[Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED]
Emily Taylor
emily at emilytaylor.eu
Thu Dec 1 04:25:27 UTC 2011
Hi all
Up way too early (couldn't sleep).
Can you just bring me up to speed. Are Seth's proposals a substitute for
the proxy recommendations, or additional findings? Are we ditching the
voluntary practices recommendations, or are these in addition?
Kind regards
Emily
On 1 December 2011 03:33, Nettlefold, Peter
<Peter.Nettlefold at dbcde.gov.au>wrote:
> Classification: UNCLASSIFIED
>
> Hi Seth,
>
> Thanks very much for taking the pen on this difficult issue.
>
> >From my perspective, this is a very good attempt to articulate findings
> and recommendations, and I am happy to work with this position.
>
> I will wait to hear from others before diving into detail too much, to get
> a sense if this is an approach we can work with.
>
> Thanks again.
>
> Peter
>
> ----- Original Message -----
> From: Seth M Reiss [mailto:seth.reiss at lex-ip.com]
> Sent: Thursday, December 01, 2011 02:26 PM
> To: 'Smith, Bill' <bill.smith at paypal-inc.com>
> Cc: rt4-whois at icann.org <rt4-whois at icann.org>
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> mmm, didn't really want that kind of pressure.
>
> Here's an attempt:
>
> Data Access- Proxy Service
>
> 1. The Review Team considers a Proxy Service as a relationship in
> which
> the registrant is acting on behalf of another. The WHOIS data is that of
> the
> agent/proxy service and the agent/proxy service alone obtains all rights
> and
> assumes all responsibility for the domain name and its manner of use.
> 2. ICANN should clarify that any registrant that may be acting as a
> proxy service for another is in all respects still the registrant and, in
> ICANN's view, should be held fully responsible for the use of the domain
> name including for any and all harm that results from the use of the domain
> name.
> 2. Because of ICANN's position on proxy services to date, which
> tolerates the proxy service industry that has arisen and which through RAA
> provisions gives recognition and attempts to regulate that industry, has
> been used by courts and others to allow proxy services to escape liability
> for bad acts of the proxy service customers, ICANN should either delete or
> amend those provisions of the RAA that can or have been used to allow proxy
> services to escape liability.
> 3. The Review Team acknowledges that there may be legitimate reasons
> for the occasional use of a proxy service, as for example to protect a
> valuable trade secret at product launch. At the same time proxy services
> should not be viewed or used as a substitute for privacy services that are
> designed to shield an individual's personal contact information. The
> legitimate use a proxy service would be the exception and not widespread.
> 4. A proxy service industry willing to accept full risks and liabilities
> for the manner in which domain names through its service will be used will
> take the necessary precautionary measures, in its relationship with its
> customers, such that domain names so registered are unlikely to be misused
> and, if misused, a remedy for those victimized will more likely be
> available.
>
> I suspect most of you are asleep by now anyway. If not, feel free to
> comment or modify or supplement, or in the morning.
>
> Seth
>
>
> -----Original Message-----
> From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> Sent: Wednesday, November 30, 2011 4:34 PM
> To: Seth M Reiss
> Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi
> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
>
> Seth,
>
> Any chance you cold take a crack at this? Your writing on the subject seems
> on point and I suspect you could say it using fewer words than I.
>
> Bill
>
> On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" <susank at fb.com> wrote:
>
> > Hi Bill,
> >
> > This is a valuable (albeit frustrating) discussion and necessary to make
> sure we get this right, I appreciate the argument. I think we all want the
> end result but it is getting to that point that may be painful but we knew
> this task could be painful when we signed on.
> >
> > Is there a stronger recommendation that you and Seth could draft that
> outlines your view point?
> >
> > This is all that we said in the recommendations in Dakar
> >
> > "Remove proxy services from the RAA since the proxy, as an agent, is the
> registrant. Expand and ? affirmative sentence"
> >
> > I cannot live with that what would you propose to strengthen the
> recommendation?
> >
> > At this point, I am not willing to walk away from the best practices
> recommendation but I am very willing to continue the discussion and see if
> there is a way forward on a recommendation we all agree to.
> >
> > I am going to eat dinner and walk the dog so will be offline for an hour.
> >
> > Susan
> >
> > -----Original Message-----
> > From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> > Sent: Wednesday, November 30, 2011 5:19 PM
> > To: Susan Kawaguchi
> > Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > Susan,
> >
> > It may not seem like it but I am supportive, very supportive of your
> position of to not rely on litigation to solve these types of problems.
> Where we disagree is the best approach to avoid the litigation.
> >
> > I am not suggesting that cigarette-style litigation is the way forward.
> Rather, I am concerned that proposal for retail proxy indemnification (if
> I've read it right) will result in exactly that situation, some time far in
> the future when society and the courts finally realize that allowing
> unfettered criminal activity on the Internet is a bad idea. Retail proxies
> will happily sell a service to people they don't know as long as they have
> no liability.
> >
> > If instead of no liability, we insist that they have the liability of the
> Registrant, since that's what they are, I strongly suspect that counsel for
> these services will understand that they now carry at least some risk in
> these transactions. Consequently, they will either recommend against them
> or
> insist on some mechanism to mitigate the risk, through insurance or other
> mechanisms - perhaps even actually knowing something about their customers.
> Any or all of these would involve higher costs hence higher prices making
> these services less attractive to criminals, etc.
> >
> > By the addition of SLAs into contracts, and mandatory consequences, we
> provide a means for ICANN to ensure that valid queries, information
> requests, corrections, etc. are made in a timely manner. A registrant could
> ignore a request knowing that the specific penalty for failing to comply
> with such request. With mandatory revocation the consequence of last
> resort,
> we give the community and ICANN the ability to revoke a name (the only
> thing
> of value under our control).
> >
> > If a proxy is a party to any of these transactions, they act as the
> Registrant and must respond either directly or with guidance from the
> licensee per the agreement SLAs. Failure to do so results in the same
> consequences.
> >
> > By setting SLAs and consequences appropriately, ICANN can influence the
> behavior of Registrants and those that act as proxies for them.
> >
> > Even if we go with language you an James worked on, and I realize that
> you
> put in a great deal of effort on that, we'll still need something like what
> I have outlined because as we discussed in Dakar, anyone can act as a proxy
> for a Registrant no matter what ICANN tries to do to prevent it. If the
> "best practices" ICANN develops for the retail trade prove too onerous,
> proxy providers will simply step outside of the ICANN tent and provide
> their
> services likely failing to adhere to the best practices.
> >
> > I hope this makes sense.
> >
> > Bill
> >
> >
> > On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote:
> >
> > HI Bill,
> >
> > Thank you for your thoughts I think your statement below is my biggest
> pain point.
> >
> > "I think they are inherently contradictory. How a service is *sold*
> should
> not determine liability. If this were the case and we applied the proposed
> definitions to consumer products, untold numbers of tort cases would be
> summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> properly claim, "I don't know the buyer therefor I have no liability"."
> >
> > All of the cases you mention above relied on litigation to clarify the
> existence of liability and impose that liability on the manufacturer. It
> would be overwhelming and burdensome to rely on litigation to fix this
> problem especially when it involves global entities as proxy service
> providers. I think we have the opportunity to incentivize the registrars
> to
> help with the problem.
> >
> > If I or LE are forced to rely on litigation of any sort of court order to
> get information on the licensee of a domain name to pursue a provider of
> counterfeit drugs, for example, this would take years for each domain name
> involved.
> >
> > If we take a very extreme step and recommend that proxy services are not
> allowed in the gTlds (as .US has done) how would that ever be enforced?
> Proxy registrations provide a vital service for many in the domain name
> space.
> >
> > Susan
> >
> > -----Original Message-----
> > From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> > Sent: Wednesday, November 30, 2011 4:20 PM
> > To: Seth M Reiss
> > Cc: Susan Kawaguchi; Kathy Kleiman;
> rt4-whois at icann.org<mailto:rt4-whois at icann.org>
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > See below:
> >
> > On Nov 30, 2011, at 4:03 PM, "Seth M Reiss"
> <seth.reiss at lex-ip.com<mailto:seth.reiss at lex-ip.com><mailto:
> seth.reiss at lex-i
> p.com>> wrote:
> >
> > I am not advocating ignoring proxy services simply clarifying their role
> and liability as registrant. I suspect we are very closely aligned
> regarding outcome, just not how to reach there.
> >
> > I guess I'm advocating that we get as close to ignoring them as we can.
> Recognizing them, even in the limited way the current RAA does gave the
> Ninth Circuit everything it need to make its liability absolving decision.
> >
> > While the community may not be inclined to receive a proposal to "ignore
> proxy services" with open arms, I hope they would consider it if we present
> it as in the public interest.
> >
> >
> > I think we disagree regarding whether we need to tolerate an industry
> simply because it exists and has for a time. ICANN did not tolerate domain
> name tasting, although it acted relatively quickly there and has not here.
> >
> > I believe it to be a dangerous proposition to say that we need to
> accommodate existing practices simply because ICANN has allowed them to
> exist for a period of time, although I think it's an unfortunately
> circumstance. If you apply this line of reasoning broadly, you effectively
> allow the industry to restrict what ICANN can and cannot do.
> >
> > If we make this assumption generally, our report would be very short. Yes
> there are problems with WHOIS. However, it has existed in this manner for
> too long and therefor it cannot be changed.
> >
> >
> > I would like to find a middle ground. I am not one for asking people to
> think differently. I just don't see how holding stating a proxy should be
> held fully responsible, and then at the same time having retail proxy
> services definitions and a voluntary best practices policy, will not be
> viewed as inherently contradictory.
> >
> > I think they are inherently contradictory. How a service is *sold* should
> not determine liability. If this were the case and we applied the proposed
> definitions to consumer products, untold numbers of tort cases would be
> summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> properly claim, "I don't know the buyer therefor I have no liability".
> >
> > Other than to satisfy, the current purveyors of these fine services, I
> can't see any reason to develop a complex set of definitions and liability
> flows. Together these give attorneys and courts ample room to for truck
> driving.
> >
> >
> > Seth
> >
> >
> > From: Susan Kawaguchi [mailto:susank at fb.com]
> > Sent: Wednesday, November 30, 2011 1:29 PM
> > To: Kathy Kleiman; Seth M Reiss
> > Cc:
> rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:rt4-whois at icann.org
> >
> > Subject: RE: [Rt4-whois] streamlined proxy recommendation language
> >
> > HI Seth,
> >
> > I am going to respond to you out of order
> > In all our discussions, I have still not heard a persuasive argument why
> a
> proxy service industry that can shield itself from liability is necessary
> or
> good or appropriate. I agree with you but it is what is. The situation
> arose over 10 years ago and I do not think that advocating to do away with
> proxy services is going to be well received by the ICANN community. Also
> to date, there has been very few examples of a proxy service being held
> liable.
> >
> > We need proxy services but we need responsive proxy services many of the
> providers are acting responsibly it is the bad actors that I would like to
> change their behavior.
> >
> > Once you introduce definitions concerning affiliates, retail services and
> different flavors of proxy services, the cheap ones with flimsy
> relationships, and the expensive ones with fiduciary type relationships, it
> will appear to the court that you do not really mean what you saying in
> bullet number 6. This will confuse the courts (and the public) and the
> registrant proxy services is more likely to be able to weasel out of being
> held liable.
> >
> > I am not sure that these definitions would be accepted outside of ICANN
> and at least we would have a clearer picture of who we are dealing with.
> >
> > I am not convinced at all that just removing the language from the RAA
> would impact the practices of the current proxy services. If you have
> another argument let me know I am open to rethinking this but I am not open
> to ignoring proxy service providers.
> >
> > Susan
> >
> > From:
> rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org><mailto:
> rt4-w
> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of
> Kathy Kleiman
> > Sent: Wednesday, November 30, 2011 3:15 PM
> > To: Seth M Reiss
> > Cc:
> rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:rt4-whois at icann.org
> >
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > Great comments, Seth. I defer to Susan and James, as the experts on this
> material.
> > Best,
> > Kathy
> >
> > :
> > Thank you Kathy for breaking this out. I have not been good about
> reviewing the entire document.
> >
> > To respond to Peter's question about what would be legally enforceable, I
> think if you look at bullet number 6, if this bullet was implemented in a
> very clear and unambiguous way, by itself and without some of the other
> material being proposal, then I think there would be reasonable expectation
> that national courts would hold the registrant proxy service fully
> responsible for harm caused by a website hosted at the domain name at
> issue.
> In other words, the Ninth Circuit decision that Susan highlighted would
> have
> been decided differently.
> >
> > Once you introduce definitions concerning affiliates, retail services and
> different flavors of proxy services, the cheap ones with flimsy
> relationships, and the expensive ones with fiduciary type relationships, it
> will appear to the court that you do not really mean what you saying in
> bullet number 6. This will confuse the courts (and the public) and the
> registrant proxy services is more likely to be able to weasel out of being
> held liable.
> >
> > The current proposal on the table suggests to me a somewhat more
> complicated model whereby the registrant proxy service is fully liable for
> the use of the domain name but can shield that liability by adopted and
> fully complying the a specific set of reveal and relay processes etc. I
> voluntary set of best practices would not do this, but a mandatory set of
> provisions to qualify a proxy service for a "safe harbor" would. Such a
> safe hard model would in my view be more difficult to implement and is
> likely to give rise to a certain amount of uncertainty and inconsistent
> outcomes even if prudently implemented. But this also assumes that we need
> to have a proxy service in which proxies may shield themselves from
> liability. In all our discussions, I have still not heard a persuasive
> argument why a proxy service industry that can shield itself from liability
> is necessary or good or appropriate.
> >
> > Seth
> >
> >
> > From:
> rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org><mailto:
> rt4-w
> hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf Of
> Kathy Kleiman
> > Sent: Wednesday, November 30, 2011 12:24 PM
> > To:
> rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:rt4-whois at icann.org
> >
> > Subject: [Rt4-whois] streamlined proxy recommendation language
> >
> > Hi All,
> > I feel like I am sending altogether too many emails today. Sorry :-)!
> Anyway, here's one more. I worked with James, a little, and Susan, more,
> on
> streamlining the Proxy recommendations to look, sound and flow like the
> Privacy recommendations. Of course, proxy is voluntary, and privacy is a
> requirement, but the rest is fairly close.
> >
> > They are below and attached. If you like them, we'll send them on to
> Alice
> for inclusion. Note: the definitions went into a footnote which should be
> easy to see as it will be quite extensive.
> >
> > here's the text:
> >
> > Data Access- Proxy Service
> >
> > 1. ICANN should facilitate the review of existing practices by
> reaching out to proxy providers to create a discussion which sets out
> current processes followed by proxy service providers.
> >
> > 2. Registrars should be required to disclosure their relationship
> with any Affiliated Retail proxy service provider to ICANN.
> >
> > 3. ICANN should develop and manage a set of voluntary best practice
> guidelines for appropriate proxy services [footnote 1] consistent with
> national laws. These voluntary guidelines should strike an appropriate
> balance between stakeholders with competing but legitimate interests. At a
> minimum this would include privacy, law enforcement and the industry around
> law enforcement.
> >
> > Such voluntary guidelines may include:
> >
> > + Proxy services provide full contact details as required by the Whois
> >
> > + Publication by the proxy service of its process for revealing and
> relaying information
> >
> > + Standardization of reveal and relay processes and timeframes,
> consistent
> with national laws
> >
> > + Maintenance of a dedicated abuse point of contact for the proxy service
> provider
> >
> > + Due diligence checks on licensee contact information.
> >
> > 5. ICANN should encourage and incentivize registrars to interact with the
> retail service providers that adopt the best practices.
> >
> > 6. For the avoidance of doubt, the WHOIS Policy, referred to in
> Recommendation 1 above, should include an affirmative statement that
> clarifies that a proxy means a relationship in which the Registrant is
> acting on behalf of another. The WHOIS data is that of the agent, and the
> agent alone obtains all rights and assumes all responsibility for the
> domain
> name and its manner of use.
> >
> > Footnote 1 (all the remaining text)
> > As guidance to the Community and as useful background for the Proxy
> Service Recommendations, the Review Team provides its working definitions
> of
> proxy service and different types of proxy service providers:
> >
> > - Proxy Service - a relationship in which the registrant is acting on
> behalf of another The WHOIS data is that of the agent and the agent alone
> obtains all rights and assumes all responsibility for the domain name and
> its manner of use. [KK: is this the definition we are using in other places
> in the Report?]
> >
> > - Affiliated Registrar - another ICANN accredited registrar that operates
> under a common controlling interest (2009 Registrar Accreditation
> Agreement,
> Section 1.20)
> >
> > - Affiliate retail proxy service provider - entity operating under a
> common controlling interest of a registrar.
> >
> > - Retail proxy service provider - proxy service with little or no
> knowledge of the entity or individual requesting the service beyond their
> ability to pay and their agreement to the general terms and conditions.
> >
> > - Limited proxy service provider - proxy service for an entity or
> individual in which there is an ongoing business relationship bound by a
> contract that is specific to the relationship.
> >
> >
> > --- end
> > same text attached
> > Kathy
> >
> >
> > --
> >
> >
> >
> >
> >
> >
> >
> > --
> >
> >
> >
> >
> >
> > _______________________________________________
> > Rt4-whois mailing list
> >
> Rt4-whois at icann.org<mailto:Rt4-whois at icann.org><mailto:Rt4-whois at icann.org
> >
> > https://mm.icann.org/mailman/listinfo/rt4-whois
> >
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
>
>
> -------------------------------------------------------------------------------
>
> NOTICE: This email message is for the sole use of the intended recipient(s)
> and may contain confidential and privileged information. Any unauthorized
> review, use, disclosure or distribution is prohibited. If you are not the
> intended recipient, please contact the sender by reply email and destroy
> all
> copies of the original message.
>
> This message has been content scanned by the Axway MailGate.
> MailGate uses policy enforcement to scan for known viruses, spam,
> undesirable content and malicious code. For more information on Axway
> products please visit www.axway.com.
>
>
>
> -------------------------------------------------------------------------------
>
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>
--
*
*
76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily at emilytaylor.eu
*www.etlaw.co.uk*
Emily Taylor Consultancy Limited is a company registered in England and
Wales No. 730471. VAT No. 114487713.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/22e7888a/attachment.html
More information about the Rt4-whois
mailing list