[Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED]
Nettlefold, Peter
Peter.Nettlefold at dbcde.gov.au
Mon Nov 28 01:29:45 UTC 2011
Hello all,
Thanks to Susan and Seth for keeping this important conversation moving.
It seems clear that this is one of the most difficult parts of our report, in part because we are having to consider and balance two important, high-profile and sometimes conflicting needs.
I've put comments directly into your email Susan, in a different font and colour, to try to explain my thinking on your points. I've tried to do this as simply and clearly as possible, and hope that by being so direct we can get closer to the heart of the issue.
I hope this explains where I'm coming from, and helps to move this conversation forward.
Cheers,
Peter
From: Seth M Reiss [mailto:seth.reiss at lex-ip.com]
Sent: Sunday, 27 November 2011 3:41 AM
To: 'Susan Kawaguchi'; Nettlefold, Peter; 'Emily Taylor'
Cc: rt4-whois at icann.org
Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED]
Susan
If the chain of legal responsibilities were clarified, don't you think there would be an immediate chilling effect on the industry? Only those registrars willing to go out of business as a result of entering into a retail proxy relationship with a naughty registrant would continue the retail proxy practice. The responsible ones I would expect to stop the practice.
Seth
From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of Susan Kawaguchi
Sent: Friday, November 25, 2011 7:24 PM
To: Nettlefold, Peter; Emily Taylor
Cc: rt4-whois at icann.org
Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED]
Hello Peter,
I am not proposing to change the privacy service recommendations although I did use language from the agreed upon recommendation since I thought it was a good place to start. Also I do not understand why there is concern with regulating proxy registrations and no concern with regulating privacy registrations.
To my mind, in important ways these two types of services are quite distinct. In the case of a privacy service, it should be clear from the WHOIS record (inaccuracy aside) who is legally responsible for a domain from the outset. There should be no question as to finding a responsible entity on who to serve notice etc, as this data is not hidden/withheld with a privacy service. What a privacy service should instead do is restrict sensitive personal information about that responsible entity from general public availability. With a proxy service, in the current regime, the identity of the responsible entity is not clear, and it appears that this aspect has been gamed or otherwise abused. It is also not clear to me what the situation would be even if this were more tightly regulated. As soon as we say, 'you're responsible, except...', it seems that we risk some form of uncertainty, delay and gaming. If we want to do that, we would need to be very careful about how we address those risks.
I did raise this before the November 9th call but was not able to participate on that call so I understand your concern that is this may appear last minute. II have given this so much thought over the last 6 months and you saw how uncomfortable I was with not addressing the proxy issues in our discussions in Dakar.
My concern with the 'last minute' issue is not that it hasn't come up (I hope I didn't suggest that), and as you know I am very interested to make sure we get this right. It's just that we're discussing actual text very late in the piece - and again, I want to make sure we get it right.
I simply do not feel that recommending to ICANN that they completely ignore the proxy issue is the way we should be proceeding.
I don't think we're proposing that ICANN 'ignore' proxies. We all acknowledge that they will likely exist in one form or another regardless of what we do: the question is on what basis. In Dakar, we agreed that we would recommend that ICANN not only remove the current provisions which endorse proxies, but also make an affirmative statement to clarify the legal chain of responsibilities - i.e. from ICANN's point of view, the buck stops with the registered name holder. Rather than ignoring, I would see this as saying something like: 'if you're out there doing this, ICANN sees you as legally responsible'.
My aim with this recommendation is to target the proxy services run by a registrar. They have a direct contractual relationship with ICANN. The argument that we do not understand all the contractual agreements involved in a proxy service makes sense for deeply integrated proxy services where the registrant and service have agreed upon contractual elements. The "retail" proxy service which is offered to anyone who will pay and agreed to the TOS for the most part are owned or controlled by a registrar. Although, we have to be careful to not try and regulate any other business the registrar may enter into the proxy service directly relates to the most critical information of the domain name registration which should be controlled by ICANN.
I'm interested in whether a 'retail' proxy service would continue to offer the same sorts of service if they were held responsible for the domain. What would a registrar do if a domain they had registered in their own name was used for criminal purposes, and the RAA no longer explicitly offered the option of pointing the finger elsewhere, but instead affirmatively stated that they were responsible?
The NORC study estimates that proxy registrations may be used in as much as 25% of the .com registrations. That is a significant number. Currently, several registrars run proxy services that are responsive and professional. GoDaddy is the gold standard from my experience. They have very well defined processes and when you run into a proxy registration that is a concern I know exactly what I have to do to request the information. The registrant is protected but if they are acting badly then there is a standardized process for receiving the website owners information.
Below I pulled out from your email
"Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective."
Clarifying the chain of legal responsibilities leaves little recourse for someone impacted by a domain name serving content with a proxy service registration on the WHOIS. If the proxy service provider does not want to reveal the information ( as many refuse to do now) then the only recourse is to file litigation against the proxy service provider.
If we went ahead with our Dakar recommendations, I expect that filing against the registered name holder would be the first action instead of the last recourse.
Then when the WHOIS record changes midstream, they are forced to go back to court to amend the complaint. It is extremely burdensome and expensive.
Would this still be the case? If ICANN clarified that the responsible entity was the registered name holder, and removed any caveats etc, what would be the basis for changing the WHOIS record midstream?
There has been some litigation that has held the proxy service provider legally responsible but nothing that has had a chilling effect on the industry.
If in the current ambiguous contractual environment some proxy service providers have been held legally responsible, wouldn't what we have proposed significantly increase the likelihood of that? Wouldn't this in turn have a flow on 'chilling' effect on the use of proxies?
I cannot open James document on my laptop but once I have a copy I will review his latest revisions.
Best regards,
Susan
From: Nettlefold, Peter [mailto:Peter.Nettlefold at dbcde.gov.au]
Sent: Thursday, November 24, 2011 9:59 PM
To: Emily Taylor
Cc: Susan Kawaguchi; rt4-whois at icann.org
Subject: RE: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED]
Thanks Emily, that's very useful, and I think I understand where its coming from.
I have a few follow on questions, as I'm trying to understand the big picture/strategy, and to try to work through the new proposal fully as this is a key area of interest for me. To be honest, I'm a bit nervous about reopening such a major issue so late in the piece, with only limited time to think through and discuss all the implications. That said, I'm not opposed, just cautious.
In terms of questions: is the intention to retain our 'privacy' recommendations from Dakar? i.e. so that we would in effect have three different arrangements: i.e. privacy, 'known' proxies, and 'unknown' proxies? I ask this because if we are to recommend the establishment of parallel 'known proxy' and 'privacy' regimes, we would need to clearly explain and justify any differences between the two (I note that many of the recommendations we agreed for privacy services have been adopted for the proposed proxy recommendations). I expect that a key question we would face is why we were advocating for two different types of privacy-related services? In what circumstances are privacy services not sufficient? Understanding the reason for this may address some of my concerns.
Separate to the question of privacy services, we also need to consider the implications of endorsing proxy services. In Dakar, we discussed at length the risks of ICANN explicitly acknowledging (and effectively endorsing) the practice of completely limiting access to a registrant's identity. I had thought that was one of the reasons why we agreed that ICANN should not endorse this practice, and instead that we would argue that:
* the full rights and responsibilities of the registrant should accrue to the registered name holder; and
* ICANN should endorse and regulate 'privacy' services which could limit the availability of sensitive personal data, without completely obfuscating the registrant's identity.
This approach seemed to address the privacy concerns expressed by a range of stakeholders, and to clarify (perhaps for the first time) the chain of contractual rights and responsibilities.
Much of this revolves around the question of whether tighter regulation of proxies is needed, or whether simply removing the endorsement and clarifying the chain of legal responsibilities would be more effective. In effect, the new proposal is to advocate the replacement of one mechanism which attempts to regulate proxies (i.e. the current RAA provisions) with another. The intent is obviously to have a tighter set of regulations this time, to reduce gaming/abuse etc. At one level this seems logical, but I am concerned that by introducing doubt into the chain of rights and responsibilities, anything we then do will be like trying to patch a leak that we in effect created. Given that both previous versions of the RAA have tried the endorsement/regulation route with very limited success, I think we would need a strong case to propose a third attempt at this approach as the best way to go. Do we think that this is something we can achieve in practice, and why is it better than the simpler alternative?
I hope I'm not making this unnecessarily complicated - I just want to make sure that we don't make a rushed change that has not been fully discussed.
I look forward to the views of other team members on this issue.
Cheers,
Peter
From: Emily Taylor [mailto:emily at emilytaylor.eu]
Sent: Thursday, 24 November 2011 8:30 PM
To: Nettlefold, Peter
Cc: Susan Kawaguchi; rt4-whois at icann.org
Subject: Re: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc [SEC=UNCLASSIFIED]
Hi Peter
As it's Thanksgiving, our US colleagues will (should) be offline for a couple of days.
My understanding from last night's call is that our proposal is to combine these proxy recommendations with the ones from Dakar. In other words, instead of saying "we never acknowledge proxies" we say this. Susan explained that they are currently working on defining what is meant by a proxy, and as you rightly point out there are different flavours of proxy. There is the "deep" arrangement based on an ongoing trusting relationship (eg solicitor, client) where a proxy might not be obvious. My understanding is that we're not attempting to lift the veil on these. They are not viewed as problematic.
What is viewed as within the ambit of these new draft recommendations are the higher volume, commercialised proxy services, where there is not really a pre-existing relationship between registrant and proxy provider, but this is a low cost add on at the point of registration. The two parties don't really know each other that well. These are the ones we're hoping to describe in our definitions, and they are the target of these recommendations.
I hope that this makes it clear, but obviously I do recommend you listen to Susan's description of their thinking from the audio when it's up.
Thanks
Emily
On 24 November 2011 02:32, Nettlefold, Peter <Peter.Nettlefold at dbcde.gov.au<mailto:Peter.Nettlefold at dbcde.gov.au>> wrote:
Hi Susan and all,
Thanks very much to all who worked on this new series of recommendations.
I'm sorry I missed the teleconference this morning, but just wanted to see if I understand this proposal correctly.
In short, is this a supplement to the position we agreed in Dakar? i.e. will the situation generally be that the registered name holder assumes all rights and responsibilities (as we discussed in Dakar), but in a special subset of cases (i.e. where the registrar clearly knows that a 'proxy' is being used) then some special rules apply?
Or to put it another way, will we be recommending that there should be special new rules for 'known' proxies (however defined), and in all other cases we do not acknowledge proxies?
I'm sorry if this was discussed this morning, but I'm just trying to understand the position.
As there isn't a recording up yet that I've seen, any advice on whether other team members have already commented on this would be appreciated.
Cheers,
Peter
From: rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org>] On Behalf Of Susan Kawaguchi
Sent: Thursday, 24 November 2011 6:18 AM
To: rt4-whois at icann.org<mailto:rt4-whois at icann.org>
Subject: [Rt4-whois] Proxy provider recommendation 112311 susan draft(2).doc
Hello All,
I apologize for the delay in sending this and that it is still in rough draft. The attached document contains Kathy's revisions and comments to my original proposed recommendation. I have added proposed definitions for the terms we are struggling with. These came out of discussions between James and I.
I feel that we must provide a clear recommendation on the proxy issue but I personally seem to keep moving towards drafting policy. I am hoping we will have time to discuss on the call today as I have several questions for the team.
Susan
-------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com<http://www.axway.com>.
-------------------------------------------------------------------------------
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
--
[cid:image001.jpg at 01CCADAE.162FAE00]
76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 * m: +44 (0)7540 049 322
emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>
www.etlaw.co.uk<http://www.etlaw.co.uk>
Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.
-------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com.
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution is prohibited. If you are not the
intended recipient, please contact the sender by reply email and destroy all
copies of the original message.
This message has been content scanned by the Axway MailGate.
MailGate uses policy enforcement to scan for known viruses, spam, undesirable content and malicious code. For more information on Axway products please visit www.axway.com.
-------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/3b534fe6/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 823 bytes
Desc: image001.jpg
Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111128/3b534fe6/image001.jpg
More information about the Rt4-whois
mailing list