of wish I had not! I am not entirely comfortable with what I wrote (option 3). I continue to agree with Bill's analysis and thinking, but I am also concerned that the statements I wrote go well beyond what our Team was tasked to do. It goes beyond WHOIS accuracy into the realm of security etc. But so does James' and Susan's proposal (option 2). The Dakar statement (option 1 as most recently modified by Emily) comes closest to us staying within our purview. Note that Susan agrees that language should be removed from the RRA and proxy service provider should be responsible for the domain name. So perhaps this could a bullet point under Dakar. Or better yet, how about this to make the group happy, or at least happier. How about the Dakar statement as most recently modified by Emily go into the recommendations. Everything else, some of proposal 2 and maybe a bit of proposal 3, or perhaps just the statement Susan made about language being removed from the RAA, go into the discussion. I agree with Bill that a voluntary set of best practices cannot reach the goal of eliminating irresponsible proxy services. But the discussion section could indicate this was one of the ideas that was considered by our team as a possible solution and that is something that the community may wish to follow up on. Finally, regarding the DMCA, the United States Congress, in its wisdom, decided that web hosts and neutral bill boards and the like should be given a level of immunity to function and so adopted the DMCA and other measure to provide safe havens from copyright infringement claims and other claims for content posted by others if they registered as an agent and carefully followed a number of specific take down/put up practices. The process is mandatory, carefully detailed and all governed by a centralized law that is consistent across the national territory. We, unfortunately, do not operate in a landscape of consistent laws, plus we are not a legislature, plus (as Bill has reiterated on several occasions) a voluntary practice will not get us there. Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, December 01, 2011 8:11 AM To: Smith, Bill Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. I still do not see our two recommendations as polar opposites. I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. (I am not comparing the DMCA to this situation but I think this is a good example) When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. Why can't we advocate for both positions? I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 9:46 AM To: Susan Kawaguchi Cc: James M. Bladel; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Thu Dec 1 19:17:23 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 12:17:23 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> Message-ID: This is acceptable to me as well. On Dec 1, 2011, at 10:52 AM, "Seth M Reiss" wrote: > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue to > agree with Bill's analysis and thinking, but I am also concerned that the > statements I wrote go well beyond what our Team was tasked to do. It goes > beyond WHOIS accuracy into the realm of security etc. But so does James' > and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) comes > closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA and > proxy service provider should be responsible for the domain name. So > perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least happier. > > How about the Dakar statement as most recently modified by Emily go into the > recommendations. Everything else, some of proposal 2 and maybe a bit of > proposal 3, or perhaps just the statement Susan made about language being > removed from the RAA, go into the discussion. I agree with Bill that a > voluntary set of best practices cannot reach the goal of eliminating > irresponsible proxy services. But the discussion section could indicate this > was one of the ideas that was considered by our team as a possible solution > and that is something that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > decided that web hosts and neutral bill boards and the like should be given > a level of immunity to function and so adopted the DMCA and other measure to > provide safe havens from copyright infringement claims and other claims for > content posted by others if they registered as an agent and carefully > followed a number of specific take down/put up practices. The process is > mandatory, carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not operate > in a landscape of consistent laws, plus we are not a legislature, plus (as > Bill has reiterated on several occasions) a voluntary practice will not get > us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to seeing so > much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service > provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and > if we can get movement in the right direction along with calling for the > proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay took the > lead and put in place the VeRO program which went beyond some of the > requirements. Many other companies followed their lead and you will see > pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate > proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without > proactive ICANN compliance measures, either to police observance of best > practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required terms > from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into > the compliance provisions. For example, the current RAA language says that > failure to correct WHOIS data *may* result in revocation of the Domain Name > (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the > public paying the cost, much like with toxic waste. This isn't a direct cost > but indirect, and getting larger all the time. I sincerely doubt that a > voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to > abide by them results in action and/or penalties up to and including loss of > name. The current system doesn't, while threatening such an eventuality > rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it > needs to shift from the voluntary mechanisms that don't work to a simple > though comprehensive set of mandatory mechanisms that will work. These > mechanisms should exist outside of any "at law"remedies but should be in > concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still > allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not > understand how an SLA will work with non-contracted parties. >> >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree > to language in Dakar in essence saying that ICANN should avoid mentioning > proxies in the RAA. I realize that some may not have been fully on board > with that, and there have been suggestion to change our position. >> >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the VC > deals with this issue and avoids a return to the current state, I'm all > ears. >> >> One way for the VC to work is to have a set of SLAs that mandate action in > response to non-compliance to the SLAs. I don't see a mention of that in the > VC and I'd want to understand exactly what we're talking about regarding > times for roundtrip reveal/relay and the consequences for failure to respond > in a timely fashion. >> >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in > the game. >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi > >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman > >> Cc: "rt4-whois at icann.org" > > >> >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to > explore this direction. >> >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > wrote: >> >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > think there is useful information in that language to guide development of > SLAs regarding Registrant responsibilities and response times so would hate > to see that work "tossed". >>>> >>>> Seth's language is an attempt to "flesh out" the simple text we had in > Dakar, that said ICANN should remove reference to proxy services from the > RAA. I think he's done a good job, albeit perhaps a first cut, at doing that > and getting a conversation going on the practical implications of, let's > call it the Dakar proxy compact. >>>> >>>> As I recall, one of the reasons we decided to recommend removing proxies > from the RAA is that no matter how hard we, or ICANN tries to control or > regulate the proxy business, anyone can operate such a service outside of > the control of ICANN or the community. They simply register names and act on > behalf of someone else. >>>> >>>> What we, asa community, can do is develop some policies that set out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> >>>> These policies wouldn't take the place of legal action, but they would > fill the void where Registrants, or their proxies, are non-responsive. >>>> >>>> The alternative is the voluntary code, but we know that can be avoided, > and letting the courts handle the situation... but that's basically where we > are today so I don't see how a code, voluntary or not helps in the end. >>>> >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so > very much! >>>>> >>>>> Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) >>>>> >>>>> Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. >>>>> >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through > RAA >>>>>> provisions gives recognition and attempts to regulate that industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services that > are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be used > will >>>>>> take the necessary precautionary measures, in its relationship with > its >>>>>> customers, such that domain names so registered are unlikely to be > misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From susank at fb.com Thu Dec 1 19:24:53 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 19:24:53 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> Message-ID: Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. Lynn Omar Michael James Kathy Susan Those who have not weighed in today Emily Lutz - although liked Seth's proposal last night Sarmad Wilfried Sharon Peter - but earlier this morning did sound like he was probably favoring Seth's language. (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) We could lead into the two recommendations with the following: Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 10:52 AM To: Susan Kawaguchi; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language OK, guys, I finally woke up. But now I kind of wish I had not! I am not entirely comfortable with what I wrote (option 3). I continue to agree with Bill's analysis and thinking, but I am also concerned that the statements I wrote go well beyond what our Team was tasked to do. It goes beyond WHOIS accuracy into the realm of security etc. But so does James' and Susan's proposal (option 2). The Dakar statement (option 1 as most recently modified by Emily) comes closest to us staying within our purview. Note that Susan agrees that language should be removed from the RRA and proxy service provider should be responsible for the domain name. So perhaps this could a bullet point under Dakar. Or better yet, how about this to make the group happy, or at least happier. How about the Dakar statement as most recently modified by Emily go into the recommendations. Everything else, some of proposal 2 and maybe a bit of proposal 3, or perhaps just the statement Susan made about language being removed from the RAA, go into the discussion. I agree with Bill that a voluntary set of best practices cannot reach the goal of eliminating irresponsible proxy services. But the discussion section could indicate this was one of the ideas that was considered by our team as a possible solution and that is something that the community may wish to follow up on. Finally, regarding the DMCA, the United States Congress, in its wisdom, decided that web hosts and neutral bill boards and the like should be given a level of immunity to function and so adopted the DMCA and other measure to provide safe havens from copyright infringement claims and other claims for content posted by others if they registered as an agent and carefully followed a number of specific take down/put up practices. The process is mandatory, carefully detailed and all governed by a centralized law that is consistent across the national territory. We, unfortunately, do not operate in a landscape of consistent laws, plus we are not a legislature, plus (as Bill has reiterated on several occasions) a voluntary practice will not get us there. Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, December 01, 2011 8:11 AM To: Smith, Bill Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. I still do not see our two recommendations as polar opposites. I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. (I am not comparing the DMCA to this situation but I think this is a good example) When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. Why can't we advocate for both positions? I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 9:46 AM To: Susan Kawaguchi Cc: James M. Bladel; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From michel.denise at gmail.com Thu Dec 1 19:31:15 2011 From: michel.denise at gmail.com (Denise Michel) Date: Thu, 1 Dec 2011 11:31:15 -0800 Subject: [Rt4-whois] ICANN Satisfaction Survey - FYI Message-ID: See Dear Team members: I've gotten a couple questions about this so I'm sharing with the full Team. The following survey is being circulated on the community and includes questions on Compliance. I'll keep you apprised and will bring the results to your attention next year. Regards Denise From: kurt Date: Wed, 30 Nov 2011 10:47:27 -0800 To: "soac-discussion at icann.org" Cc: David Olive , Robert Hoggarth < robert.hoggarth at icann.org> Subject: Stakeholder Satisfaction Survey Dear Supporting Organization and Advisory Committee: Consistent with the spirit of the Affirmation of Commitments and in response to community requests, ICANN has developed a Stakeholder Satisfaction Survey to obtain the community?s perceptions of the Performance Effectiveness in ten service categories supported by ICANN. We invite you and members of your community to take a few minutes to assist us in this initial effort to start tracking the level of satisfaction with various services provided by ICANN and the certain activities undertaken by ICANN. The service categories we are tracking in this survey include: DNS Policy Development DNS Policy Implementation Services Contractual Compliance DNS Stability & Security IANA Operations Supporting Organization and Advisory Committee Support Communications Public Meetings Strategic Planning Leadership A link to the survey can be found at - http://ICANN-SS-2011.questionpro.com/ . We ask that you circulate the survey link to members of your organization. The survey will also be made available to the broader Internet Community as well. The survey is designed to create an initial baseline of general ICANN stakeholder satisfaction that can be used to develop improvements and compare against future results. We plan to refine the process over time, gather data about additional services, and focus more closely on specific services or projects in future surveys. If you have comments to the survey itself, please make them in the comment box on the last page that is reserve for overall comments. This initial survey will close 31 December 2011 at 12:00 UTC. An ICANN Survey Administrator (an external contractor) will collect and tabulate the results in January 2012. This timetable will support the plan to conduct a public review session of survey results in Costa Rica. A process for follow-up actions and a subsequent survey will then be started. The survey results will be used to identify improvement areas in the organization's services capability and delivery. We intend to share summary reports with the entire ICANN stakeholder community and opportunities for additional community comments will be created before any improvement actions are formalized and implemented. Identity of respondents will not be published. We appreciate your cooperation in passing on this first Stakeholder Satisfaction Survey and hope that many will participate. Best regards, Kurt Kurt Pritz ICANN -- Denise Michel michel.denise at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/579308ae/attachment.html From seth.reiss at lex-ip.com Thu Dec 1 19:33:30 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Thu, 1 Dec 2011 09:33:30 -1000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> Message-ID: <00ea01ccb060$1be31e40$53a95ac0$@reiss@lex-ip.com> Very good Susan. See my slight tweaks below: -----Original Message----- From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 9:25 AM To: Seth M Reiss; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. Lynn Omar Michael James Kathy Susan Those who have not weighed in today Emily Lutz - although liked Seth's proposal last night Sarmad Wilfried Sharon Peter - but earlier this morning did sound like he was probably favoring Seth's language. (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) We could lead into the two recommendations with the following: Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices, with the view that every registrant, including proxy service registrants, should accept full responsibility for the manner of use of the domain name they register. We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 10:52 AM To: Susan Kawaguchi; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language OK, guys, I finally woke up. But now I kind of wish I had not! I am not entirely comfortable with what I wrote (option 3). I continue to agree with Bill's analysis and thinking, but I am also concerned that the statements I wrote go well beyond what our Team was tasked to do. It goes beyond WHOIS accuracy into the realm of security etc. But so does James' and Susan's proposal (option 2). The Dakar statement (option 1 as most recently modified by Emily) comes closest to us staying within our purview. Note that Susan agrees that language should be removed from the RRA and proxy service provider should be responsible for the domain name. So perhaps this could a bullet point under Dakar. Or better yet, how about this to make the group happy, or at least happier. How about the Dakar statement as most recently modified by Emily go into the recommendations. Everything else, some of proposal 2 and maybe a bit of proposal 3, or perhaps just the statement Susan made about language being removed from the RAA, go into the discussion. I agree with Bill that a voluntary set of best practices cannot reach the goal of eliminating irresponsible proxy services. But the discussion section could indicate this was one of the ideas that was considered by our team as a possible solution and that is something that the community may wish to follow up on. Finally, regarding the DMCA, the United States Congress, in its wisdom, decided that web hosts and neutral bill boards and the like should be given a level of immunity to function and so adopted the DMCA and other measure to provide safe havens from copyright infringement claims and other claims for content posted by others if they registered as an agent and carefully followed a number of specific take down/put up practices. The process is mandatory, carefully detailed and all governed by a centralized law that is consistent across the national territory. We, unfortunately, do not operate in a landscape of consistent laws, plus we are not a legislature, plus (as Bill has reiterated on several occasions) a voluntary practice will not get us there. Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, December 01, 2011 8:11 AM To: Smith, Bill Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. I still do not see our two recommendations as polar opposites. I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. (I am not comparing the DMCA to this situation but I think this is a good example) When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. Why can't we advocate for both positions? I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 9:46 AM To: Susan Kawaguchi Cc: James M. Bladel; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/096e90e5/attachment.html From kathy at kathykleiman.com Thu Dec 1 19:42:33 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Thu, 01 Dec 2011 14:42:33 -0500 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> Message-ID: <4ED7D8A9.3030502@kathykleiman.com> Sorry Susan, I was skimming new messages quickly and missed the lower part of this one. Are you suggesting new text for the report, and if so, where? Tx, Kathy: > Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. > > Lynn > Omar > Michael > James > Kathy > Susan > > > > Those who have not weighed in today > > Emily > Lutz - although liked Seth's proposal last night > Sarmad > Wilfried > Sharon > Peter - but earlier this morning did sound like he was probably favoring Seth's language. > > (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) > > > I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) > > > We could lead into the two recommendations with the following: > > > > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > > We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. > > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. > > -----Original Message----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 10:52 AM > To: Susan Kawaguchi; 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] The New Proxy Language > > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue to > agree with Bill's analysis and thinking, but I am also concerned that the > statements I wrote go well beyond what our Team was tasked to do. It goes > beyond WHOIS accuracy into the realm of security etc. But so does James' > and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) comes > closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA and > proxy service provider should be responsible for the domain name. So > perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least happier. > > How about the Dakar statement as most recently modified by Emily go into the > recommendations. Everything else, some of proposal 2 and maybe a bit of > proposal 3, or perhaps just the statement Susan made about language being > removed from the RAA, go into the discussion. I agree with Bill that a > voluntary set of best practices cannot reach the goal of eliminating > irresponsible proxy services. But the discussion section could indicate this > was one of the ideas that was considered by our team as a possible solution > and that is something that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > decided that web hosts and neutral bill boards and the like should be given > a level of immunity to function and so adopted the DMCA and other measure to > provide safe havens from copyright infringement claims and other claims for > content posted by others if they registered as an agent and carefully > followed a number of specific take down/put up practices. The process is > mandatory, carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not operate > in a landscape of consistent laws, plus we are not a legislature, plus (as > Bill has reiterated on several occasions) a voluntary practice will not get > us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to seeing so > much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service > provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and > if we can get movement in the right direction along with calling for the > proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay took the > lead and put in place the VeRO program which went beyond some of the > requirements. Many other companies followed their lead and you will see > pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate > proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without > proactive ICANN compliance measures, either to police observance of best > practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required terms > from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into > the compliance provisions. For example, the current RAA language says that > failure to correct WHOIS data *may* result in revocation of the Domain Name > (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the > public paying the cost, much like with toxic waste. This isn't a direct cost > but indirect, and getting larger all the time. I sincerely doubt that a > voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to > abide by them results in action and/or penalties up to and including loss of > name. The current system doesn't, while threatening such an eventuality > rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it > needs to shift from the voluntary mechanisms that don't work to a simple > though comprehensive set of mandatory mechanisms that will work. These > mechanisms should exist outside of any "at law"remedies but should be in > concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still > allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not > understand how an SLA will work with non-contracted parties. >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree > to language in Dakar in essence saying that ICANN should avoid mentioning > proxies in the RAA. I realize that some may not have been fully on board > with that, and there have been suggestion to change our position. >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the VC > deals with this issue and avoids a return to the current state, I'm all > ears. >> One way for the VC to work is to have a set of SLAs that mandate action in > response to non-compliance to the SLAs. I don't see a mention of that in the > VC and I'd want to understand exactly what we're talking about regarding > times for roundtrip reveal/relay and the consequences for failure to respond > in a timely fashion. >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in > the game. >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi> >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman> >> Cc: "rt4-whois at icann.org" > > >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to > explore this direction. >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > wrote: >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > think there is useful information in that language to guide development of > SLAs regarding Registrant responsibilities and response times so would hate > to see that work "tossed". >>>> Seth's language is an attempt to "flesh out" the simple text we had in > Dakar, that said ICANN should remove reference to proxy services from the > RAA. I think he's done a good job, albeit perhaps a first cut, at doing that > and getting a conversation going on the practical implications of, let's > call it the Dakar proxy compact. >>>> As I recall, one of the reasons we decided to recommend removing proxies > from the RAA is that no matter how hard we, or ICANN tries to control or > regulate the proxy business, anyone can operate such a service outside of > the control of ICANN or the community. They simply register names and act on > behalf of someone else. >>>> What we, asa community, can do is develop some policies that set out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> These policies wouldn't take the place of legal action, but they would > fill the void where Registrants, or their proxies, are non-responsive. >>>> The alternative is the voluntary code, but we know that can be avoided, > and letting the courts handle the situation... but that's basically where we > are today so I don't see how a code, voluntary or not helps in the end. >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so > very much! >>>>> Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) >>>>> Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through > RAA >>>>>> provisions gives recognition and attempts to regulate that industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services that > are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be used > will >>>>>> take the necessary precautionary measures, in its relationship with > its >>>>>> customers, such that domain names so registered are unlikely to be > misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- From sharon.lemon at soca.x.gsi.gov.uk Thu Dec 1 19:54:38 2011 From: sharon.lemon at soca.x.gsi.gov.uk (LEMON, Sharon) Date: Thu, 1 Dec 2011 19:54:38 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <4ED7D8A9.3030502@kathykleiman.com> Message-ID: <3062FB662B110E4A9F14C63284D07FF7050C69406F53@soca.x.gsi.gov.uk> NOT PROTECTIVELY MARKED -- Converted from text/plain format --> Hello All, My email seems to have got lost, so please forgive if it arrives later, but the members of LE I have managed to liaise with a short notice, go for Option 2. Sharon Sharon LEMON OBE Deputy Director Cyber and Forensics Serious and Organised Crime Agency (SOCA) 07768 290902 0207 855 2800 -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Kathy Kleiman Sent: 01 December 2011 19:43 To: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Sorry Susan, I was skimming new messages quickly and missed the lower part of this one. Are you suggesting new text for the report, and if so, where? Tx, Kathy: > Not everyone on the team has chimed in yet on this issue today but > according to my count the following are agreeing to Lynn's proposal > agreeing # 2 in Emily's email this morning. > > Lynn > Omar > Michael > James > Kathy > Susan > > > > Those who have not weighed in today > > Emily > Lutz - although liked Seth's proposal last night > Sarmad > Wilfried > Sharon > Peter - but earlier this morning did sound like he was probably > favoring Seth's language. > > (if I have characterized this incorrectly for anyone please accept my > apologies and please weigh in) > > > I would recommend that we leave both the Dakar recommendation in and > the best practices recommendation in ( I do not feel they are mutually > exclusive) > > > We could lead into the two recommendations with the following: > > > > Review Team members are in unanimous agreement that the status quo > regarding proxy registrations is not sustainable, is not fair to > legitimate participants in the domain name marketplace, frustrates > valuable social goals such as law enforcement [and the protection of > intellectual property], and reflects poorly on ICANN's commitment to > serve the public interest. > > We are also in agreement that the goal should be to give accredited > registrars strong incentives not to foster this undesirable status > quo, and that such incentives should arise both from the terms of the > ICANN contracts with registrars, and from principles of legal > responsibility under national law. ICANN can control the first source > of these incentives; its contractual provisions may influence, but > cannot control, the second, since neither of the parties most directly > involved -- the proxy service customers, and the law enforcement or > other party seeking to identify them and hold them accountable -- is > under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. > Some believe that the best approach is to start with the proxy > services that are made available in connection with domain name > registration, and require these services to follow best practices for > promptly disclosing the identity of the party actually in control of > the domain name, with registrars facing consequences if they do > business with services that do not fulfill best practices. Others > prefer the approach of denying any recognition of proxy services in > ICANN contracts, and treating all such services simply as registrants, > regardless of their practices. > > We set forth below alternative recommendations reflecting these dual > approaches, and solicit community comment on them. > > One other area of agreement is that neither approach will be > successful without proactive ICANN compliance measures, either to > police observance of best practices, in the first approach, or to > press registrars to cancel registrations of proxy services that do not > fulfill their contractual obligations as set forth in the RAA. A well > resourced and credible compliance program is essential to reforming > the unacceptable status quo in this area. > > -----Original Message----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 10:52 AM > To: Susan Kawaguchi; 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] The New Proxy Language > > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue > to agree with Bill's analysis and thinking, but I am also concerned > that the statements I wrote go well beyond what our Team was tasked to > do. It goes beyond WHOIS accuracy into the realm of security etc. But > so does James' and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) > comes closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA > and proxy service provider should be responsible for the domain name. > So perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least > happier. > > How about the Dakar statement as most recently modified by Emily go > into the recommendations. Everything else, some of proposal 2 and > maybe a bit of proposal 3, or perhaps just the statement Susan made > about language being removed from the RAA, go into the discussion. I > agree with Bill that a voluntary set of best practices cannot reach > the goal of eliminating irresponsible proxy services. But the > discussion section could indicate this was one of the ideas that was > considered by our team as a possible solution and that is something > that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its > wisdom, decided that web hosts and neutral bill boards and the like > should be given a level of immunity to function and so adopted the > DMCA and other measure to provide safe havens from copyright > infringement claims and other claims for content posted by others if > they registered as an agent and carefully followed a number of > specific take down/put up practices. The process is mandatory, > carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not > operate in a landscape of consistent laws, plus we are not a > legislature, plus (as Bill has reiterated on several occasions) a > voluntary practice will not get us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] > On Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to > seeing so much bad behavior by registrants that I do not think of them > that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy > service provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry > and if we can get movement in the right direction along with calling > for the proxy service providers to be responsible it is a win win > situation. > > (I am not comparing the DMCA to this situation but I think this is a > good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay > took the lead and put in place the VeRO program which went beyond some > of the requirements. Many other companies followed their lead and you > will see pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their > affiliate proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful > without proactive ICANN compliance measures, either to police > observance of best practices, in the first approach, or to press > registrars to cancel registrations of proxy services that do not > fulfill their contractual obligations as set forth in the RAA. A well > resourced and credible compliance program is essential to reforming > the unacceptable status quo in this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required > terms from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth > into the compliance provisions. For example, the current RAA language > says that failure to correct WHOIS data *may* result in revocation of > the Domain Name (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with > the public paying the cost, much like with toxic waste. This isn't a > direct cost but indirect, and getting larger all the time. I sincerely > doubt that a voluntary code, though admirable, will mitigate these > costs. > > If we have SLAs in each of the agreements, then failure by any party > to abide by them results in action and/or penalties up to and > including loss of name. The current system doesn't, while threatening > such an eventuality rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly > believe it needs to shift from the voluntary mechanisms that don't > work to a simple though comprehensive set of mandatory mechanisms that > will work. These mechanisms should exist outside of any "at > law"remedies but should be in concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will > still allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do >> not > understand how an SLA will work with non-contracted parties. >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did >> agree > to language in Dakar in essence saying that ICANN should avoid > mentioning proxies in the RAA. I realize that some may not have been > fully on board with that, and there have been suggestion to change our > position. >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the > VC deals with this issue and avoids a return to the current state, I'm > all ears. >> One way for the VC to work is to have a set of SLAs that mandate >> action in > response to non-compliance to the SLAs. I don't see a mention of that > in the VC and I'd want to understand exactly what we're talking about > regarding times for roundtrip reveal/relay and the consequences for > failure to respond in a timely fashion. >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very >> late in > the game. >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi> >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy >> Kleiman> >> Cc: "rt4-whois at icann.org" > > >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing >> to > explore this direction. >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > wrote: >>> But what James and Susan did so brilliantly, and for the first time >>> in history, was to begin to bring the proxy services into the ICANN >>> tent and into sight. The idea of disclosing relationships, sharing >>> ownership and contractual relationships, is an enormous step >>> forward. I think we are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices >>>> Guidelines. I > think there is useful information in that language to guide > development of SLAs regarding Registrant responsibilities and response > times so would hate to see that work "tossed". >>>> Seth's language is an attempt to "flesh out" the simple text we had >>>> in > Dakar, that said ICANN should remove reference to proxy services from > the RAA. I think he's done a good job, albeit perhaps a first cut, at > doing that and getting a conversation going on the practical > implications of, let's call it the Dakar proxy compact. >>>> As I recall, one of the reasons we decided to recommend removing >>>> proxies > from the RAA is that no matter how hard we, or ICANN tries to control > or regulate the proxy business, anyone can operate such a service > outside of the control of ICANN or the community. They simply register > names and act on behalf of someone else. >>>> What we, asa community, can do is develop some policies that set >>>> out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> These policies wouldn't take the place of legal action, but they >>>> would > fill the void where Registrants, or their proxies, are non-responsive. >>>> The alternative is the voluntary code, but we know that can be >>>> avoided, > and letting the courts handle the situation... but that's basically > where we are today so I don't see how a code, voluntary or not helps > in the end. >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. >>>>> Thanks so > very much! >>>>> Regarding the language below, could someone be an expert guide? Is >>>>> it a > replacement of the whole of the Proxy Recommendations, or in addition > to the Voluntary Best Practices Guidelines (which I really liked) >>>>> Otherwise, I am thinking and researching. I think this is a big >>>>> change > below, and I am not keen on #3 at all. Many, many people use proxy > services for many, many things, and the Recommendations section seems > an odd place to put a value judgement on that. >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. I would >>>>> like to know what James thinks, Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is >>>>>> that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of >>>>>> use. 2. ICANN should clarify that any registrant that may be >>>>>> acting as a proxy service for another is in all respects still >>>>>> the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of >>>>>> the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which >>>>>> through > RAA >>>>>> provisions gives recognition and attempts to regulate that >>>>>> industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to >>>>>> allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate >>>>>> reasons for the occasional use of a proxy service, as for example >>>>>> to protect a valuable trade secret at product launch. At the same >>>>>> time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services >>>>>> that > are >>>>>> designed to shield an individual's personal contact information. >>>>>> The legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be >>>>>> used > will >>>>>> take the necessary precautionary measures, in its relationship >>>>>> with > its >>>>>> customers, such that domain names so registered are unlikely to >>>>>> be > misused >>>>>> and, if misused, a remedy for those victimized will more likely >>>>>> be available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. This information is supplied in confidence by SOCA, and is exempt from disclosure under the Freedom of Information Act 2000. It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under the Data Protection Act 1998. Requests for disclosure to the public must be referred to the SOCA FOI single point of contact, by email on PICUEnquiries at soca.x.gsi.gov.uk or by telephoning 0870 268 8677. All E-Mail sent and received by SOCA is scanned and subject to assessment. Messages sent or received by SOCA staff are not private and may be the subject of lawful business monitoring. E-Mail may be passed at any time and without notice to an appropriate branch within SOCA, on authority from the Director General or his Deputy for analysis. This E-Mail and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible. The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free. Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes. From susank at fb.com Thu Dec 1 20:04:47 2011 From: susank at fb.com (Susan Kawaguchi) Date: Thu, 1 Dec 2011 20:04:47 +0000 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: <00ea01ccb060$1be31e40$53a95ac0$@reiss@lex-ip.com> References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> <00ea01ccb060$1be31e40$53a95ac0$@reiss@lex-ip.com> Message-ID: I am going into a meeting right now for the next 3 hours and will not be able to communicate except occasionally on my iphone. I am fine your with additional language Seth. Unfortunately, Facebook is demanding my attention to other issues.... From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 11:34 AM To: Susan Kawaguchi; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language Very good Susan. See my slight tweaks below: -----Original Message----- From: Susan Kawaguchi [mailto:susank at fb.com] Sent: Thursday, December 01, 2011 9:25 AM To: Seth M Reiss; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. Lynn Omar Michael James Kathy Susan Those who have not weighed in today Emily Lutz - although liked Seth's proposal last night Sarmad Wilfried Sharon Peter - but earlier this morning did sound like he was probably favoring Seth's language. (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) We could lead into the two recommendations with the following: Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices, with the view that every registrant, including proxy service registrants, should accept full responsibility for the manner of use of the domain name they register. We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] Sent: Thursday, December 01, 2011 10:52 AM To: Susan Kawaguchi; 'Smith, Bill' Cc: rt4-whois at icann.org Subject: RE: [Rt4-whois] The New Proxy Language OK, guys, I finally woke up. But now I kind of wish I had not! I am not entirely comfortable with what I wrote (option 3). I continue to agree with Bill's analysis and thinking, but I am also concerned that the statements I wrote go well beyond what our Team was tasked to do. It goes beyond WHOIS accuracy into the realm of security etc. But so does James' and Susan's proposal (option 2). The Dakar statement (option 1 as most recently modified by Emily) comes closest to us staying within our purview. Note that Susan agrees that language should be removed from the RRA and proxy service provider should be responsible for the domain name. So perhaps this could a bullet point under Dakar. Or better yet, how about this to make the group happy, or at least happier. How about the Dakar statement as most recently modified by Emily go into the recommendations. Everything else, some of proposal 2 and maybe a bit of proposal 3, or perhaps just the statement Susan made about language being removed from the RAA, go into the discussion. I agree with Bill that a voluntary set of best practices cannot reach the goal of eliminating irresponsible proxy services. But the discussion section could indicate this was one of the ideas that was considered by our team as a possible solution and that is something that the community may wish to follow up on. Finally, regarding the DMCA, the United States Congress, in its wisdom, decided that web hosts and neutral bill boards and the like should be given a level of immunity to function and so adopted the DMCA and other measure to provide safe havens from copyright infringement claims and other claims for content posted by others if they registered as an agent and carefully followed a number of specific take down/put up practices. The process is mandatory, carefully detailed and all governed by a centralized law that is consistent across the national territory. We, unfortunately, do not operate in a landscape of consistent laws, plus we are not a legislature, plus (as Bill has reiterated on several occasions) a voluntary practice will not get us there. Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Thursday, December 01, 2011 8:11 AM To: Smith, Bill Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Yes I agree a registrant is a contracted party I guess I am use to seeing so much bad behavior by registrants that I do not think of them that way. I still do not see our two recommendations as polar opposites. I agree the language in the RAA should be removed and the proxy service provider should be responsible for the domain name. But that does not exclude the need for best practices in this industry and if we can get movement in the right direction along with calling for the proxy service providers to be responsible it is a win win situation. (I am not comparing the DMCA to this situation but I think this is a good example) When the DMCA was put into US law it required interpretation and best practices were developed over a period of time. In my opinion eBay took the lead and put in place the VeRO program which went beyond some of the requirements. Many other companies followed their lead and you will see pieces of the VeRO program in many companies processes. I think several registrars have taken a similar path with their affiliate proxy services and established procedures that are good. Why can't we advocate for both positions? I think we are in agreement that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. -----Original Message----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Thursday, December 01, 2011 9:46 AM To: Susan Kawaguchi Cc: James M. Bladel; rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language Susan, Isn't everyone a contracted party in this ecosystem? Registrars and Registries with ICANN and Registrants with Registrants (with required terms from ICANN). I believe we need SLAs in each of the agreements that put some teeth into the compliance provisions. For example, the current RAA language says that failure to correct WHOIS data *may* result in revocation of the Domain Name (or something similar to that). Action is voluntary on the part of the Registrant and Registrar with the public paying the cost, much like with toxic waste. This isn't a direct cost but indirect, and getting larger all the time. I sincerely doubt that a voluntary code, though admirable, will mitigate these costs. If we have SLAs in each of the agreements, then failure by any party to abide by them results in action and/or penalties up to and including loss of name. The current system doesn't, while threatening such an eventuality rarely reaches that point as we've heard. If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it needs to shift from the voluntary mechanisms that don't work to a simple though comprehensive set of mandatory mechanisms that will work. These mechanisms should exist outside of any "at law"remedies but should be in concert with them. I'll think about adding the VC to 4. My gut reaction is that it will still allow too much legal room if/when the legal system is required. Bill On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > Hi Bill, > > I agree with most of what is in your and Seth's recommendation but do not understand how an SLA will work with non-contracted parties. > > What if we added the voluntary best practices to #4? > > Susan > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 7:44 AM > To: James M. Bladel > Cc: Susan Kawaguchi; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > I have no problem with folks not being "on board". However, we did agree to language in Dakar in essence saying that ICANN should avoid mentioning proxies in the RAA. I realize that some may not have been fully on board with that, and there have been suggestion to change our position. > > From my perspective, the changes are from the Dakar position to the Voluntary Code proposal. > > I've pointed out how the VC can and likely will be circumvented, especially by "bad actors". If someone can demonstrate a way that the VC deals with this issue and avoids a return to the current state, I'm all ears. > > One way for the VC to work is to have a set of SLAs that mandate action in response to non-compliance to the SLAs. I don't see a mention of that in the VC and I'd want to understand exactly what we're talking about regarding times for roundtrip reveal/relay and the consequences for failure to respond in a timely fashion. > > On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > > Agree with Susan. These are very significant changes coming very late in the game. > > J. > > -------- Original Message -------- > Subject: Re: [Rt4-whois] The New Proxy Language > From: Susan Kawaguchi > > Date: Thu, December 01, 2011 8:58 am > To: Kathy Kleiman > > Cc: "rt4-whois at icann.org" > > > Hi Kathy > > I am not onboard with Bill and Seth's recommendation but I am willing to explore this direction. > > Susan > > Sent from my iPhone > > On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > wrote: > >> But what James and Susan did so brilliantly, and for the first time in >> history, was to begin to bring the proxy services into the ICANN tent >> and into sight. The idea of disclosing relationships, sharing ownership >> and contractual relationships, is an enormous step forward. I think we >> are losing something now... >> >> Kathy: >>> My preference is to replace the Voluntary Best Practices Guidelines. I think there is useful information in that language to guide development of SLAs regarding Registrant responsibilities and response times so would hate to see that work "tossed". >>> >>> Seth's language is an attempt to "flesh out" the simple text we had in Dakar, that said ICANN should remove reference to proxy services from the RAA. I think he's done a good job, albeit perhaps a first cut, at doing that and getting a conversation going on the practical implications of, let's call it the Dakar proxy compact. >>> >>> As I recall, one of the reasons we decided to recommend removing proxies from the RAA is that no matter how hard we, or ICANN tries to control or regulate the proxy business, anyone can operate such a service outside of the control of ICANN or the community. They simply register names and act on behalf of someone else. >>> >>> What we, asa community, can do is develop some policies that set out what is expected of all parties, including Registrants and have consequences, mandatory in some cases, for failure to comply with the policies. The consequence of last resort is revocation of the name. >>> >>> These policies wouldn't take the place of legal action, but they would fill the void where Registrants, or their proxies, are non-responsive. >>> >>> The alternative is the voluntary code, but we know that can be avoided, and letting the courts handle the situation... but that's basically where we are today so I don't see how a code, voluntary or not helps in the end. >>> >>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>> >>>> Hi All, >>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so very much! >>>> >>>> Regarding the language below, could someone be an expert guide? Is it a replacement of the whole of the Proxy Recommendations, or in addition to the Voluntary Best Practices Guidelines (which I really liked) >>>> >>>> Otherwise, I am thinking and researching. I think this is a big change below, and I am not keen on #3 at all. Many, many people use proxy services for many, many things, and the Recommendations section seems an odd place to put a value judgement on that. >>>> >>>> Otherwise, there are some fascinating legal concepts, and my brain already hurts! >>>> Thinking hard first thing in the AM and still reviewing. >>>> I would like to know what James thinks, >>>> Kathy >>>> >>>>> Data Access- Proxy Service >>>>> >>>>> 1. The Review Team considers a Proxy Service as a relationship in which >>>>> the registrant is acting on behalf of another. The WHOIS data is that of the >>>>> agent/proxy service and the agent/proxy service alone obtains all rights and >>>>> assumes all responsibility for the domain name and its manner of use. >>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>> proxy service for another is in all respects still the registrant and, in >>>>> ICANN's view, should be held fully responsible for the use of the domain >>>>> name including for any and all harm that results from the use of the domain >>>>> name. >>>>> 2. Because of ICANN's position on proxy services to date, which >>>>> tolerates the proxy service industry that has arisen and which through RAA >>>>> provisions gives recognition and attempts to regulate that industry, has >>>>> been used by courts and others to allow proxy services to escape liability >>>>> for bad acts of the proxy service customers, ICANN should either delete or >>>>> amend those provisions of the RAA that can or have been used to allow proxy >>>>> services to escape liability. >>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>> for the occasional use of a proxy service, as for example to protect a >>>>> valuable trade secret at product launch. At the same time proxy services >>>>> should not be viewed or used as a substitute for privacy services that are >>>>> designed to shield an individual's personal contact information. The >>>>> legitimate use a proxy service would be the exception and not widespread. >>>>> 4. A proxy service industry willing to accept full risks and liabilities >>>>> for the manner in which domain names through its service will be used will >>>>> take the necessary precautionary measures, in its relationship with its >>>>> customers, such that domain names so registered are unlikely to be misused >>>>> and, if misused, a remedy for those victimized will more likely be >>>>> available. >>>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> >> -- >> >> >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/a1f476ab/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 20:14:11 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 13:14:11 -0700 Subject: [Rt4-whois] The New Proxy Language In-Reply-To: References: <20111201082311.9c1b16d3983f34082b49b9baf8cec04a.b97ba32400.wbe@email00.secureserver.net> <824E5D2A-9572-40F1-ACEC-12F7DF813556@paypal.com> <6F233FE1-924C-4214-B625-C8555D0B4EBF@paypal-inc.com> <00d501ccb05a$4bb2b550$e3181ff0$@reiss@lex-ip.com> Message-ID: <642C50A0-B513-438B-90F0-F2DAA3FA4FBB@paypal-inc.com> This seems like a reasonable compromise position for the time being. I too may not be able to respond in a timely manner starting real soon now. I trust the group to make the right decision here. On Dec 1, 2011, at 11:24 AM, Susan Kawaguchi wrote: > Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. > > Lynn > Omar > Michael > James > Kathy > Susan > > > > Those who have not weighed in today > > Emily > Lutz - although liked Seth's proposal last night > Sarmad > Wilfried > Sharon > Peter - but earlier this morning did sound like he was probably favoring Seth's language. > > (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) > > > I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) > > > We could lead into the two recommendations with the following: > > > > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > > We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. > > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. > > -----Original Message----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 10:52 AM > To: Susan Kawaguchi; 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] The New Proxy Language > > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue to > agree with Bill's analysis and thinking, but I am also concerned that the > statements I wrote go well beyond what our Team was tasked to do. It goes > beyond WHOIS accuracy into the realm of security etc. But so does James' > and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) comes > closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA and > proxy service provider should be responsible for the domain name. So > perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least happier. > > How about the Dakar statement as most recently modified by Emily go into the > recommendations. Everything else, some of proposal 2 and maybe a bit of > proposal 3, or perhaps just the statement Susan made about language being > removed from the RAA, go into the discussion. I agree with Bill that a > voluntary set of best practices cannot reach the goal of eliminating > irresponsible proxy services. But the discussion section could indicate this > was one of the ideas that was considered by our team as a possible solution > and that is something that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > decided that web hosts and neutral bill boards and the like should be given > a level of immunity to function and so adopted the DMCA and other measure to > provide safe havens from copyright infringement claims and other claims for > content posted by others if they registered as an agent and carefully > followed a number of specific take down/put up practices. The process is > mandatory, carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not operate > in a landscape of consistent laws, plus we are not a legislature, plus (as > Bill has reiterated on several occasions) a voluntary practice will not get > us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to seeing so > much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service > provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and > if we can get movement in the right direction along with calling for the > proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay took the > lead and put in place the VeRO program which went beyond some of the > requirements. Many other companies followed their lead and you will see > pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate > proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without > proactive ICANN compliance measures, either to police observance of best > practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required terms > from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into > the compliance provisions. For example, the current RAA language says that > failure to correct WHOIS data *may* result in revocation of the Domain Name > (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the > public paying the cost, much like with toxic waste. This isn't a direct cost > but indirect, and getting larger all the time. I sincerely doubt that a > voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to > abide by them results in action and/or penalties up to and including loss of > name. The current system doesn't, while threatening such an eventuality > rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it > needs to shift from the voluntary mechanisms that don't work to a simple > though comprehensive set of mandatory mechanisms that will work. These > mechanisms should exist outside of any "at law"remedies but should be in > concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still > allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not > understand how an SLA will work with non-contracted parties. >> >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree > to language in Dakar in essence saying that ICANN should avoid mentioning > proxies in the RAA. I realize that some may not have been fully on board > with that, and there have been suggestion to change our position. >> >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the VC > deals with this issue and avoids a return to the current state, I'm all > ears. >> >> One way for the VC to work is to have a set of SLAs that mandate action in > response to non-compliance to the SLAs. I don't see a mention of that in the > VC and I'd want to understand exactly what we're talking about regarding > times for roundtrip reveal/relay and the consequences for failure to respond > in a timely fashion. >> >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in > the game. >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi > >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman > >> Cc: "rt4-whois at icann.org" > > >> >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to > explore this direction. >> >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > wrote: >> >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > think there is useful information in that language to guide development of > SLAs regarding Registrant responsibilities and response times so would hate > to see that work "tossed". >>>> >>>> Seth's language is an attempt to "flesh out" the simple text we had in > Dakar, that said ICANN should remove reference to proxy services from the > RAA. I think he's done a good job, albeit perhaps a first cut, at doing that > and getting a conversation going on the practical implications of, let's > call it the Dakar proxy compact. >>>> >>>> As I recall, one of the reasons we decided to recommend removing proxies > from the RAA is that no matter how hard we, or ICANN tries to control or > regulate the proxy business, anyone can operate such a service outside of > the control of ICANN or the community. They simply register names and act on > behalf of someone else. >>>> >>>> What we, asa community, can do is develop some policies that set out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> >>>> These policies wouldn't take the place of legal action, but they would > fill the void where Registrants, or their proxies, are non-responsive. >>>> >>>> The alternative is the voluntary code, but we know that can be avoided, > and letting the courts handle the situation... but that's basically where we > are today so I don't see how a code, voluntary or not helps in the end. >>>> >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so > very much! >>>>> >>>>> Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) >>>>> >>>>> Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. >>>>> >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through > RAA >>>>>> provisions gives recognition and attempts to regulate that industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services that > are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be used > will >>>>>> take the necessary precautionary measures, in its relationship with > its >>>>>> customers, such that domain names so registered are unlikely to be > misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > From Peter.Nettlefold at dbcde.gov.au Thu Dec 1 21:05:36 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Fri, 2 Dec 2011 08:05:36 +1100 Subject: [Rt4-whois] The New Proxy Language [SEC=UNCLASSIFIED] In-Reply-To: <642C50A0-B513-438B-90F0-F2DAA3FA4FBB@paypal-inc.com> Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D64226F@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hi all I am just up, and have to get moving to get ready for my meetings today. Once sorted, I will catch up on overnight emails and get back to the group - this should be within an hour or so. Cheers Peter ----- Original Message ----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Friday, December 02, 2011 07:14 AM To: Susan Kawaguchi Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] The New Proxy Language This seems like a reasonable compromise position for the time being. I too may not be able to respond in a timely manner starting real soon now. I trust the group to make the right decision here. On Dec 1, 2011, at 11:24 AM, Susan Kawaguchi wrote: > Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. > > Lynn > Omar > Michael > James > Kathy > Susan > > > > Those who have not weighed in today > > Emily > Lutz - although liked Seth's proposal last night > Sarmad > Wilfried > Sharon > Peter - but earlier this morning did sound like he was probably favoring Seth's language. > > (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) > > > I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) > > > We could lead into the two recommendations with the following: > > > > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > > We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. > > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. > > -----Original Message----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 10:52 AM > To: Susan Kawaguchi; 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] The New Proxy Language > > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue to > agree with Bill's analysis and thinking, but I am also concerned that the > statements I wrote go well beyond what our Team was tasked to do. It goes > beyond WHOIS accuracy into the realm of security etc. But so does James' > and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) comes > closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA and > proxy service provider should be responsible for the domain name. So > perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least happier. > > How about the Dakar statement as most recently modified by Emily go into the > recommendations. Everything else, some of proposal 2 and maybe a bit of > proposal 3, or perhaps just the statement Susan made about language being > removed from the RAA, go into the discussion. I agree with Bill that a > voluntary set of best practices cannot reach the goal of eliminating > irresponsible proxy services. But the discussion section could indicate this > was one of the ideas that was considered by our team as a possible solution > and that is something that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > decided that web hosts and neutral bill boards and the like should be given > a level of immunity to function and so adopted the DMCA and other measure to > provide safe havens from copyright infringement claims and other claims for > content posted by others if they registered as an agent and carefully > followed a number of specific take down/put up practices. The process is > mandatory, carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not operate > in a landscape of consistent laws, plus we are not a legislature, plus (as > Bill has reiterated on several occasions) a voluntary practice will not get > us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to seeing so > much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service > provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and > if we can get movement in the right direction along with calling for the > proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay took the > lead and put in place the VeRO program which went beyond some of the > requirements. Many other companies followed their lead and you will see > pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate > proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without > proactive ICANN compliance measures, either to police observance of best > practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required terms > from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into > the compliance provisions. For example, the current RAA language says that > failure to correct WHOIS data *may* result in revocation of the Domain Name > (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the > public paying the cost, much like with toxic waste. This isn't a direct cost > but indirect, and getting larger all the time. I sincerely doubt that a > voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to > abide by them results in action and/or penalties up to and including loss of > name. The current system doesn't, while threatening such an eventuality > rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it > needs to shift from the voluntary mechanisms that don't work to a simple > though comprehensive set of mandatory mechanisms that will work. These > mechanisms should exist outside of any "at law"remedies but should be in > concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still > allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not > understand how an SLA will work with non-contracted parties. >> >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree > to language in Dakar in essence saying that ICANN should avoid mentioning > proxies in the RAA. I realize that some may not have been fully on board > with that, and there have been suggestion to change our position. >> >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the VC > deals with this issue and avoids a return to the current state, I'm all > ears. >> >> One way for the VC to work is to have a set of SLAs that mandate action in > response to non-compliance to the SLAs. I don't see a mention of that in the > VC and I'd want to understand exactly what we're talking about regarding > times for roundtrip reveal/relay and the consequences for failure to respond > in a timely fashion. >> >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in > the game. >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi > >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman > >> Cc: "rt4-whois at icann.org" > > >> >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to > explore this direction. >> >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > wrote: >> >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > think there is useful information in that language to guide development of > SLAs regarding Registrant responsibilities and response times so would hate > to see that work "tossed". >>>> >>>> Seth's language is an attempt to "flesh out" the simple text we had in > Dakar, that said ICANN should remove reference to proxy services from the > RAA. I think he's done a good job, albeit perhaps a first cut, at doing that > and getting a conversation going on the practical implications of, let's > call it the Dakar proxy compact. >>>> >>>> As I recall, one of the reasons we decided to recommend removing proxies > from the RAA is that no matter how hard we, or ICANN tries to control or > regulate the proxy business, anyone can operate such a service outside of > the control of ICANN or the community. They simply register names and act on > behalf of someone else. >>>> >>>> What we, asa community, can do is develop some policies that set out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> >>>> These policies wouldn't take the place of legal action, but they would > fill the void where Registrants, or their proxies, are non-responsive. >>>> >>>> The alternative is the voluntary code, but we know that can be avoided, > and letting the courts handle the situation... but that's basically where we > are today so I don't see how a code, voluntary or not helps in the end. >>>> >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so > very much! >>>>> >>>>> Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) >>>>> >>>>> Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. >>>>> >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through > RAA >>>>>> provisions gives recognition and attempts to regulate that industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services that > are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be used > will >>>>>> take the necessary precautionary measures, in its relationship with > its >>>>>> customers, such that domain names so registered are unlikely to be > misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- From emily at emilytaylor.eu Thu Dec 1 21:40:23 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 21:40:23 +0000 Subject: [Rt4-whois] The New Proxy Language [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D64226F@EMB01.dept.gov.au> References: <642C50A0-B513-438B-90F0-F2DAA3FA4FBB@paypal-inc.com> <636771A7F4383E408C57A0240B5F8D4A333D64226F@EMB01.dept.gov.au> Message-ID: Hi all For the record, I support option #2. Thank you for continuing this discussion. We are now nearly at our cut off point. Weighing in with a heavy cold, so may not make the best sense. I am trying to catch up with where we are, and think I have it. We're thinking about laying out two alternatives (is this option 1 and option 2, or a different combo?), and introducing some text, right? This could work, and my sense is that the approach is finding favour with the team. Can I suggest a slight twist of emphasis - obviously, shout me down if you've all already agreed - on the introductory text? Rather than say we can't reach consensus and throwing it over the fence to the community to sort out, perhaps we could say: "We have reached consensus on the following (Dakar stuff - actually, when you step back from it there is a strong statement on proxy liability, which should not be underestimated), and a majority (I think that's true) are in favour of exploring best practices as set out below. However, there is also a strong sentiment within the team that voluntary measures such as those proposed do not go far enough, as they have little confidence that the minority of 'bad actors' will adopt such measures. "Therefore, we set out our proposals on best practices [see recommendation xx below], with the proviso that a significant body within the WHOIS Review Team has little confidence that such measures will prove a satisfactory solution over time. We request that the next WHOIS Review Team reviews the proxy industry's progress in this regard, and in the event that it finds the WHOIS policy and its implementation unsatisfactory at that point, we trust that it will make recommendations for more concrete measures." Or something like that. I have no author's pride. Just dig out what works. So, that means keeping paragraphs 1, 2, 3 and 5 of Susan's text, and substituting those sentences for her single sentence para 4. Kind regards Emily On 1 December 2011 21:05, Nettlefold, Peter wrote: > Classification: UNCLASSIFIED > > Hi all > I am just up, and have to get moving to get ready for my meetings today. > Once sorted, I will catch up on overnight emails and get back to the group > - this should be within an hour or so. > Cheers > Peter > > ----- Original Message ----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Friday, December 02, 2011 07:14 AM > To: Susan Kawaguchi > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > This seems like a reasonable compromise position for the time being. I too > may not be able to respond in a timely manner starting real soon now. > > I trust the group to make the right decision here. > > On Dec 1, 2011, at 11:24 AM, Susan Kawaguchi wrote: > > > Not everyone on the team has chimed in yet on this issue today but > according to my count the following are agreeing to Lynn's proposal > agreeing # 2 in Emily's email this morning. > > > > Lynn > > Omar > > Michael > > James > > Kathy > > Susan > > > > > > > > Those who have not weighed in today > > > > Emily > > Lutz - although liked Seth's proposal last night > > Sarmad > > Wilfried > > Sharon > > Peter - but earlier this morning did sound like he was probably favoring > Seth's language. > > > > (if I have characterized this incorrectly for anyone please accept my > apologies and please weigh in) > > > > > > I would recommend that we leave both the Dakar recommendation in and the > best practices recommendation in ( I do not feel they are mutually > exclusive) > > > > > > We could lead into the two recommendations with the following: > > > > > > > > Review Team members are in unanimous agreement that the status quo > regarding proxy registrations is not sustainable, is not fair to legitimate > participants in the domain name marketplace, frustrates valuable social > goals such as law enforcement [and the protection of intellectual > property], and reflects poorly on ICANN's commitment to serve the public > interest. > > > > We are also in agreement that the goal should be to give accredited > registrars strong incentives not to foster this undesirable status quo, and > that such incentives should arise both from the terms of the ICANN > contracts with registrars, and from principles of legal responsibility > under national law. ICANN can control the first source of these > incentives; its contractual provisions may influence, but cannot control, > the second, since neither of the parties most directly involved -- the > proxy service customers, and the law enforcement or other party seeking to > identify them and hold them accountable -- is under contract to ICANN. > > > > We have not reached consensus on how best to advance this common goal. > Some believe that the best approach is to start with the proxy services > that are made available in connection with domain name registration, and > require these services to follow best practices for promptly disclosing the > identity of the party actually in control of the domain name, with > registrars facing consequences if they do business with services that do > not fulfill best practices. Others prefer the approach of denying any > recognition of proxy services in ICANN contracts, and treating all such > services simply as registrants, regardless of their practices. > > > > We set forth below alternative recommendations reflecting these dual > approaches, and solicit community comment on them. > > > > One other area of agreement is that neither approach will be successful > without proactive ICANN compliance measures, either to police observance of > best practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > > -----Original Message----- > > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > > Sent: Thursday, December 01, 2011 10:52 AM > > To: Susan Kawaguchi; 'Smith, Bill' > > Cc: rt4-whois at icann.org > > Subject: RE: [Rt4-whois] The New Proxy Language > > > > OK, guys, I finally woke up. But now I kind of wish I had not! > > > > I am not entirely comfortable with what I wrote (option 3). I continue to > > agree with Bill's analysis and thinking, but I am also concerned that the > > statements I wrote go well beyond what our Team was tasked to do. It > goes > > beyond WHOIS accuracy into the realm of security etc. But so does James' > > and Susan's proposal (option 2). > > > > The Dakar statement (option 1 as most recently modified by Emily) comes > > closest to us staying within our purview. > > > > Note that Susan agrees that language should be removed from the RRA and > > proxy service provider should be responsible for the domain name. So > > perhaps this could a bullet point under Dakar. > > > > Or better yet, how about this to make the group happy, or at least > happier. > > > > How about the Dakar statement as most recently modified by Emily go into > the > > recommendations. Everything else, some of proposal 2 and maybe a bit of > > proposal 3, or perhaps just the statement Susan made about language being > > removed from the RAA, go into the discussion. I agree with Bill that a > > voluntary set of best practices cannot reach the goal of eliminating > > irresponsible proxy services. But the discussion section could indicate > this > > was one of the ideas that was considered by our team as a possible > solution > > and that is something that the community may wish to follow up on. > > > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > > decided that web hosts and neutral bill boards and the like should be > given > > a level of immunity to function and so adopted the DMCA and other > measure to > > provide safe havens from copyright infringement claims and other claims > for > > content posted by others if they registered as an agent and carefully > > followed a number of specific take down/put up practices. The process is > > mandatory, carefully detailed and all governed by a centralized law that > is > > consistent across the national territory. We, unfortunately, do not > operate > > in a landscape of consistent laws, plus we are not a legislature, plus > (as > > Bill has reiterated on several occasions) a voluntary practice will not > get > > us there. > > > > Seth > > > > -----Original Message----- > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] > On > > Behalf Of Susan Kawaguchi > > Sent: Thursday, December 01, 2011 8:11 AM > > To: Smith, Bill > > Cc: rt4-whois at icann.org > > Subject: Re: [Rt4-whois] The New Proxy Language > > > > Yes I agree a registrant is a contracted party I guess I am use to > seeing so > > much bad behavior by registrants that I do not think of them that way. > > > > I still do not see our two recommendations as polar opposites. > > > > I agree the language in the RAA should be removed and the proxy service > > provider should be responsible for the domain name. > > > > But that does not exclude the need for best practices in this industry > and > > if we can get movement in the right direction along with calling for the > > proxy service providers to be responsible it is a win win situation. > > > > (I am not comparing the DMCA to this situation but I think this is a good > > example) > > When the DMCA was put into US law it required interpretation and best > > practices were developed over a period of time. In my opinion eBay took > the > > lead and put in place the VeRO program which went beyond some of the > > requirements. Many other companies followed their lead and you will see > > pieces of the VeRO program in many companies processes. > > > > I think several registrars have taken a similar path with their affiliate > > proxy services and established procedures that are good. > > > > Why can't we advocate for both positions? > > > > I think we are in agreement that neither approach will be successful > without > > proactive ICANN compliance measures, either to police observance of best > > practices, in the first approach, or to press registrars to cancel > > registrations of proxy services that do not fulfill their contractual > > obligations as set forth in the RAA. A well resourced and credible > > compliance program is essential to reforming the unacceptable status quo > in > > this area. > > > > > > -----Original Message----- > > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > > Sent: Thursday, December 01, 2011 9:46 AM > > To: Susan Kawaguchi > > Cc: James M. Bladel; rt4-whois at icann.org > > Subject: Re: [Rt4-whois] The New Proxy Language > > > > Susan, > > > > Isn't everyone a contracted party in this ecosystem? Registrars and > > Registries with ICANN and Registrants with Registrants (with required > terms > > from ICANN). > > > > I believe we need SLAs in each of the agreements that put some teeth into > > the compliance provisions. For example, the current RAA language says > that > > failure to correct WHOIS data *may* result in revocation of the Domain > Name > > (or something similar to that). > > > > Action is voluntary on the part of the Registrant and Registrar with the > > public paying the cost, much like with toxic waste. This isn't a direct > cost > > but indirect, and getting larger all the time. I sincerely doubt that a > > voluntary code, though admirable, will mitigate these costs. > > > > If we have SLAs in each of the agreements, then failure by any party to > > abide by them results in action and/or penalties up to and including > loss of > > name. The current system doesn't, while threatening such an eventuality > > rarely reaches that point as we've heard. > > > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe > it > > needs to shift from the voluntary mechanisms that don't work to a simple > > though comprehensive set of mandatory mechanisms that will work. These > > mechanisms should exist outside of any "at law"remedies but should be in > > concert with them. > > > > I'll think about adding the VC to 4. My gut reaction is that it will > still > > allow too much legal room if/when the legal system is required. > > > > Bill > > > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" wrote: > > > >> Hi Bill, > >> > >> I agree with most of what is in your and Seth's recommendation but do > not > > understand how an SLA will work with non-contracted parties. > >> > >> What if we added the voluntary best practices to #4? > >> > >> Susan > >> > >> -----Original Message----- > >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > >> Sent: Thursday, December 01, 2011 7:44 AM > >> To: James M. Bladel > >> Cc: Susan Kawaguchi; rt4-whois at icann.org > >> Subject: Re: [Rt4-whois] The New Proxy Language > >> > >> I have no problem with folks not being "on board". However, we did agree > > to language in Dakar in essence saying that ICANN should avoid mentioning > > proxies in the RAA. I realize that some may not have been fully on board > > with that, and there have been suggestion to change our position. > >> > >> From my perspective, the changes are from the Dakar position to the > > Voluntary Code proposal. > >> > >> I've pointed out how the VC can and likely will be circumvented, > > especially by "bad actors". If someone can demonstrate a way that the VC > > deals with this issue and avoids a return to the current state, I'm all > > ears. > >> > >> One way for the VC to work is to have a set of SLAs that mandate action > in > > response to non-compliance to the SLAs. I don't see a mention of that in > the > > VC and I'd want to understand exactly what we're talking about regarding > > times for roundtrip reveal/relay and the consequences for failure to > respond > > in a timely fashion. > >> > >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: > >> > >> Agree with Susan. These are very significant changes coming very late > in > > the game. > >> > >> J. > >> > >> -------- Original Message -------- > >> Subject: Re: [Rt4-whois] The New Proxy Language > >> From: Susan Kawaguchi > > >> Date: Thu, December 01, 2011 8:58 am > >> To: Kathy Kleiman >> > >> Cc: "rt4-whois at icann.org" > > > > >> > >> Hi Kathy > >> > >> I am not onboard with Bill and Seth's recommendation but I am willing to > > explore this direction. > >> > >> Susan > >> > >> Sent from my iPhone > >> > >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > > > wrote: > >> > >>> But what James and Susan did so brilliantly, and for the first time in > >>> history, was to begin to bring the proxy services into the ICANN tent > >>> and into sight. The idea of disclosing relationships, sharing ownership > >>> and contractual relationships, is an enormous step forward. I think we > >>> are losing something now... > >>> > >>> Kathy: > >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > > think there is useful information in that language to guide development > of > > SLAs regarding Registrant responsibilities and response times so would > hate > > to see that work "tossed". > >>>> > >>>> Seth's language is an attempt to "flesh out" the simple text we had in > > Dakar, that said ICANN should remove reference to proxy services from the > > RAA. I think he's done a good job, albeit perhaps a first cut, at doing > that > > and getting a conversation going on the practical implications of, let's > > call it the Dakar proxy compact. > >>>> > >>>> As I recall, one of the reasons we decided to recommend removing > proxies > > from the RAA is that no matter how hard we, or ICANN tries to control or > > regulate the proxy business, anyone can operate such a service outside of > > the control of ICANN or the community. They simply register names and > act on > > behalf of someone else. > >>>> > >>>> What we, asa community, can do is develop some policies that set out > > what is expected of all parties, including Registrants and have > > consequences, mandatory in some cases, for failure to comply with the > > policies. The consequence of last resort is revocation of the name. > >>>> > >>>> These policies wouldn't take the place of legal action, but they would > > fill the void where Registrants, or their proxies, are non-responsive. > >>>> > >>>> The alternative is the voluntary code, but we know that can be > avoided, > > and letting the courts handle the situation... but that's basically > where we > > are today so I don't see how a code, voluntary or not helps in the end. > >>>> > >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: > >>>> > >>>>> Hi All, > >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks > so > > very much! > >>>>> > >>>>> Regarding the language below, could someone be an expert guide? Is > it a > > replacement of the whole of the Proxy Recommendations, or in addition to > the > > Voluntary Best Practices Guidelines (which I really liked) > >>>>> > >>>>> Otherwise, I am thinking and researching. I think this is a big > change > > below, and I am not keen on #3 at all. Many, many people use proxy > services > > for many, many things, and the Recommendations section seems an odd > place to > > put a value judgement on that. > >>>>> > >>>>> Otherwise, there are some fascinating legal concepts, and my brain > > already hurts! > >>>>> Thinking hard first thing in the AM and still reviewing. > >>>>> I would like to know what James thinks, > >>>>> Kathy > >>>>> > >>>>>> Data Access- Proxy Service > >>>>>> > >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > > which > >>>>>> the registrant is acting on behalf of another. The WHOIS data is > that > > of the > >>>>>> agent/proxy service and the agent/proxy service alone obtains all > > rights and > >>>>>> assumes all responsibility for the domain name and its manner of > use. > >>>>>> 2. ICANN should clarify that any registrant that may be acting as a > >>>>>> proxy service for another is in all respects still the registrant > and, > > in > >>>>>> ICANN's view, should be held fully responsible for the use of the > > domain > >>>>>> name including for any and all harm that results from the use of the > > domain > >>>>>> name. > >>>>>> 2. Because of ICANN's position on proxy services to date, which > >>>>>> tolerates the proxy service industry that has arisen and which > through > > RAA > >>>>>> provisions gives recognition and attempts to regulate that industry, > > has > >>>>>> been used by courts and others to allow proxy services to escape > > liability > >>>>>> for bad acts of the proxy service customers, ICANN should either > > delete or > >>>>>> amend those provisions of the RAA that can or have been used to > allow > > proxy > >>>>>> services to escape liability. > >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons > >>>>>> for the occasional use of a proxy service, as for example to > protect a > >>>>>> valuable trade secret at product launch. At the same time proxy > > services > >>>>>> should not be viewed or used as a substitute for privacy services > that > > are > >>>>>> designed to shield an individual's personal contact information. The > >>>>>> legitimate use a proxy service would be the exception and not > > widespread. > >>>>>> 4. A proxy service industry willing to accept full risks and > > liabilities > >>>>>> for the manner in which domain names through its service will be > used > > will > >>>>>> take the necessary precautionary measures, in its relationship with > > its > >>>>>> customers, such that domain names so registered are unlikely to be > > misused > >>>>>> and, if misused, a remedy for those victimized will more likely be > >>>>>> available. > >>>>>> > >>>>> _______________________________________________ > >>>>> Rt4-whois mailing list > >>>>> Rt4-whois at icann.org > >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois > >>>> > >>>> _______________________________________________ > >>>> Rt4-whois mailing list > >>>> Rt4-whois at icann.org > >>>> https://mm.icann.org/mailman/listinfo/rt4-whois > >>> > >>> > >>> -- > >>> > >>> > >>> > >>> _______________________________________________ > >>> Rt4-whois mailing list > >>> Rt4-whois at icann.org > >>> https://mm.icann.org/mailman/listinfo/rt4-whois > >> > >> _______________________________________________ > >> Rt4-whois mailing list > >> Rt4-whois at icann.org > >> https://mm.icann.org/mailman/listinfo/rt4-whois > >> _______________________________________________ > >> Rt4-whois mailing list > >> Rt4-whois at icann.org > >> https://mm.icann.org/mailman/listinfo/rt4-whois > >> > > > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > ------------------------------------------------------------------------------- > > NOTICE: This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any unauthorized > review, use, disclosure or distribution is prohibited. If you are not the > intended recipient, please contact the sender by reply email and destroy > all > copies of the original message. > > This message has been content scanned by the Axway MailGate. > MailGate uses policy enforcement to scan for known viruses, spam, > undesirable content and malicious code. For more information on Axway > products please visit www.axway.com. > > > > ------------------------------------------------------------------------------- > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/82bb5162/attachment.html From bill.smith at paypal-inc.com Thu Dec 1 21:48:05 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Thu, 1 Dec 2011 14:48:05 -0700 Subject: [Rt4-whois] The New Proxy Language [SEC=UNCLASSIFIED] In-Reply-To: References: <642C50A0-B513-438B-90F0-F2DAA3FA4FBB@paypal-inc.com> <636771A7F4383E408C57A0240B5F8D4A333D64226F@EMB01.dept.gov.au> Message-ID: <64C2C5D8-1DB6-4D4A-88AC-D67BCDBE5473@paypal-inc.com> Excellent. I think we could also leave open the possibility that we will reach consensus in this RT and our goal is to do so. On Dec 1, 2011, at 1:40 PM, "Emily Taylor" > wrote: Hi all For the record, I support option #2. Thank you for continuing this discussion. We are now nearly at our cut off point. Weighing in with a heavy cold, so may not make the best sense. I am trying to catch up with where we are, and think I have it. We're thinking about laying out two alternatives (is this option 1 and option 2, or a different combo?), and introducing some text, right? This could work, and my sense is that the approach is finding favour with the team. Can I suggest a slight twist of emphasis - obviously, shout me down if you've all already agreed - on the introductory text? Rather than say we can't reach consensus and throwing it over the fence to the community to sort out, perhaps we could say: "We have reached consensus on the following (Dakar stuff - actually, when you step back from it there is a strong statement on proxy liability, which should not be underestimated), and a majority (I think that's true) are in favour of exploring best practices as set out below. However, there is also a strong sentiment within the team that voluntary measures such as those proposed do not go far enough, as they have little confidence that the minority of 'bad actors' will adopt such measures. "Therefore, we set out our proposals on best practices [see recommendation xx below], with the proviso that a significant body within the WHOIS Review Team has little confidence that such measures will prove a satisfactory solution over time. We request that the next WHOIS Review Team reviews the proxy industry's progress in this regard, and in the event that it finds the WHOIS policy and its implementation unsatisfactory at that point, we trust that it will make recommendations for more concrete measures." Or something like that. I have no author's pride. Just dig out what works. So, that means keeping paragraphs 1, 2, 3 and 5 of Susan's text, and substituting those sentences for her single sentence para 4. Kind regards Emily On 1 December 2011 21:05, Nettlefold, Peter > wrote: Classification: UNCLASSIFIED Hi all I am just up, and have to get moving to get ready for my meetings today. Once sorted, I will catch up on overnight emails and get back to the group - this should be within an hour or so. Cheers Peter ----- Original Message ----- From: Smith, Bill [mailto:bill.smith at paypal-inc.com] Sent: Friday, December 02, 2011 07:14 AM To: Susan Kawaguchi > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language This seems like a reasonable compromise position for the time being. I too may not be able to respond in a timely manner starting real soon now. I trust the group to make the right decision here. On Dec 1, 2011, at 11:24 AM, Susan Kawaguchi wrote: > Not everyone on the team has chimed in yet on this issue today but according to my count the following are agreeing to Lynn's proposal agreeing # 2 in Emily's email this morning. > > Lynn > Omar > Michael > James > Kathy > Susan > > > > Those who have not weighed in today > > Emily > Lutz - although liked Seth's proposal last night > Sarmad > Wilfried > Sharon > Peter - but earlier this morning did sound like he was probably favoring Seth's language. > > (if I have characterized this incorrectly for anyone please accept my apologies and please weigh in) > > > I would recommend that we leave both the Dakar recommendation in and the best practices recommendation in ( I do not feel they are mutually exclusive) > > > We could lead into the two recommendations with the following: > > > > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > > We set forth below alternative recommendations reflecting these dual approaches, and solicit community comment on them. > > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. > > -----Original Message----- > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com] > Sent: Thursday, December 01, 2011 10:52 AM > To: Susan Kawaguchi; 'Smith, Bill' > Cc: rt4-whois at icann.org > Subject: RE: [Rt4-whois] The New Proxy Language > > OK, guys, I finally woke up. But now I kind of wish I had not! > > I am not entirely comfortable with what I wrote (option 3). I continue to > agree with Bill's analysis and thinking, but I am also concerned that the > statements I wrote go well beyond what our Team was tasked to do. It goes > beyond WHOIS accuracy into the realm of security etc. But so does James' > and Susan's proposal (option 2). > > The Dakar statement (option 1 as most recently modified by Emily) comes > closest to us staying within our purview. > > Note that Susan agrees that language should be removed from the RRA and > proxy service provider should be responsible for the domain name. So > perhaps this could a bullet point under Dakar. > > Or better yet, how about this to make the group happy, or at least happier. > > How about the Dakar statement as most recently modified by Emily go into the > recommendations. Everything else, some of proposal 2 and maybe a bit of > proposal 3, or perhaps just the statement Susan made about language being > removed from the RAA, go into the discussion. I agree with Bill that a > voluntary set of best practices cannot reach the goal of eliminating > irresponsible proxy services. But the discussion section could indicate this > was one of the ideas that was considered by our team as a possible solution > and that is something that the community may wish to follow up on. > > Finally, regarding the DMCA, the United States Congress, in its wisdom, > decided that web hosts and neutral bill boards and the like should be given > a level of immunity to function and so adopted the DMCA and other measure to > provide safe havens from copyright infringement claims and other claims for > content posted by others if they registered as an agent and carefully > followed a number of specific take down/put up practices. The process is > mandatory, carefully detailed and all governed by a centralized law that is > consistent across the national territory. We, unfortunately, do not operate > in a landscape of consistent laws, plus we are not a legislature, plus (as > Bill has reiterated on several occasions) a voluntary practice will not get > us there. > > Seth > > -----Original Message----- > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On > Behalf Of Susan Kawaguchi > Sent: Thursday, December 01, 2011 8:11 AM > To: Smith, Bill > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Yes I agree a registrant is a contracted party I guess I am use to seeing so > much bad behavior by registrants that I do not think of them that way. > > I still do not see our two recommendations as polar opposites. > > I agree the language in the RAA should be removed and the proxy service > provider should be responsible for the domain name. > > But that does not exclude the need for best practices in this industry and > if we can get movement in the right direction along with calling for the > proxy service providers to be responsible it is a win win situation. > > (I am not comparing the DMCA to this situation but I think this is a good > example) > When the DMCA was put into US law it required interpretation and best > practices were developed over a period of time. In my opinion eBay took the > lead and put in place the VeRO program which went beyond some of the > requirements. Many other companies followed their lead and you will see > pieces of the VeRO program in many companies processes. > > I think several registrars have taken a similar path with their affiliate > proxy services and established procedures that are good. > > Why can't we advocate for both positions? > > I think we are in agreement that neither approach will be successful without > proactive ICANN compliance measures, either to police observance of best > practices, in the first approach, or to press registrars to cancel > registrations of proxy services that do not fulfill their contractual > obligations as set forth in the RAA. A well resourced and credible > compliance program is essential to reforming the unacceptable status quo in > this area. > > > -----Original Message----- > From: Smith, Bill [mailto:bill.smith at paypal-inc.com] > Sent: Thursday, December 01, 2011 9:46 AM > To: Susan Kawaguchi > Cc: James M. Bladel; rt4-whois at icann.org > Subject: Re: [Rt4-whois] The New Proxy Language > > Susan, > > Isn't everyone a contracted party in this ecosystem? Registrars and > Registries with ICANN and Registrants with Registrants (with required terms > from ICANN). > > I believe we need SLAs in each of the agreements that put some teeth into > the compliance provisions. For example, the current RAA language says that > failure to correct WHOIS data *may* result in revocation of the Domain Name > (or something similar to that). > > Action is voluntary on the part of the Registrant and Registrar with the > public paying the cost, much like with toxic waste. This isn't a direct cost > but indirect, and getting larger all the time. I sincerely doubt that a > voluntary code, though admirable, will mitigate these costs. > > If we have SLAs in each of the agreements, then failure by any party to > abide by them results in action and/or penalties up to and including loss of > name. The current system doesn't, while threatening such an eventuality > rarely reaches that point as we've heard. > > If ICANN wants to honor the AoC with respect to WHOIS, it firmly believe it > needs to shift from the voluntary mechanisms that don't work to a simple > though comprehensive set of mandatory mechanisms that will work. These > mechanisms should exist outside of any "at law"remedies but should be in > concert with them. > > I'll think about adding the VC to 4. My gut reaction is that it will still > allow too much legal room if/when the legal system is required. > > Bill > > On Dec 1, 2011, at 9:04 AM, "Susan Kawaguchi" > wrote: > >> Hi Bill, >> >> I agree with most of what is in your and Seth's recommendation but do not > understand how an SLA will work with non-contracted parties. >> >> What if we added the voluntary best practices to #4? >> >> Susan >> >> -----Original Message----- >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com] >> Sent: Thursday, December 01, 2011 7:44 AM >> To: James M. Bladel >> Cc: Susan Kawaguchi; rt4-whois at icann.org >> Subject: Re: [Rt4-whois] The New Proxy Language >> >> I have no problem with folks not being "on board". However, we did agree > to language in Dakar in essence saying that ICANN should avoid mentioning > proxies in the RAA. I realize that some may not have been fully on board > with that, and there have been suggestion to change our position. >> >> From my perspective, the changes are from the Dakar position to the > Voluntary Code proposal. >> >> I've pointed out how the VC can and likely will be circumvented, > especially by "bad actors". If someone can demonstrate a way that the VC > deals with this issue and avoids a return to the current state, I'm all > ears. >> >> One way for the VC to work is to have a set of SLAs that mandate action in > response to non-compliance to the SLAs. I don't see a mention of that in the > VC and I'd want to understand exactly what we're talking about regarding > times for roundtrip reveal/relay and the consequences for failure to respond > in a timely fashion. >> >> On Dec 1, 2011, at 7:23 AM, James M. Bladel wrote: >> >> Agree with Susan. These are very significant changes coming very late in > the game. >> >> J. >> >> -------- Original Message -------- >> Subject: Re: [Rt4-whois] The New Proxy Language >> From: Susan Kawaguchi >> >> Date: Thu, December 01, 2011 8:58 am >> To: Kathy Kleiman >> >> Cc: "rt4-whois at icann.org>" > >> >> >> Hi Kathy >> >> I am not onboard with Bill and Seth's recommendation but I am willing to > explore this direction. >> >> Susan >> >> Sent from my iPhone >> >> On Dec 1, 2011, at 6:18 AM, "Kathy Kleiman" > >> wrote: >> >>> But what James and Susan did so brilliantly, and for the first time in >>> history, was to begin to bring the proxy services into the ICANN tent >>> and into sight. The idea of disclosing relationships, sharing ownership >>> and contractual relationships, is an enormous step forward. I think we >>> are losing something now... >>> >>> Kathy: >>>> My preference is to replace the Voluntary Best Practices Guidelines. I > think there is useful information in that language to guide development of > SLAs regarding Registrant responsibilities and response times so would hate > to see that work "tossed". >>>> >>>> Seth's language is an attempt to "flesh out" the simple text we had in > Dakar, that said ICANN should remove reference to proxy services from the > RAA. I think he's done a good job, albeit perhaps a first cut, at doing that > and getting a conversation going on the practical implications of, let's > call it the Dakar proxy compact. >>>> >>>> As I recall, one of the reasons we decided to recommend removing proxies > from the RAA is that no matter how hard we, or ICANN tries to control or > regulate the proxy business, anyone can operate such a service outside of > the control of ICANN or the community. They simply register names and act on > behalf of someone else. >>>> >>>> What we, asa community, can do is develop some policies that set out > what is expected of all parties, including Registrants and have > consequences, mandatory in some cases, for failure to comply with the > policies. The consequence of last resort is revocation of the name. >>>> >>>> These policies wouldn't take the place of legal action, but they would > fill the void where Registrants, or their proxies, are non-responsive. >>>> >>>> The alternative is the voluntary code, but we know that can be avoided, > and letting the courts handle the situation... but that's basically where we > are today so I don't see how a code, voluntary or not helps in the end. >>>> >>>> On Dec 1, 2011, at 5:32 AM, Kathy Kleiman wrote: >>>> >>>>> Hi All, >>>>> What a night! I can see the 24*7 party of the WRT continued. Thanks so > very much! >>>>> >>>>> Regarding the language below, could someone be an expert guide? Is it a > replacement of the whole of the Proxy Recommendations, or in addition to the > Voluntary Best Practices Guidelines (which I really liked) >>>>> >>>>> Otherwise, I am thinking and researching. I think this is a big change > below, and I am not keen on #3 at all. Many, many people use proxy services > for many, many things, and the Recommendations section seems an odd place to > put a value judgement on that. >>>>> >>>>> Otherwise, there are some fascinating legal concepts, and my brain > already hurts! >>>>> Thinking hard first thing in the AM and still reviewing. >>>>> I would like to know what James thinks, >>>>> Kathy >>>>> >>>>>> Data Access- Proxy Service >>>>>> >>>>>> 1. The Review Team considers a Proxy Service as a relationship in > which >>>>>> the registrant is acting on behalf of another. The WHOIS data is that > of the >>>>>> agent/proxy service and the agent/proxy service alone obtains all > rights and >>>>>> assumes all responsibility for the domain name and its manner of use. >>>>>> 2. ICANN should clarify that any registrant that may be acting as a >>>>>> proxy service for another is in all respects still the registrant and, > in >>>>>> ICANN's view, should be held fully responsible for the use of the > domain >>>>>> name including for any and all harm that results from the use of the > domain >>>>>> name. >>>>>> 2. Because of ICANN's position on proxy services to date, which >>>>>> tolerates the proxy service industry that has arisen and which through > RAA >>>>>> provisions gives recognition and attempts to regulate that industry, > has >>>>>> been used by courts and others to allow proxy services to escape > liability >>>>>> for bad acts of the proxy service customers, ICANN should either > delete or >>>>>> amend those provisions of the RAA that can or have been used to allow > proxy >>>>>> services to escape liability. >>>>>> 3. The Review Team acknowledges that there may be legitimate reasons >>>>>> for the occasional use of a proxy service, as for example to protect a >>>>>> valuable trade secret at product launch. At the same time proxy > services >>>>>> should not be viewed or used as a substitute for privacy services that > are >>>>>> designed to shield an individual's personal contact information. The >>>>>> legitimate use a proxy service would be the exception and not > widespread. >>>>>> 4. A proxy service industry willing to accept full risks and > liabilities >>>>>> for the manner in which domain names through its service will be used > will >>>>>> take the necessary precautionary measures, in its relationship with > its >>>>>> customers, such that domain names so registered are unlikely to be > misused >>>>>> and, if misused, a remedy for those victimized will more likely be >>>>>> available. >>>>>> >>>>> _______________________________________________ >>>>> Rt4-whois mailing list >>>>> Rt4-whois at icann.org> >>>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>>> >>>> _______________________________________________ >>>> Rt4-whois mailing list >>>> Rt4-whois at icann.org> >>>> https://mm.icann.org/mailman/listinfo/rt4-whois >>> >>> >>> -- >>> >>> >>> >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org> >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org> >> https://mm.icann.org/mailman/listinfo/rt4-whois >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org> >> https://mm.icann.org/mailman/listinfo/rt4-whois >> > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. From emily at emilytaylor.eu Thu Dec 1 22:21:32 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Thu, 1 Dec 2011 22:21:32 +0000 Subject: [Rt4-whois] That's all folks Message-ID: Hi all We're there now. I believe that everyone has now had time to respond. I have heard no strong objections to the route that Lynn and Susan have advocated, in fact, I see that it has gathered support from all quarters. So, we adopt the following two recommendations on proxies: - the Dakar one - The text on good practices. We put the following text in our findings (please excuse me, I have tidied up my own hastily written and repetitive text, and I hope have taken in Bill's point about consensus); *> Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > We have reached consensus on all the recommendations set out below. However, we include our recommendation on best practices [see recommendation xx below], with the proviso that a significant body within the WHOIS Review Team has little confidence that such measures will prove a satisfactory solution over time. We request that the next WHOIS Review Team reviews the proxy industry's progress in this regard, and in the event that it finds the WHOIS policy and its implementation unsatisfactory at that point, we trust that it will make recommendations for more concrete measures. > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area.* * * --------- That's the contentious stuff, I think. We also have the additional recommendation (Lutz's wording on interface, which was agreed yesterday). There's also a huge to do list that Kathy and I compiled over Skype chat today, which we will now turn our attention to. In the background today, Kathy and Alice have been working tirelessly to proof-read, and generally tidy the final draft report, remove comments, queries, and add references. Lynn and others, thanks for your contribution to that effort, too. I will have little time tomorrow, but will review the entire document over the weekend before it's published. Kathy and I will also draft a covering note for the public comment, and with Alice sort out all those appendices we keep throwing in! If any team member can devote some time to assist, that would be great. The last few days have been challenging, but we have pulled together a fine, punchy report that does not skirt the difficult issues. We have worked through consensus, despite the challenges inherent in doing so. Thank you to each of you for your work and friendship over the past year, and for trusting me to serve as your Chair. There are two people that I would particularly like to thank and that's Alice Jansen and Kathy Kleiman for their extraordinary efforts - truly great colleagues. Kind regards, thank you. Good night and good luck. Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/075bd4aa/attachment.html From kathy at kathykleiman.com Thu Dec 1 22:51:27 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Thu, 01 Dec 2011 17:51:27 -0500 Subject: [Rt4-whois] No agreement on Lutz's recommendations Message-ID: <4ED804EF.3000900@kathykleiman.com> Hi Emily, As of this morning, there was considerable support for a rewording: To improve access to the Whois data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick WHOIS data for them. And _no consensus _I could see on the other wording, namely: 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information" by querying the appropriate servers, not copying the database. and a different variation floating around: To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Note: this is not one that arrived at consensus earlier, so this is minority report territory. Tx, Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/a86f5370/attachment.html From seth.reiss at lex-ip.com Thu Dec 1 22:52:40 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Thu, 1 Dec 2011 12:52:40 -1000 Subject: [Rt4-whois] That's all folks In-Reply-To: References: Message-ID: <004201ccb07b$eeba6240$cc2f26c0$@reiss@lex-ip.com> very well handled by all, particularly Susan and Emily Mahalo. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Thursday, December 01, 2011 12:22 PM To: rt4-whois at icann.org Subject: [Rt4-whois] That's all folks Hi all We're there now. I believe that everyone has now had time to respond. I have heard no strong objections to the route that Lynn and Susan have advocated, in fact, I see that it has gathered support from all quarters. So, we adopt the following two recommendations on proxies: - the Dakar one - The text on good practices. We put the following text in our findings (please excuse me, I have tidied up my own hastily written and repetitive text, and I hope have taken in Bill's point about consensus); > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > We have reached consensus on all the recommendations set out below. However, we include our recommendation on best practices [see recommendation xx below], with the proviso that a significant body within the WHOIS Review Team has little confidence that such measures will prove a satisfactory solution over time. We request that the next WHOIS Review Team reviews the proxy industry's progress in this regard, and in the event that it finds the WHOIS policy and its implementation unsatisfactory at that point, we trust that it will make recommendations for more concrete measures. > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. --------- That's the contentious stuff, I think. We also have the additional recommendation (Lutz's wording on interface, which was agreed yesterday). There's also a huge to do list that Kathy and I compiled over Skype chat today, which we will now turn our attention to. In the background today, Kathy and Alice have been working tirelessly to proof-read, and generally tidy the final draft report, remove comments, queries, and add references. Lynn and others, thanks for your contribution to that effort, too. I will have little time tomorrow, but will review the entire document over the weekend before it's published. Kathy and I will also draft a covering note for the public comment, and with Alice sort out all those appendices we keep throwing in! If any team member can devote some time to assist, that would be great. The last few days have been challenging, but we have pulled together a fine, punchy report that does not skirt the difficult issues. We have worked through consensus, despite the challenges inherent in doing so. Thank you to each of you for your work and friendship over the past year, and for trusting me to serve as your Chair. There are two people that I would particularly like to thank and that's Alice Jansen and Kathy Kleiman for their extraordinary efforts - truly great colleagues. Kind regards, thank you. Good night and good luck. Emily -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/502e486f/attachment.html From Peter.Nettlefold at dbcde.gov.au Thu Dec 1 23:06:21 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Fri, 2 Dec 2011 10:06:21 +1100 Subject: [Rt4-whois] That's all folks [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642270@EMB01.dept.gov.au> Classification: UNCLASSIFIED Thanks to everyone who contributed to this difficult issue, particularly to those who drafted these very useful findings to weave together our current thinking. I think we have reached a very positive position to share with the community, and I share Bill's optimism that we will be able to reach consensus on an approach for our final report. On the 'portal' recommendation - where did that finish? I'm not sure I'm clear whether this will apply to all gTLDs or just the thin registries? I still do not understand why it would be contentious for ICANN to search a registry database on behalf of a consumer and pass those results on, without in any way maintaining a database itself? That said, I understand that we may not be able to reach consensus on that now, if we haven't already. If we cannot/do not reach consensus on that now, I would ask that we take a similar approach to that which we just adopted for proxies: ie we all agree that we need to improve consumer accessibility, and all agree that ICANN should develop a portal to do this, and in this draft we're considering and seeking input on the scope. Again, many thanks to all for what has been a very busy and positive process. Cheers, Peter From: Emily Taylor [mailto:emily at emilytaylor.eu] Sent: Friday, December 02, 2011 09:21 AM To: rt4-whois at icann.org Subject: [Rt4-whois] That's all folks Hi all We're there now. I believe that everyone has now had time to respond. I have heard no strong objections to the route that Lynn and Susan have advocated, in fact, I see that it has gathered support from all quarters. So, we adopt the following two recommendations on proxies: - the Dakar one - The text on good practices. We put the following text in our findings (please excuse me, I have tidied up my own hastily written and repetitive text, and I hope have taken in Bill's point about consensus); > Review Team members are in unanimous agreement that the status quo regarding proxy registrations is not sustainable, is not fair to legitimate participants in the domain name marketplace, frustrates valuable social goals such as law enforcement [and the protection of intellectual property], and reflects poorly on ICANN's commitment to serve the public interest. > > We are also in agreement that the goal should be to give accredited registrars strong incentives not to foster this undesirable status quo, and that such incentives should arise both from the terms of the ICANN contracts with registrars, and from principles of legal responsibility under national law. ICANN can control the first source of these incentives; its contractual provisions may influence, but cannot control, the second, since neither of the parties most directly involved -- the proxy service customers, and the law enforcement or other party seeking to identify them and hold them accountable -- is under contract to ICANN. > > We have not reached consensus on how best to advance this common goal. Some believe that the best approach is to start with the proxy services that are made available in connection with domain name registration, and require these services to follow best practices for promptly disclosing the identity of the party actually in control of the domain name, with registrars facing consequences if they do business with services that do not fulfill best practices. Others prefer the approach of denying any recognition of proxy services in ICANN contracts, and treating all such services simply as registrants, regardless of their practices. > We have reached consensus on all the recommendations set out below. However, we include our recommendation on best practices [see recommendation xx below], with the proviso that a significant body within the WHOIS Review Team has little confidence that such measures will prove a satisfactory solution over time. We request that the next WHOIS Review Team reviews the proxy industry's progress in this regard, and in the event that it finds the WHOIS policy and its implementation unsatisfactory at that point, we trust that it will make recommendations for more concrete measures. > One other area of agreement is that neither approach will be successful without proactive ICANN compliance measures, either to police observance of best practices, in the first approach, or to press registrars to cancel registrations of proxy services that do not fulfill their contractual obligations as set forth in the RAA. A well resourced and credible compliance program is essential to reforming the unacceptable status quo in this area. --------- That's the contentious stuff, I think. We also have the additional recommendation (Lutz's wording on interface, which was agreed yesterday). There's also a huge to do list that Kathy and I compiled over Skype chat today, which we will now turn our attention to. In the background today, Kathy and Alice have been working tirelessly to proof-read, and generally tidy the final draft report, remove comments, queries, and add references. Lynn and others, thanks for your contribution to that effort, too. I will have little time tomorrow, but will review the entire document over the weekend before it's published. Kathy and I will also draft a covering note for the public comment, and with Alice sort out all those appendices we keep throwing in! If any team member can devote some time to assist, that would be great. The last few days have been challenging, but we have pulled together a fine, punchy report that does not skirt the difficult issues. We have worked through consensus, despite the challenges inherent in doing so. Thank you to each of you for your work and friendship over the past year, and for trusting me to serve as your Chair. There are two people that I would particularly like to thank and that's Alice Jansen and Kathy Kleiman for their extraordinary efforts - truly great colleagues. Kind regards, thank you. Good night and good luck. Emily -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/ed8163b3/attachment.html From alice.jansen at icann.org Thu Dec 1 23:55:16 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Thu, 1 Dec 2011 15:55:16 -0800 Subject: [Rt4-whois] Master document V2.1 - Message-ID: Dear Review Team members, Please find attached the most recent version of the master document. This version contains the following: * Lynn's edits including review of Sharon and Law Enforcement's comments * Susan's additional quotes from comments (NCUC, ALAC) * The Dakar definitions * Emily's language ? findings section * The best practices text (Susan, Kathy and James) * Lutz' recommendations (along with alternatives - please refer to Kathy's email - No agreement on Lutz's recommendations - 1 Dec 22:51 UTC). Please proofread all and closely examine text, in particular 7,8,9. Note that footnotes have been added and that typos have been found. I *believe* this document is up-to-date. Should you notice a missing piece of information or inconsistencies, please email me asap so that I can rectify for subsequent versions. The document is also available on the wiki at: https://community.icann.org/display/whoisreviewprivate/Draft+report Thanks, Kind regards Alice -- Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/100438ef/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Master document - V2.1 - A.J.docx Type: application/x-msword Size: 333600 bytes Desc: Master document - V2.1 - A.J.docx Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/100438ef/Masterdocument-V2.1-A.J.docx From alice.jansen at icann.org Fri Dec 2 00:07:37 2011 From: alice.jansen at icann.org (Alice Jansen) Date: Thu, 1 Dec 2011 16:07:37 -0800 Subject: [Rt4-whois] No agreement on Lutz's recommendations In-Reply-To: <4ED804EF.3000900@kathykleiman.com> Message-ID: Hi Team, With reference to Kathy's email - no agreement on Lutz' recommendations - , please note that I have added the two alternatives to the current draft for good measure. I would be very grateful if you could clarify which language you would like to adopt. My priority is to make sure that the document captures your intent. Many thanks in advance for your guidance. Kind regards Alice Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Kathy Kleiman > Date: Thu, 1 Dec 2011 14:51:27 -0800 To: "rt4-whois at icann.org" > Subject: [Rt4-whois] No agreement on Lutz's recommendations Hi Emily, As of this morning, there was considerable support for a rewording: To improve access to the Whois data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick WHOIS data for them. And no consensus I could see on the other wording, namely: 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information" by querying the appropriate servers, not copying the database. and a different variation floating around: To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Note: this is not one that arrived at consensus earlier, so this is minority report territory. Tx, Kathy -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/2cf269dc/attachment.html From Peter.Nettlefold at dbcde.gov.au Fri Dec 2 04:05:13 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Fri, 2 Dec 2011 15:05:13 +1100 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> Classification: UNCLASSIFIED Hello again all, In terms of the options, I do not understand how a comprehensive service could have any privacy implications or impact registries, as it would simply ease access to information that is already required to be publicly available. However, if we are unable to reach a consensus on this, I suggest that we adopt a similar approach to that which we took for proxies: i.e. highlight what we have agreed on (the need to assist users, and a portal to do this), and put forward alternatives for community comment on those issues we don't yet have consensus on (thin registries only, or all). Below is a strawman for comment. I have drawn from the elements of both proposals for the langauge, and also the idea of a 'smart web portal' which seemed to receive positive comment yesterday. It's been drafted on my blackberry in the airport, so I'm not precious about the wording, but wanted to put some text out there to assist the discussion. "To make WHOIS data more accessible for consumers, the review team recommends that ICANN should set up a dedicated, multilingual interface website to help users access thick gTLD WHOIS data. This would be a smart web portal, that would assist users to access publicly available WHOIS data. It is not envisaged that this would replicate registry databases in any way, but instead help users by providing a single centralised site through which to search those databases, and to display the WHOIS data in an accessible way. The review team has discussed the scope of this portal, and seeks community views on whether it should only apply to thin gTLD registries, or should instead provide a comprehensive gTLD search service." I hope this helps. Cheers, Peter From: Alice Jansen [mailto:alice.jansen at icann.org] Sent: Friday, December 02, 2011 11:07 AM To: Kathy Kleiman ; rt4-whois at icann.org Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations Hi Team, With reference to Kathy's email - no agreement on Lutz' recommendations - , please note that I have added the two alternatives to the current draft for good measure. I would be very grateful if you could clarify which language you would like to adopt. My priority is to make sure that the document captures your intent. Many thanks in advance for your guidance. Kind regards Alice Alice Jansen Assistant, Organizational Reviews 6 Rond Point Schuman, Bt.5 B-1040 Brussels Belgium Direct dial: +32 2 234 78 64 Mobile: +32 4 73 31 76 56 Skype: alice_jansen_icann From: Kathy Kleiman > Date: Thu, 1 Dec 2011 14:51:27 -0800 To: "rt4-whois at icann.org" > Subject: [Rt4-whois] No agreement on Lutz's recommendations Hi Emily, As of this morning, there was considerable support for a rewording: To improve access to the Whois data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick WHOIS data for them. And no consensus I could see on the other wording, namely: 14. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information" by querying the appropriate servers, not copying the database. and a different variation floating around: To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names. Note: this is not one that arrived at consensus earlier, so this is minority report territory. Tx, Kathy -- ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/f52d0d48/attachment.html From lutz at iks-jena.de Fri Dec 2 07:35:38 2011 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Fri, 2 Dec 2011 08:35:38 +0100 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> Message-ID: <20111202073538.GA12465@belenus.iks-jena.de> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: > "To make WHOIS data more accessible for consumers, the review team > recommends that ICANN should set up a dedicated, multilingual interface > website to help users access thick gTLD WHOIS data. Remove 'thick gTLD'. The scope is narrowed later. > This would be a smart web portal, that would assist users to access > publicly available WHOIS data. It is not envisaged that this would > replicate registry databases in any way, but instead help users by > providing a single centralised site through which to search those > databases, and to display the WHOIS data in an accessible way. Ack. (There is no reference zu gTLD.) > The review team has discussed the scope of this portal, and seeks > ecommunity views on whether it should only apply to thin gTLD registries, > or should instead provide a comprehensive gTLD search service." In order to be really useful, the system should be able to access any ICANN regulated WHOIS data (which includes ASN and IP). From emily at emilytaylor.eu Fri Dec 2 08:28:15 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Fri, 2 Dec 2011 08:28:15 +0000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <20111202073538.GA12465@belenus.iks-jena.de> References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> Message-ID: <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. Sent from my iPhone On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: > On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >> "To make WHOIS data more accessible for consumers, the review team >> recommends that ICANN should set up a dedicated, multilingual interface >> website to help users access thick gTLD WHOIS data. > > Remove 'thick gTLD'. The scope is narrowed later. > >> This would be a smart web portal, that would assist users to access >> publicly available WHOIS data. It is not envisaged that this would >> replicate registry databases in any way, but instead help users by >> providing a single centralised site through which to search those >> databases, and to display the WHOIS data in an accessible way. > > Ack. (There is no reference zu gTLD.) > >> The review team has discussed the scope of this portal, and seeks >> ecommunity views on whether it should only apply to thin gTLD registries, >> or should instead provide a comprehensive gTLD search service." > > In order to be really useful, the system should be able to access any ICANN > regulated WHOIS data (which includes ASN and IP). > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From lynn at goodsecurityconsulting.com Fri Dec 2 12:39:46 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Fri, 2 Dec 2011 12:39:46 +0000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> Message-ID: <2002817366-1322829574-cardhu_decombobulator_blackberry.rim.net-1808468913-@b11.c9.bise6.blackberry> I would like to get a better understanding of the. Objection or concern about Lutz's recommendation. If an interface is only implemented for .net and .com, it defeats the purpose and does not provide ease of access to all WHOIS registration data. Lynn Sent via BlackBerry by AT&T -----Original Message----- From: Emily Taylor Sender: rt4-whois-bounces at icann.org Date: Fri, 2 Dec 2011 08:28:15 To: Lutz Donnerhacke Cc: rt4-whois at icann.org Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. Sent from my iPhone On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: > On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >> "To make WHOIS data more accessible for consumers, the review team >> recommends that ICANN should set up a dedicated, multilingual interface >> website to help users access thick gTLD WHOIS data. > > Remove 'thick gTLD'. The scope is narrowed later. > >> This would be a smart web portal, that would assist users to access >> publicly available WHOIS data. It is not envisaged that this would >> replicate registry databases in any way, but instead help users by >> providing a single centralised site through which to search those >> databases, and to display the WHOIS data in an accessible way. > > Ack. (There is no reference zu gTLD.) > >> The review team has discussed the scope of this portal, and seeks >> ecommunity views on whether it should only apply to thin gTLD registries, >> or should instead provide a comprehensive gTLD search service." > > In order to be really useful, the system should be able to access any ICANN > regulated WHOIS data (which includes ASN and IP). > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Fri Dec 2 15:02:24 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Fri, 2 Dec 2011 08:02:24 -0700 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <2002817366-1322829574-cardhu_decombobulator_blackberry.rim.net-1808468913-@b11.c9.bise6.blackberry> References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> <2002817366-1322829574-cardhu_decombobulator_blackberry.rim.net-1808468913-@b11.c9.bise6.blackberry> Message-ID: I agree with Lynn and Peter on this. I'm having difficulty understanding the privacy implications of better usability, other than more people would use the service but then that's the purpose of improved usability. On Dec 2, 2011, at 4:39 AM, wrote: > I would like to get a better understanding of the. Objection or concern about Lutz's recommendation. If an interface is only implemented for .net and .com, it defeats the purpose and does not provide ease of access to all WHOIS registration data. > Lynn > > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > Sender: rt4-whois-bounces at icann.org > Date: Fri, 2 Dec 2011 08:28:15 > To: Lutz Donnerhacke > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > > Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. > > Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. > > Sent from my iPhone > > On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: > >> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >>> "To make WHOIS data more accessible for consumers, the review team >>> recommends that ICANN should set up a dedicated, multilingual interface >>> website to help users access thick gTLD WHOIS data. >> >> Remove 'thick gTLD'. The scope is narrowed later. >> >>> This would be a smart web portal, that would assist users to access >>> publicly available WHOIS data. It is not envisaged that this would >>> replicate registry databases in any way, but instead help users by >>> providing a single centralised site through which to search those >>> databases, and to display the WHOIS data in an accessible way. >> >> Ack. (There is no reference zu gTLD.) >> >>> The review team has discussed the scope of this portal, and seeks >>> ecommunity views on whether it should only apply to thin gTLD registries, >>> or should instead provide a comprehensive gTLD search service." >> >> In order to be really useful, the system should be able to access any ICANN >> regulated WHOIS data (which includes ASN and IP). >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Fri Dec 2 15:11:14 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Fri, 2 Dec 2011 13:11:14 -0200 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> <2002817366-1322829574-cardhu_decombobulator_blackberry.rim.net-1808468913-@b11.c9.bise6.blackberry> Message-ID: Probably we could say there's no privacy implications on Whois since it was made to be acessible, if you put your data you agree with this condition. The problem is the misuse (after) - both for data and hidden data (proxy). Omar 2011/12/2 Smith, Bill : > I agree with Lynn and Peter on this. I'm having difficulty understanding the privacy implications of better usability, other than more people would use the service but then that's the purpose of improved usability. > > On Dec 2, 2011, at 4:39 AM, wrote: > >> I would like to get a better understanding of the. ?Objection or concern about Lutz's recommendation. ?If an interface is only implemented for .net and .com, it defeats the purpose and does not provide ease of access to all WHOIS registration data. >> Lynn >> >> Sent via BlackBerry by AT&T >> >> -----Original Message----- >> From: Emily Taylor >> Sender: rt4-whois-bounces at icann.org >> Date: Fri, 2 Dec 2011 08:28:15 >> To: Lutz Donnerhacke >> Cc: rt4-whois at icann.org >> Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations >> ? ? ? [SEC=UNCLASSIFIED] >> >> Thank you for these constructive ideas. ?Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. >> >> Peter I think you meant thin registries didn't you? ?That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. >> >> Sent from my iPhone >> >> On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: >> >>> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >>>> "To make WHOIS data more accessible for consumers, the review team >>>> recommends that ICANN should set up a dedicated, multilingual interface >>>> website to help users access thick gTLD WHOIS data. >>> >>> Remove 'thick gTLD'. The scope is narrowed later. >>> >>>> This would be a smart web portal, that would assist users to access >>>> publicly available WHOIS data. It is not envisaged that this would >>>> replicate registry databases in any way, but instead help users by >>>> providing a single centralised site through which to search those >>>> databases, and to display the WHOIS data in an accessible way. >>> >>> Ack. (There is no reference zu gTLD.) >>> >>>> The review team has discussed the scope of this portal, and seeks >>>> ecommunity views on whether it should only apply to thin gTLD registries, >>>> or should instead provide a comprehensive gTLD search service." >>> >>> In order to be really useful, the system should be able to access any ICANN >>> regulated WHOIS data (which includes ASN and IP). >>> _______________________________________________ >>> Rt4-whois mailing list >>> Rt4-whois at icann.org >>> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois >> >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois From lynn at goodsecurityconsulting.com Fri Dec 2 16:25:55 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Fri, 02 Dec 2011 09:25:55 -0700 Subject: [Rt4-whois] =?utf-8?q?No_agreement_on_Lutz=27s_recommendations_?= =?utf-8?q?=5BSEC=3DUNCLASSIFIED=5D?= Message-ID: <20111202092555.00ef555ff13978e3e1b8d2179880f99e.b64d3fa08a.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/4c6eb56a/attachment.html From kathy at kathykleiman.com Fri Dec 2 16:39:03 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Fri, 02 Dec 2011 11:39:03 -0500 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <20111202092555.00ef555ff13978e3e1b8d2179880f99e.b64d3fa08a.wbe@email12.secureserver.net> References: <20111202092555.00ef555ff13978e3e1b8d2179880f99e.b64d3fa08a.wbe@email12.secureserver.net> Message-ID: <4ED8FF27.5080602@kathykleiman.com> Completely disagree guys, and am writing an extensive message. I have to say that two days after we were due to report out, I am surprised/concerned/upset to be debating substantive policy matters. But the fact is that the idea of Thick WHOIS database for existing thin registries (and all, there are Four of them, have we ever discussed that fact?) is **already being debated**. They recognize that there may be intended and possibly considerable unintended consequences of the process. Am reviewing their work and will share shortly. Suffice to say, I think we have leapt headlong into policy... Kathy << Yes - there is not a difference in privacy by implementing a centralized interface to all the existing Whois pages. All the interface does is provide a single point of access to the same data versus multiple points of access (that would still be functional). > Lynn > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: "Smith, Bill" > > Date: Fri, December 02, 2011 10:02 am > To: "lynn at goodsecurityconsulting.com > " > > > Cc: Emily Taylor >, "rt4-whois-bounces at icann.org > " > >, Lutz Donnerhacke > >, > "rt4-whois at icann.org " > > > > I agree with Lynn and Peter on this. I'm having difficulty > understanding the privacy implications of better usability, other > than more people would use the service but then that's the purpose > of improved usability. > > On Dec 2, 2011, at 4:39 AM, > > > wrote: > > > I would like to get a better understanding of the. Objection or > concern about Lutz's recommendation. If an interface is only > implemented for .net and .com, it defeats the purpose and does not > provide ease of access to all WHOIS registration data. > > Lynn > > > > Sent via BlackBerry by AT&T > > > > -----Original Message----- > > From: Emily Taylor > > > Sender: rt4-whois-bounces at icann.org > > > Date: Fri, 2 Dec 2011 08:28:15 > > To: Lutz Donnerhacke> > > Cc: rt4-whois at icann.org > > > > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > > [SEC=UNCLASSIFIED] > > > > Thank you for these constructive ideas. Apologies for my mistake > on this one. I would like Kathy's view on the proposed wording > before any sign offing this as I am aware it is something on which > she has previously raised comments. > > > > Peter I think you meant thin registries didn't you? That would be > a more accurate and precise version of what we agreed. This > another one where (I think) we are all agreed on a minimum which > in my view would represent a real step forward. What there is not > consensus on is how far or whether such a look-up could or should > be expanded. If is not already clear in the text we should find a > way of expressing clearly that our proposal should not necessitate > any transfer of databases, escrow or similar. It is simply a > single look up point. > > > > Sent from my iPhone > > > > On 2 Dec 2011, at 07:35, Lutz Donnerhacke > wrote: > > > >> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: > >>> "To make WHOIS data more accessible for consumers, the review team > >>> recommends that ICANN should set up a dedicated, multilingual > interface > >>> website to help users access thick gTLD WHOIS data. > >> > >> Remove 'thick gTLD'. The scope is narrowed later. > >> > >>> This would be a smart web portal, that would assist users to access > >>> publicly available WHOIS data. It is not envisaged that this would > >>> replicate registry databases in any way, but instead help users by > >>> providing a single centralised site through which to search those > >>> databases, and to display the WHOIS data in an accessible way. > >> > >> Ack. (There is no reference zu gTLD.) > >> > >>> The review team has discussed the scope of this portal, and seeks > >>> ecommunity views on whether it should only apply to thin gTLD > registries, > >>> or should instead provide a comprehensive gTLD search service." > >> > >> In order to be really useful, the system should be able to > access any ICANN > >> regulated WHOIS data (which includes ASN and IP). > >> _______________________________________________ > >> Rt4-whois mailing list > >> Rt4-whois at icann.org > >> https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > > Rt4-whois mailing list > > Rt4-whois at icann.org > > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/e059af0b/attachment.html From lynn at goodsecurityconsulting.com Fri Dec 2 17:10:23 2011 From: lynn at goodsecurityconsulting.com (lynn at goodsecurityconsulting.com) Date: Fri, 02 Dec 2011 10:10:23 -0700 Subject: [Rt4-whois] =?utf-8?q?No_agreement_on_Lutz=27s_recommendations_?= =?utf-8?q?=5BSEC=3DUNCLASSIFIED=5D?= Message-ID: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/e2406395/attachment.html From kathy at kathykleiman.com Fri Dec 2 17:32:29 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Fri, 02 Dec 2011 12:32:29 -0500 Subject: [Rt4-whois] No agreement on Lutz's recommendations - other work in progress In-Reply-To: <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> Message-ID: <4ED90BAD.90504@kathykleiman.com> Hi All, I'll share my views, but also with a tired sigh having spent so much of the last few days editing (the part of the report task I thought we were on). So there is much more to share, but I will give you the highlights, at least in my mind. _Findings_ 1. We promised to derive all of our recommendations based on findings. In this case, the findings are: A. We have a findability problem with some thin registries - our qualitative survey showed that people are having trouble finding the registrars for .COM domain names; we have some confirmation of this problem in the comments as well. B. We have no findability problem with thick registries. In fact, the opposite is true. We have pointed to thick registries as the models of what we want to see in Whois databases, and applauded the New gTLD Guidebook for making the thick registry the model for all new gTLDs. C. We may not even have a findability problem with two thin registries that we have never discussed, .JOBS and .NAME. _Concerns _D. This recommendation arose after MDR and Dakar. We have never - in person- talked about, worked through, or debated in person the wording of this recommendation. It did not arise until recently, even as we were finishing the chapters. Except in the last few days, even as some of us were working hard on the report format, footnotes and cross-references. E.It does not seem correlated at all to our findings. We found a problem with .COM findability -- and documented it. F. Most importantly, We have not checked for other work going on. Parallel work in other areas, e.g., consumer trust, is something we spoke a lot about. Here too, there is parallel work, but we have done no research into in. In fact, there is an issues report and public comment in play on this very issue. In fact, there are other proceedings going on and a fascinating recent report from the IRTP just out that is looking at a thick database for .COM and .NET for registration transfer purposes (and we can, of course, see many other benefits to that. In a proceeding now open, they are asking the very questions we should have as well: /Background/ *Here's what I wrote in our Report's Policy Chapter:* ==> "Although the .COM and .NET WHOIS models have remained unchanged for 11 years, there are some recommendations underway within the GNSO asking the community to consider the value of moving thin registries to a "thick WHOIS" model. Published on November 22, 2011, the comments ask the Community what "positive and/or negative effects" may arise from such a change.[footnote] As this evaluation is now taking place, it is not an existing policy which the Review Team could evaluate. However, we note the proceeding could lead to significant changes in the area." *Here's the IRTP's Recommendation #3: * ==> "The WG recommends requesting an Issues Report on the requirement of 'thick' WHOIS for all incumbent gTLDs. The benefit would be that in a thick registry one could develop a secure method for a gaining registrar to gain access to the registrant contact information. Currently there is no standard means for the secure exchange of registrant details in a thin registry. In this scenario, disputes between the registrant and admin contact could be reduced, as the registrant would become the ultimate approver of a transfer. Such an Issue Report and possible subsequent Policy Development Process should not only consider a possible requirement of 'thick' WHOIS for all incumbent gTLDs in the context of IRTP, but should *also consider any other positive and/or negative effects that are likely to occur outside of IRTP that would need to be taken into account when deciding whether a requirement of 'thick' WHOIS for all incumbent gTLDs would be desirable or not." *Called the *Preliminary Issue Report on'Thick' Whois, and recently issues, *ICANN staff explored some of these issues and has put a public notice out to the community to participate in the assessment of positive and negative effects of changes to the thin registries. Up for public comment now on the ICANN website *(btw, all, a key flag raised on this before the IRTP was privacy, and input on this issue is expected in the public comments).* *G. Can we even mandate a multilingual interface when, to the best of our knowledge, it does not even exist?*__(Did I miss something in our great IDN analysis/chapter?) H. Overall, we have ventured into an area we have not discussed in detail, even among ourselves, and frankly with the registries, registrars and Community who would be impacted. It's a policy change that we are suggesting - a detailed technical move - and it last minute. I am very concerned. * *_ Conclusions _I thoroughly recommend at this point that we don't take make any recommendation in this area. There is simply to much we don't know, and too much underway that we have not even tried to look at. Should we decide it is critical to move forward, we should not recommend a technical solution, but allow ICANN to find it, consistent with other proceeding. As Peter says, let's open this up for input. *//*_So here is the recommendation, if we have to make one at all: _ ** ==> To make the Whois data of .COM and .NET more accessible to those who seek it, the Review Team recommends that the ICANN Board direct an effort to facilitate easier access to the thick Whois data of .COM and .NET. This effort should coordinate with existing discussions within the GNSO of a Thick Whois database for existing thin registries and aim for a multilingual interface when technologically feasible. From Emily: Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. Sent from my iPhone On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: >> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >>> "To make WHOIS data more accessible for consumers, the review team >>> recommends that ICANN should set up a dedicated, multilingual interface >>> website to help users access thick gTLD WHOIS data. >> Remove 'thick gTLD'. The scope is narrowed later. >> >>> This would be a smart web portal, that would assist users to access >>> publicly available WHOIS data. It is not envisaged that this would >>> replicate registry databases in any way, but instead help users by >>> providing a single centralised site through which to search those >>> databases, and to display the WHOIS data in an accessible way. >> Ack. (There is no reference zu gTLD.) >> >>> The review team has discussed the scope of this portal, and seeks >>> ecommunity views on whether it should only apply to thin gTLD registries, >>> or should instead provide a comprehensive gTLD search service." >> In order to be really useful, the system should be able to access any ICANN >> regulated WHOIS data (which includes ASN and IP). >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/c591744b/attachment.html From seth.reiss at lex-ip.com Fri Dec 2 17:49:06 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Fri, 2 Dec 2011 07:49:06 -1000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <636771A7F4383E408C57A0240B5F8D4A333D642275@EMB01.dept.gov.au> <20111202073538.GA12465@belenus.iks-jena.de> <77AB37B7-CF2F-483C-98F1-39D3E4CED4B8@emilytaylor.eu> <2002817366-1322829574-cardhu_decombobulator_blackberry.rim.net-1808468913-@b11.c9.bise6.blackberry> Message-ID: <010c01ccb11a$b0cf3f60$126dbe20$@reiss@lex-ip.com> +1, Seth -----Original Message----- From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Smith, Bill Sent: Friday, December 02, 2011 5:02 AM To: lynn at goodsecurityconsulting.com Cc: rt4-whois at icann.org; rt4-whois-bounces at icann.org Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] I agree with Lynn and Peter on this. I'm having difficulty understanding the privacy implications of better usability, other than more people would use the service but then that's the purpose of improved usability. On Dec 2, 2011, at 4:39 AM, wrote: > I would like to get a better understanding of the. Objection or concern about Lutz's recommendation. If an interface is only implemented for .net and .com, it defeats the purpose and does not provide ease of access to all WHOIS registration data. > Lynn > > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > Sender: rt4-whois-bounces at icann.org > Date: Fri, 2 Dec 2011 08:28:15 > To: Lutz Donnerhacke > Cc: rt4-whois at icann.org > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > > Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. > > Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. > > Sent from my iPhone > > On 2 Dec 2011, at 07:35, Lutz Donnerhacke wrote: > >> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >>> "To make WHOIS data more accessible for consumers, the review team >>> recommends that ICANN should set up a dedicated, multilingual interface >>> website to help users access thick gTLD WHOIS data. >> >> Remove 'thick gTLD'. The scope is narrowed later. >> >>> This would be a smart web portal, that would assist users to access >>> publicly available WHOIS data. It is not envisaged that this would >>> replicate registry databases in any way, but instead help users by >>> providing a single centralised site through which to search those >>> databases, and to display the WHOIS data in an accessible way. >> >> Ack. (There is no reference zu gTLD.) >> >>> The review team has discussed the scope of this portal, and seeks >>> ecommunity views on whether it should only apply to thin gTLD registries, >>> or should instead provide a comprehensive gTLD search service." >> >> In order to be really useful, the system should be able to access any ICANN >> regulated WHOIS data (which includes ASN and IP). >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From bill.smith at paypal-inc.com Fri Dec 2 18:20:25 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Fri, 2 Dec 2011 11:20:25 -0700 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: <5A78AFA4-B508-44C4-8C55-844193206116@paypal.com> +1 Thick vs thin as about where the data is stored (and who controls it) not where it is accessed/displayed. Lutz's proposal addresses a significant issue that was highlighted during our consumer research. While that occurred towards the end of our work, the issue isn't new, we heard from several on the team that following WHOIS breadcrumbs is difficult. Lutz's proposal came out, as I recall, as a result of our discussions in Dakar (and followup discussions). Dismissing it because it is "too late" is in my opinion unwarranted. (We could make the same argument for the proxy and privacy Voluntary Code, but we shouldn't.) In addition, as I think I've stated before, *anyone* that has a desire to offer the service Lutz is proposing can do so. That fact is an inherent part of the Internet, unless we're going to switch to a model of ask for permission as would be the case at the ITU, but I digress. I'll have to read the lengthy discourse on why this is a bad idea later. On Dec 2, 2011, at 9:10 AM, > wrote: Perhaps it is because we have had an intense week trying to wrap this up. But I thought Lutz had submitted this recommendation some time ago. And on the last conference call, he clarified that this was not a centralized database but rather a centralized interface. And his recommendation referenced the consumer research study which I also called out and acknowledged the linkage. So it is also a surprise to me that we are not all in ageement. >From my perspective, this is not about Thick or Thin Whois data. It is about alleviatng the difficulties that absolutely everyone encounters in doing Whois lookups. For those of us involved in the domain name industry, we are more familiar with navigating. But I have to say it is cumbersome and usually requires several steps to find the registrant information. Lynn -------- Original Message -------- Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] From: Kathy Kleiman > Date: Fri, December 02, 2011 11:39 am To: rt4-whois at icann.org Completely disagree guys, and am writing an extensive message. I have to say that two days after we were due to report out, I am surprised/concerned/upset to be debating substantive policy matters. But the fact is that the idea of Thick WHOIS database for existing thin registries (and all, there are Four of them, have we ever discussed that fact?) is **already being debated**. They recognize that there may be intended and possibly considerable unintended consequences of the process. Am reviewing their work and will share shortly. Suffice to say, I think we have leapt headlong into policy... Kathy << Yes - there is not a difference in privacy by implementing a centralized interface to all the existing Whois pages. All the interface does is provide a single point of access to the same data versus multiple points of access (that would still be functional). Lynn -------- Original Message -------- Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] From: "Smith, Bill" > Date: Fri, December 02, 2011 10:02 am To: "lynn at goodsecurityconsulting.com" > Cc: Emily Taylor >, "rt4-whois-bounces at icann.org" >, Lutz Donnerhacke >, "rt4-whois at icann.org" > I agree with Lynn and Peter on this. I'm having difficulty understanding the privacy implications of better usability, other than more people would use the service but then that's the purpose of improved usability. On Dec 2, 2011, at 4:39 AM, > > wrote: > I would like to get a better understanding of the. Objection or concern about Lutz's recommendation. If an interface is only implemented for .net and .com, it defeats the purpose and does not provide ease of access to all WHOIS registration data. > Lynn > > Sent via BlackBerry by AT&T > > -----Original Message----- > From: Emily Taylor > > Sender: rt4-whois-bounces at icann.org > Date: Fri, 2 Dec 2011 08:28:15 > To: Lutz Donnerhacke> > Cc: rt4-whois at icann.org> > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > > Thank you for these constructive ideas. Apologies for my mistake on this one. I would like Kathy's view on the proposed wording before any sign offing this as I am aware it is something on which she has previously raised comments. > > Peter I think you meant thin registries didn't you? That would be a more accurate and precise version of what we agreed. This another one where (I think) we are all agreed on a minimum which in my view would represent a real step forward. What there is not consensus on is how far or whether such a look-up could or should be expanded. If is not already clear in the text we should find a way of expressing clearly that our proposal should not necessitate any transfer of databases, escrow or similar. It is simply a single look up point. > > Sent from my iPhone > > On 2 Dec 2011, at 07:35, Lutz Donnerhacke > wrote: > >> On Fri, Dec 02, 2011 at 03:05:13PM +1100, Nettlefold, Peter wrote: >>> "To make WHOIS data more accessible for consumers, the review team >>> recommends that ICANN should set up a dedicated, multilingual interface >>> website to help users access thick gTLD WHOIS data. >> >> Remove 'thick gTLD'. The scope is narrowed later. >> >>> This would be a smart web portal, that would assist users to access >>> publicly available WHOIS data. It is not envisaged that this would >>> replicate registry databases in any way, but instead help users by >>> providing a single centralised site through which to search those >>> databases, and to display the WHOIS data in an accessible way. >> >> Ack. (There is no reference zu gTLD.) >> >>> The review team has discussed the scope of this portal, and seeks >>> ecommunity views on whether it should only apply to thin gTLD registries, >>> or should instead provide a comprehensive gTLD search service." >> >> In order to be really useful, the system should be able to access any ICANN >> regulated WHOIS data (which includes ASN and IP). >> _______________________________________________ >> Rt4-whois mailing list >> Rt4-whois at icann.org >> https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- ________________________________ _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From omar at kaminski.adv.br Fri Dec 2 18:28:49 2011 From: omar at kaminski.adv.br (Omar Kaminski) Date: Fri, 2 Dec 2011 16:28:49 -0200 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: Completely agree with Lynn about the "mistery" (from the common user point of view) that envolves a Whois query (and let's forget the predictive confusion between gTLDs and ccTLDs). A good way to see the situation in perspective is to put "whois" on Google and check the results: they attend the users needs? BTW, in Brazil we have a project of law on House of Representatives that imposes the need to show the site owner's data. Consumer trust, I must say. In other hand, how to supervise thousands, millions of sites? Omar 2011/12/2 : > Perhaps it is because we have had an intense week trying to wrap this up. > But?I thought Lutz had submitted this recommendation some time ago.? And on > the last conference call, he clarified that > this was not a centralized database but rather a centralized?interface.? And > his recommendation referenced the consumer research study which > I also called out and acknowledged the linkage.? So it is also a surprise to > me that we are not all in ageement. > > From my perspective, this is not about Thick?or Thin Whois data.?? It is > about alleviatng?the difficulties that?absolutely everyone encounters in > doing > Whois lookups.? For those of us?involved in the domain name industry, we are > more familiar with navigating.? But I have to say?it is cumbersome and > usually requires several steps to find the registrant information. > Lynn > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: Kathy Kleiman > Date: Fri, December 02, 2011 11:39 am > To: rt4-whois at icann.org > > Completely disagree guys, and am writing an extensive message. I have to say > that two days after we were due to report out, I am > surprised/concerned/upset to be debating substantive policy matters. > > But the fact is that the idea of? Thick WHOIS database for existing thin > registries (and all, there are Four of them, have we ever discussed that > fact?) is **already being debated**.? They recognize that there may be > intended and possibly considerable unintended consequences of the process. > Am reviewing their work and will share shortly. > > Suffice to say, I think we have leapt headlong into policy... Kathy > > << Yes - there is not a difference in privacy by implementing a centralized > interface to all the existing Whois pages.? All the interface does is > provide a single point of access to the same data versus multiple points of > access (that would still be functional). > > Lynn > > From emily at emilytaylor.eu Fri Dec 2 18:57:06 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Fri, 2 Dec 2011 18:57:06 +0000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: Oh dear, just when we thought it was safe to go out. We are out of time for this kind of debate. I am certainly not going to hold up publication of the report on this issue. We agreed a recommendation limited to thin WHOIS, and I believe that the way to go given these exchanges is the solution Peter suggested last night: we can preface it by a line or two of text saying a number of team members believe that there would be no reason not to expand a neutral, combined look-up to other TLDs in time, but we have consensus for thin WHOIS. I will put in the agreed recommendation, and I suggest that we put in the explanatory text above. Kind regards Emily On 2 December 2011 18:28, Omar Kaminski wrote: > Completely agree with Lynn about the "mistery" (from the common user > point of view) that envolves a Whois query (and let's forget the > predictive confusion between gTLDs and ccTLDs). > > A good way to see the situation in perspective is to put "whois" on > Google and check the results: they attend the users needs? > > BTW, in Brazil we have a project of law on House of Representatives > that imposes the need to show the site owner's data. Consumer trust, I > must say. In other hand, how to supervise thousands, millions of > sites? > > Omar > > > 2011/12/2 : > > Perhaps it is because we have had an intense week trying to wrap this up. > > But I thought Lutz had submitted this recommendation some time ago. And > on > > the last conference call, he clarified that > > this was not a centralized database but rather a centralized interface. > And > > his recommendation referenced the consumer research study which > > I also called out and acknowledged the linkage. So it is also a > surprise to > > me that we are not all in ageement. > > > > From my perspective, this is not about Thick or Thin Whois data. It is > > about alleviatng the difficulties that absolutely everyone encounters in > > doing > > Whois lookups. For those of us involved in the domain name industry, we > are > > more familiar with navigating. But I have to say it is cumbersome and > > usually requires several steps to find the registrant information. > > Lynn > > > > > > -------- Original Message -------- > > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > > [SEC=UNCLASSIFIED] > > From: Kathy Kleiman > > Date: Fri, December 02, 2011 11:39 am > > To: rt4-whois at icann.org > > > > Completely disagree guys, and am writing an extensive message. I have to > say > > that two days after we were due to report out, I am > > surprised/concerned/upset to be debating substantive policy matters. > > > > But the fact is that the idea of Thick WHOIS database for existing thin > > registries (and all, there are Four of them, have we ever discussed that > > fact?) is **already being debated**. They recognize that there may be > > intended and possibly considerable unintended consequences of the > process. > > Am reviewing their work and will share shortly. > > > > Suffice to say, I think we have leapt headlong into policy... Kathy > > > > << Yes - there is not a difference in privacy by implementing a > centralized > > interface to all the existing Whois pages. All the interface does is > > provide a single point of access to the same data versus multiple points > of > > access (that would still be functional). > > > > Lynn > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/60992da8/attachment.html From m.yakushev at corp.mail.ru Fri Dec 2 18:59:48 2011 From: m.yakushev at corp.mail.ru (Mikhail Yakushev) Date: Fri, 2 Dec 2011 18:59:48 +0000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: <71B38F372F86D940B9C644A99264FA313E7821@M2EMBS1.mail.msk> Dear colleagues, I think this is the best solution. Rgds, Michael From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Friday, December 02, 2011 9:57 PM To: Omar Kaminski Cc: rt4-whois Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] Oh dear, just when we thought it was safe to go out. We are out of time for this kind of debate. I am certainly not going to hold up publication of the report on this issue. We agreed a recommendation limited to thin WHOIS, and I believe that the way to go given these exchanges is the solution Peter suggested last night: we can preface it by a line or two of text saying a number of team members believe that there would be no reason not to expand a neutral, combined look-up to other TLDs in time, but we have consensus for thin WHOIS. I will put in the agreed recommendation, and I suggest that we put in the explanatory text above. Kind regards Emily On 2 December 2011 18:28, Omar Kaminski > wrote: Completely agree with Lynn about the "mistery" (from the common user point of view) that envolves a Whois query (and let's forget the predictive confusion between gTLDs and ccTLDs). A good way to see the situation in perspective is to put "whois" on Google and check the results: they attend the users needs? BTW, in Brazil we have a project of law on House of Representatives that imposes the need to show the site owner's data. Consumer trust, I must say. In other hand, how to supervise thousands, millions of sites? Omar 2011/12/2 >: > Perhaps it is because we have had an intense week trying to wrap this up. > But I thought Lutz had submitted this recommendation some time ago. And on > the last conference call, he clarified that > this was not a centralized database but rather a centralized interface. And > his recommendation referenced the consumer research study which > I also called out and acknowledged the linkage. So it is also a surprise to > me that we are not all in ageement. > > From my perspective, this is not about Thick or Thin Whois data. It is > about alleviatng the difficulties that absolutely everyone encounters in > doing > Whois lookups. For those of us involved in the domain name industry, we are > more familiar with navigating. But I have to say it is cumbersome and > usually requires several steps to find the registrant information. > Lynn > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: Kathy Kleiman > > Date: Fri, December 02, 2011 11:39 am > To: rt4-whois at icann.org > > Completely disagree guys, and am writing an extensive message. I have to say > that two days after we were due to report out, I am > surprised/concerned/upset to be debating substantive policy matters. > > But the fact is that the idea of Thick WHOIS database for existing thin > registries (and all, there are Four of them, have we ever discussed that > fact?) is **already being debated**. They recognize that there may be > intended and possibly considerable unintended consequences of the process. > Am reviewing their work and will share shortly. > > Suffice to say, I think we have leapt headlong into policy... Kathy > > << Yes - there is not a difference in privacy by implementing a centralized > interface to all the existing Whois pages. All the interface does is > provide a single point of access to the same data versus multiple points of > access (that would still be functional). > > Lynn > > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [Description: Image removed by sender.] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/58272cac/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD000.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD000.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/58272cac/WRD000.jpg From susank at fb.com Fri Dec 2 19:07:35 2011 From: susank at fb.com (Susan Kawaguchi) Date: Fri, 2 Dec 2011 19:07:35 +0000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: I agree From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Friday, December 02, 2011 10:57 AM To: Omar Kaminski Cc: rt4-whois Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] Oh dear, just when we thought it was safe to go out. We are out of time for this kind of debate. I am certainly not going to hold up publication of the report on this issue. We agreed a recommendation limited to thin WHOIS, and I believe that the way to go given these exchanges is the solution Peter suggested last night: we can preface it by a line or two of text saying a number of team members believe that there would be no reason not to expand a neutral, combined look-up to other TLDs in time, but we have consensus for thin WHOIS. I will put in the agreed recommendation, and I suggest that we put in the explanatory text above. Kind regards Emily On 2 December 2011 18:28, Omar Kaminski > wrote: Completely agree with Lynn about the "mistery" (from the common user point of view) that envolves a Whois query (and let's forget the predictive confusion between gTLDs and ccTLDs). A good way to see the situation in perspective is to put "whois" on Google and check the results: they attend the users needs? BTW, in Brazil we have a project of law on House of Representatives that imposes the need to show the site owner's data. Consumer trust, I must say. In other hand, how to supervise thousands, millions of sites? Omar 2011/12/2 >: > Perhaps it is because we have had an intense week trying to wrap this up. > But I thought Lutz had submitted this recommendation some time ago. And on > the last conference call, he clarified that > this was not a centralized database but rather a centralized interface. And > his recommendation referenced the consumer research study which > I also called out and acknowledged the linkage. So it is also a surprise to > me that we are not all in ageement. > > From my perspective, this is not about Thick or Thin Whois data. It is > about alleviatng the difficulties that absolutely everyone encounters in > doing > Whois lookups. For those of us involved in the domain name industry, we are > more familiar with navigating. But I have to say it is cumbersome and > usually requires several steps to find the registrant information. > Lynn > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: Kathy Kleiman > > Date: Fri, December 02, 2011 11:39 am > To: rt4-whois at icann.org > > Completely disagree guys, and am writing an extensive message. I have to say > that two days after we were due to report out, I am > surprised/concerned/upset to be debating substantive policy matters. > > But the fact is that the idea of Thick WHOIS database for existing thin > registries (and all, there are Four of them, have we ever discussed that > fact?) is **already being debated**. They recognize that there may be > intended and possibly considerable unintended consequences of the process. > Am reviewing their work and will share shortly. > > Suffice to say, I think we have leapt headlong into policy... Kathy > > << Yes - there is not a difference in privacy by implementing a centralized > interface to all the existing Whois pages. All the interface does is > provide a single point of access to the same data versus multiple points of > access (that would still be functional). > > Lynn > > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/e0f01d1e/attachment.html From kathy at kathykleiman.com Fri Dec 2 19:22:14 2011 From: kathy at kathykleiman.com (Kathy Kleiman) Date: Fri, 02 Dec 2011 14:22:14 -0500 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: <4ED92566.6060106@kathykleiman.com> If that is the direction we go, OK. Just a note that there is really no such thing as "thick gTLD WHOIS data," but rather thick and thin registries. A clearer way to say the same thing might be: ==> To make WHOIS data more accessible for consumers, the review team recommends that ICANN should set up a dedicated, multilingual interface website for .COM and .NET to help users access the complete gTLD WHOIS data. ===> Peter's original: To make WHOIS data more accessible for consumers, the review team recommends that ICANN should set up a dedicated, multilingual interface website to help users access thick gTLD WHOIS data. Kathy : > Oh dear, just when we thought it was safe to go out. > > We are out of time for this kind of debate. I am certainly not going > to hold up publication of the report on this issue. > > We agreed a recommendation limited to thin WHOIS, and I believe that > the way to go given these exchanges is the solution Peter suggested > last night: we can preface it by a line or two of text saying a number > of team members believe that there would be no reason not to expand a > neutral, combined look-up to other TLDs in time, but we have consensus > for thin WHOIS. > > I will put in the agreed recommendation, and I suggest that we put in > the explanatory text above. > > Kind regards > > Emily > > On 2 December 2011 18:28, Omar Kaminski > wrote: > > Completely agree with Lynn about the "mistery" (from the common user > point of view) that envolves a Whois query (and let's forget the > predictive confusion between gTLDs and ccTLDs). > > A good way to see the situation in perspective is to put "whois" on > Google and check the results: they attend the users needs? > > BTW, in Brazil we have a project of law on House of Representatives > that imposes the need to show the site owner's data. Consumer trust, I > must say. In other hand, how to supervise thousands, millions of > sites? > > Omar > > > 2011/12/2 >: > > Perhaps it is because we have had an intense week trying to wrap > this up. > > But I thought Lutz had submitted this recommendation some time > ago. And on > > the last conference call, he clarified that > > this was not a centralized database but rather a > centralized interface. And > > his recommendation referenced the consumer research study which > > I also called out and acknowledged the linkage. So it is also a > surprise to > > me that we are not all in ageement. > > > > From my perspective, this is not about Thick or Thin Whois > data. It is > > about alleviatng the difficulties that absolutely everyone > encounters in > > doing > > Whois lookups. For those of us involved in the domain name > industry, we are > > more familiar with navigating. But I have to say it is > cumbersome and > > usually requires several steps to find the registrant information. > > Lynn > > > > > > -------- Original Message -------- > > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > > [SEC=UNCLASSIFIED] > > From: Kathy Kleiman > > > Date: Fri, December 02, 2011 11:39 am > > To: rt4-whois at icann.org > > > > Completely disagree guys, and am writing an extensive message. I > have to say > > that two days after we were due to report out, I am > > surprised/concerned/upset to be debating substantive policy matters. > > > > But the fact is that the idea of Thick WHOIS database for > existing thin > > registries (and all, there are Four of them, have we ever > discussed that > > fact?) is **already being debated**. They recognize that there > may be > > intended and possibly considerable unintended consequences of > the process. > > Am reviewing their work and will share shortly. > > > > Suffice to say, I think we have leapt headlong into policy... Kathy > > > > << Yes - there is not a difference in privacy by implementing a > centralized > > interface to all the existing Whois pages. All the interface > does is > > provide a single point of access to the same data versus > multiple points of > > access (that would still be functional). > > > > Lynn > > > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois > > > > > -- > > > > > __ > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > *www.etlaw.co.uk * > > Emily Taylor Consultancy Limited is a company registered in England > and Wales No. 730471. VAT No. 114487713. > > > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/e28cbd5c/attachment.html From seth.reiss at lex-ip.com Fri Dec 2 19:30:49 2011 From: seth.reiss at lex-ip.com (Seth M Reiss) Date: Fri, 2 Dec 2011 09:30:49 -1000 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> Message-ID: <002501ccb128$e6a8c490$b3fa4db0$@reiss@lex-ip.com> Thanks Emily From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Friday, December 02, 2011 8:57 AM To: Omar Kaminski Cc: rt4-whois Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] Oh dear, just when we thought it was safe to go out. We are out of time for this kind of debate. I am certainly not going to hold up publication of the report on this issue. We agreed a recommendation limited to thin WHOIS, and I believe that the way to go given these exchanges is the solution Peter suggested last night: we can preface it by a line or two of text saying a number of team members believe that there would be no reason not to expand a neutral, combined look-up to other TLDs in time, but we have consensus for thin WHOIS. I will put in the agreed recommendation, and I suggest that we put in the explanatory text above. Kind regards Emily On 2 December 2011 18:28, Omar Kaminski wrote: Completely agree with Lynn about the "mistery" (from the common user point of view) that envolves a Whois query (and let's forget the predictive confusion between gTLDs and ccTLDs). A good way to see the situation in perspective is to put "whois" on Google and check the results: they attend the users needs? BTW, in Brazil we have a project of law on House of Representatives that imposes the need to show the site owner's data. Consumer trust, I must say. In other hand, how to supervise thousands, millions of sites? Omar 2011/12/2 : > Perhaps it is because we have had an intense week trying to wrap this up. > But I thought Lutz had submitted this recommendation some time ago. And on > the last conference call, he clarified that > this was not a centralized database but rather a centralized interface. And > his recommendation referenced the consumer research study which > I also called out and acknowledged the linkage. So it is also a surprise to > me that we are not all in ageement. > > From my perspective, this is not about Thick or Thin Whois data. It is > about alleviatng the difficulties that absolutely everyone encounters in > doing > Whois lookups. For those of us involved in the domain name industry, we are > more familiar with navigating. But I have to say it is cumbersome and > usually requires several steps to find the registrant information. > Lynn > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: Kathy Kleiman > Date: Fri, December 02, 2011 11:39 am > To: rt4-whois at icann.org > > Completely disagree guys, and am writing an extensive message. I have to say > that two days after we were due to report out, I am > surprised/concerned/upset to be debating substantive policy matters. > > But the fact is that the idea of Thick WHOIS database for existing thin > registries (and all, there are Four of them, have we ever discussed that > fact?) is **already being debated**. They recognize that there may be > intended and possibly considerable unintended consequences of the process. > Am reviewing their work and will share shortly. > > Suffice to say, I think we have leapt headlong into policy... Kathy > > << Yes - there is not a difference in privacy by implementing a centralized > interface to all the existing Whois pages. All the interface does is > provide a single point of access to the same data versus multiple points of > access (that would still be functional). > > Lynn > > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 . m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111202/efc5db63/attachment.html From bill.smith at paypal-inc.com Fri Dec 2 19:57:21 2011 From: bill.smith at paypal-inc.com (Smith, Bill) Date: Fri, 2 Dec 2011 12:57:21 -0700 Subject: [Rt4-whois] No agreement on Lutz's recommendations [SEC=UNCLASSIFIED] In-Reply-To: <4ED92566.6060106@kathykleiman.com> References: <20111202101023.00ef555ff13978e3e1b8d2179880f99e.2a49b13f43.wbe@email12.secureserver.net> <4ED92566.6060106@kathykleiman.com> Message-ID: <9B554DAD-7A30-40F6-ABE3-B67B2FE19EDD@paypal.com> Isn't this (copied from the wiki draft) the currently "agreed to" language: 1. To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information" by querying the appropriate servers, not copying the database. I see no mention of .com or .net and would object to inserting them at this late stage. On Dec 2, 2011, at 11:22 AM, Kathy Kleiman wrote: If that is the direction we go, OK. Just a note that there is really no such thing as "thick gTLD WHOIS data," but rather thick and thin registries. A clearer way to say the same thing might be: ==> To make WHOIS data more accessible for consumers, the review team recommends that ICANN should set up a dedicated, multilingual interface website for .COM and .NET to help users access the complete gTLD WHOIS data. ===> Peter's original: To make WHOIS data more accessible for consumers, the review team recommends that ICANN should set up a dedicated, multilingual interface website to help users access thick gTLD WHOIS data. Kathy : Oh dear, just when we thought it was safe to go out. We are out of time for this kind of debate. I am certainly not going to hold up publication of the report on this issue. We agreed a recommendation limited to thin WHOIS, and I believe that the way to go given these exchanges is the solution Peter suggested last night: we can preface it by a line or two of text saying a number of team members believe that there would be no reason not to expand a neutral, combined look-up to other TLDs in time, but we have consensus for thin WHOIS. I will put in the agreed recommendation, and I suggest that we put in the explanatory text above. Kind regards Emily On 2 December 2011 18:28, Omar Kaminski > wrote: Completely agree with Lynn about the "mistery" (from the common user point of view) that envolves a Whois query (and let's forget the predictive confusion between gTLDs and ccTLDs). A good way to see the situation in perspective is to put "whois" on Google and check the results: they attend the users needs? BTW, in Brazil we have a project of law on House of Representatives that imposes the need to show the site owner's data. Consumer trust, I must say. In other hand, how to supervise thousands, millions of sites? Omar 2011/12/2 >: > Perhaps it is because we have had an intense week trying to wrap this up. > But I thought Lutz had submitted this recommendation some time ago. And on > the last conference call, he clarified that > this was not a centralized database but rather a centralized interface. And > his recommendation referenced the consumer research study which > I also called out and acknowledged the linkage. So it is also a surprise to > me that we are not all in ageement. > > From my perspective, this is not about Thick or Thin Whois data. It is > about alleviatng the difficulties that absolutely everyone encounters in > doing > Whois lookups. For those of us involved in the domain name industry, we are > more familiar with navigating. But I have to say it is cumbersome and > usually requires several steps to find the registrant information. > Lynn > > > -------- Original Message -------- > Subject: Re: [Rt4-whois] No agreement on Lutz's recommendations > [SEC=UNCLASSIFIED] > From: Kathy Kleiman > > Date: Fri, December 02, 2011 11:39 am > To: rt4-whois at icann.org > > Completely disagree guys, and am writing an extensive message. I have to say > that two days after we were due to report out, I am > surprised/concerned/upset to be debating substantive policy matters. > > But the fact is that the idea of Thick WHOIS database for existing thin > registries (and all, there are Four of them, have we ever discussed that > fact?) is **already being debated**. They recognize that there may be > intended and possibly considerable unintended consequences of the process. > Am reviewing their work and will share shortly. > > Suffice to say, I think we have leapt headlong into policy... Kathy > > << Yes - there is not a difference in privacy by implementing a centralized > interface to all the existing Whois pages. All the interface does is > provide a single point of access to the same data versus multiple points of > access (that would still be functional). > > Lynn > > _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois -- _______________________________________________ Rt4-whois mailing list Rt4-whois at icann.org https://mm.icann.org/mailman/listinfo/rt4-whois From emily at emilytaylor.eu Sat Dec 3 14:27:30 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Sat, 3 Dec 2011 14:27:30 +0000 Subject: [Rt4-whois] Final version - proof-read Message-ID: Hi all I attach a mark up showing my final edits to the Draft Report, which we will be publishing on Monday. You can see my changes. They are mainly correction of typos, adding a couple of footnote references, and making sure that we are using terms consistently. I also split the report into three parts (Part I: Scope and definitions; Part II - WHOIS Policy and implementation and Part III - the extent to which WHOIS policy and its implementation are effective in meeting stakeholder needs). I found that this made it easier to see how the pieces of the jigsaw fit together. There are a couple of more substantive changes: 1. Recommendations - As agreed on the list, I have unhighlighted (ie confirmed) the best practices recommendations re proxies, and inserted the introductory text proposed by Susan and amended by me. 2. Recommendations - given the late controversy on whether the interface should be for all gTLDs or just thin ones, I have put in two alternatives for public comment, as proposed by Peter, and have added a sentence near the introductory text on proxies. 3. Recommendations - Lutz's add on consumer outreach I have added into the paragraph below where it was - I am unaware of any opposition to this addition, or even when it was made, so shout if you have objections. 4. Recommendations - A few days ago, given the discussion of the words "registrar-operated" in recommendation 10, I proposed their deletion. I heard no opposition, and have deleted them. 5.The order of the chapter on implementation (which I wrote) I found annoying, and not sufficiently clear because it has suffered from being moved back and forth from the main report to the more detailed letter in the appendix. I have therefore made a few changes there, which are marked up. These should be uncontentious - the aim is to explain what's going on rather than introduce substantive changes. Please give any final final edits to me and Alice/ circulated to the list by the end of the weekend. Alice -- you will see that I've managed to muck up some of the formatting (in particular I could not get the title for PART III to appear on the same page as the next chapter heading, so gave up). Please can you also update the table of contents. On Monday, if no more comments have been made, please accept all the marked up changes, and publish the draft report. I will also forward an outline of our proposed cover note/ request for comment. Kind regards Emily -- * * 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu *www.etlaw.co.uk* Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111203/ab00a574/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Master document - V2.3 - ET.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 355073 bytes Desc: not available Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111203/ab00a574/Masterdocument-V2.3-ET.docx From sarmad.hussain at kics.edu.pk Sun Dec 4 04:47:37 2011 From: sarmad.hussain at kics.edu.pk (Sarmad Hussain) Date: Sun, 4 Dec 2011 09:47:37 +0500 Subject: [Rt4-whois] Final version - proof-read In-Reply-To: References: Message-ID: <4edafb6e.4606e30a.382f.ffffc631@mx.google.com> Dear Alice, Two typos in the IDN section: 1. Ideosyncratic ? idiosyncratic; though I would suggest using ?arbitrary? instead 2. Footnote should be ?Available at http://...? In the edit, ?at? is missing. Regards, Sarmad From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Saturday, December 03, 2011 7:28 PM To: rt4-whois at icann.org Subject: [Rt4-whois] Final version - proof-read Hi all I attach a mark up showing my final edits to the Draft Report, which we will be publishing on Monday. You can see my changes. They are mainly correction of typos, adding a couple of footnote references, and making sure that we are using terms consistently. I also split the report into three parts (Part I: Scope and definitions; Part II - WHOIS Policy and implementation and Part III - the extent to which WHOIS policy and its implementation are effective in meeting stakeholder needs). I found that this made it easier to see how the pieces of the jigsaw fit together. There are a couple of more substantive changes: 1. Recommendations - As agreed on the list, I have unhighlighted (ie confirmed) the best practices recommendations re proxies, and inserted the introductory text proposed by Susan and amended by me. 2. Recommendations - given the late controversy on whether the interface should be for all gTLDs or just thin ones, I have put in two alternatives for public comment, as proposed by Peter, and have added a sentence near the introductory text on proxies. 3. Recommendations - Lutz's add on consumer outreach I have added into the paragraph below where it was - I am unaware of any opposition to this addition, or even when it was made, so shout if you have objections. 4. Recommendations - A few days ago, given the discussion of the words "registrar-operated" in recommendation 10, I proposed their deletion. I heard no opposition, and have deleted them. 5.The order of the chapter on implementation (which I wrote) I found annoying, and not sufficiently clear because it has suffered from being moved back and forth from the main report to the more detailed letter in the appendix. I have therefore made a few changes there, which are marked up. These should be uncontentious - the aim is to explain what's going on rather than introduce substantive changes. Please give any final final edits to me and Alice/ circulated to the list by the end of the weekend. Alice -- you will see that I've managed to muck up some of the formatting (in particular I could not get the title for PART III to appear on the same page as the next chapter heading, so gave up). Please can you also update the table of contents. On Monday, if no more comments have been made, please accept all the marked up changes, and publish the draft report. I will also forward an outline of our proposed cover note/ request for comment. Kind regards Emily -- 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111204/8c9fddc4/attachment.html From emily at emilytaylor.eu Sun Dec 4 08:13:12 2011 From: emily at emilytaylor.eu (Emily Taylor) Date: Sun, 4 Dec 2011 08:13:12 +0000 Subject: [Rt4-whois] Final version - proof-read In-Reply-To: <4edafb6e.4606e30a.382f.ffffc631@mx.google.com> References: <4edafb6e.4606e30a.382f.ffffc631@mx.google.com> Message-ID: Thanks Sarmad Sent from my iPhone On 4 Dec 2011, at 04:47, "Sarmad Hussain" wrote: > Dear Alice, > > Two typos in the IDN section: > > 1. Ideosyncratic ? idiosyncratic; though I would suggest using ?arbitrary? instead > 2. Footnote should be ?Available at http://...? In the edit, ?at? is missing. > > Regards, > Sarmad > > > From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor > Sent: Saturday, December 03, 2011 7:28 PM > To: rt4-whois at icann.org > Subject: [Rt4-whois] Final version - proof-read > > Hi all > > I attach a mark up showing my final edits to the Draft Report, which we will be publishing on Monday. > > You can see my changes. They are mainly correction of typos, adding a couple of footnote references, and making sure that we are using terms consistently. I also split the report into three parts (Part I: Scope and definitions; Part II - WHOIS Policy and implementation and Part III - the extent to which WHOIS policy and its implementation are effective in meeting stakeholder needs). I found that this made it easier to see how the pieces of the jigsaw fit together. > > There are a couple of more substantive changes: > > 1. Recommendations - As agreed on the list, I have unhighlighted (ie confirmed) the best practices recommendations re proxies, and inserted the introductory text proposed by Susan and amended by me. > 2. Recommendations - given the late controversy on whether the interface should be for all gTLDs or just thin ones, I have put in two alternatives for public comment, as proposed by Peter, and have added a sentence near the introductory text on proxies. > 3. Recommendations - Lutz's add on consumer outreach I have added into the paragraph below where it was - I am unaware of any opposition to this addition, or even when it was made, so shout if you have objections. > 4. Recommendations - A few days ago, given the discussion of the words "registrar-operated" in recommendation 10, I proposed their deletion. I heard no opposition, and have deleted them. > 5.The order of the chapter on implementation (which I wrote) I found annoying, and not sufficiently clear because it has suffered from being moved back and forth from the main report to the more detailed letter in the appendix. I have therefore made a few changes there, which are marked up. These should be uncontentious - the aim is to explain what's going on rather than introduce substantive changes. > > Please give any final final edits to me and Alice/ circulated to the list by the end of the weekend. > > Alice -- you will see that I've managed to muck up some of the formatting (in particular I could not get the title for PART III to appear on the same page as the next chapter heading, so gave up). Please can you also update the table of contents. On Monday, if no more comments have been made, please accept all the marked up changes, and publish the draft report. > > I will also forward an outline of our proposed cover note/ request for comment. > > Kind regards > > Emily > > -- > > > > > > > 76 Temple Road, Oxford OX4 2EZ UK > t: +44 (0)1865 582 811 ? m: +44 (0)7540 049 322 > emily at emilytaylor.eu > > www.etlaw.co.uk > > Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. > > _______________________________________________ > Rt4-whois mailing list > Rt4-whois at icann.org > https://mm.icann.org/mailman/listinfo/rt4-whois -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111204/d293a026/attachment.html From susank at fb.com Sun Dec 4 22:10:38 2011 From: susank at fb.com (Susan Kawaguchi) Date: Sun, 4 Dec 2011 22:10:38 +0000 Subject: [Rt4-whois] Final version - proof-read In-Reply-To: References: Message-ID: Looks great! I have no revisions. It will be interesting to see the response by the community. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Saturday, December 03, 2011 6:28 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Final version - proof-read Hi all I attach a mark up showing my final edits to the Draft Report, which we will be publishing on Monday. You can see my changes. They are mainly correction of typos, adding a couple of footnote references, and making sure that we are using terms consistently. I also split the report into three parts (Part I: Scope and definitions; Part II - WHOIS Policy and implementation and Part III - the extent to which WHOIS policy and its implementation are effective in meeting stakeholder needs). I found that this made it easier to see how the pieces of the jigsaw fit together. There are a couple of more substantive changes: 1. Recommendations - As agreed on the list, I have unhighlighted (ie confirmed) the best practices recommendations re proxies, and inserted the introductory text proposed by Susan and amended by me. 2. Recommendations - given the late controversy on whether the interface should be for all gTLDs or just thin ones, I have put in two alternatives for public comment, as proposed by Peter, and have added a sentence near the introductory text on proxies. 3. Recommendations - Lutz's add on consumer outreach I have added into the paragraph below where it was - I am unaware of any opposition to this addition, or even when it was made, so shout if you have objections. 4. Recommendations - A few days ago, given the discussion of the words "registrar-operated" in recommendation 10, I proposed their deletion. I heard no opposition, and have deleted them. 5.The order of the chapter on implementation (which I wrote) I found annoying, and not sufficiently clear because it has suffered from being moved back and forth from the main report to the more detailed letter in the appendix. I have therefore made a few changes there, which are marked up. These should be uncontentious - the aim is to explain what's going on rather than introduce substantive changes. Please give any final final edits to me and Alice/ circulated to the list by the end of the weekend. Alice -- you will see that I've managed to muck up some of the formatting (in particular I could not get the title for PART III to appear on the same page as the next chapter heading, so gave up). Please can you also update the table of contents. On Monday, if no more comments have been made, please accept all the marked up changes, and publish the draft report. I will also forward an outline of our proposed cover note/ request for comment. Kind regards Emily -- [http://www.etlaw.co.uk/images/stories/etlaw/etclogo250x60.gif] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111204/42b6905f/attachment.html From Peter.Nettlefold at dbcde.gov.au Sun Dec 4 23:23:42 2011 From: Peter.Nettlefold at dbcde.gov.au (Nettlefold, Peter) Date: Mon, 5 Dec 2011 10:23:42 +1100 Subject: [Rt4-whois] Final version - proof-read [SEC=UNCLASSIFIED] In-Reply-To: References: Message-ID: <636771A7F4383E408C57A0240B5F8D4A333E32ACE1@EMB01.dept.gov.au> Hi Emily and all, I am very impressed with the huge amount of work that has been done in the past week - it has made my head spin (and my inbox explode) trying to keep up! This being our draft, there are obviously some areas we will be revisiting and continuing to discuss before we publish the final report, but I think this draft clearly lays out the issues we have been grappling with, as well as the solutions we have considered. There are some things I might like to change if we had more time, but I expect we all feel like that, and my overall feeling is one of relief at passing this over to the community for comment! Looking forward, and I apologise if I have missed this, but do we have a work plan/timeline to reach the final report? For example: * How long with our draft be out for public comment? * Will we be meeting in Costa Rica? Will this be to complete the final report? * When do we anticipate the final report being published? Sorry for all the questions, and I'm sorry if I've missed this, but before Christmas I have several planning and travel approval processes to go through for next year, and WHOIS is an important part of that picture. Cheers, Peter From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi Sent: Monday, 5 December 2011 9:11 AM To: Emily Taylor; rt4-whois at icann.org Subject: Re: [Rt4-whois] Final version - proof-read Looks great! I have no revisions. It will be interesting to see the response by the community. From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Emily Taylor Sent: Saturday, December 03, 2011 6:28 AM To: rt4-whois at icann.org Subject: [Rt4-whois] Final version - proof-read Hi all I attach a mark up showing my final edits to the Draft Report, which we will be publishing on Monday. You can see my changes. They are mainly correction of typos, adding a couple of footnote references, and making sure that we are using terms consistently. I also split the report into three parts (Part I: Scope and definitions; Part II - WHOIS Policy and implementation and Part III - the extent to which WHOIS policy and its implementation are effective in meeting stakeholder needs). I found that this made it easier to see how the pieces of the jigsaw fit together. There are a couple of more substantive changes: 1. Recommendations - As agreed on the list, I have unhighlighted (ie confirmed) the best practices recommendations re proxies, and inserted the introductory text proposed by Susan and amended by me. 2. Recommendations - given the late controversy on whether the interface should be for all gTLDs or just thin ones, I have put in two alternatives for public comment, as proposed by Peter, and have added a sentence near the introductory text on proxies. 3. Recommendations - Lutz's add on consumer outreach I have added into the paragraph below where it was - I am unaware of any opposition to this addition, or even when it was made, so shout if you have objections. 4. Recommendations - A few days ago, given the discussion of the words "registrar-operated" in recommendation 10, I proposed their deletion. I heard no opposition, and have deleted them. 5.The order of the chapter on implementation (which I wrote) I found annoying, and not sufficiently clear because it has suffered from being moved back and forth from the main report to the more detailed letter in the appendix. I have therefore made a few changes there, which are marked up. These should be uncontentious - the aim is to explain what's going on rather than introduce substantive changes. Please give any final final edits to me and Alice/ circulated to the list by the end of the weekend. Alice -- you will see that I've managed to muck up some of the formatting (in particular I could not get the title for PART III to appear on the same page as the next chapter heading, so gave up). Please can you also update the table of contents. On Monday, if no more comments have been made, please accept all the marked up changes, and publish the draft report. I will also forward an outline of our proposed cover note/ request for comment. Kind regards Emily -- [cid:~WRD281.jpg] 76 Temple Road, Oxford OX4 2EZ UK t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322 emily at emilytaylor.eu www.etlaw.co.uk Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713. ------------------------------------------------------------------------------- NOTICE: This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. This message has been content scanned by the Axway MailGate. MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com. ------------------------------------------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111205/549222b3/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ~WRD281.jpg Type: image/jpeg Size: 823 bytes Desc: ~WRD281.jpg Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111205/549222b3/WRD281.jpg