[Rt4-whois] streamlined proxy recommendation language [SEC=UNCLASSIFIED]

Emily Taylor emily at emilytaylor.eu
Thu Dec 1 04:44:18 UTC 2011 

Just a quick one, Bill.  We do have escalated sanctions in the
recommendations.

On 1 December 2011 04:41, Smith, Bill <bill.smith at paypal-inc.com> wrote:

> >From my perspective this sets appropriately sets the stage. I'm sure we
> can whack and whittle at he words and "improve" them. I think we do need
> some companion language that builds of some of our (informal?) findings
> that a set of sliding/escalating consequences for failure to act is
> required. Without that, nothing in the ICANN contracts compels anyone
> contracted part, direct or otherwise, to do anything. That needs to be
> corrected.
>
> On Nov 30, 2011, at 7:34 PM, "Nettlefold, Peter" <
> Peter.Nettlefold at dbcde.gov.au> wrote:
>
> > Classification: UNCLASSIFIED
> >
> > Hi Seth,
> >
> > Thanks very much for taking the pen on this difficult issue.
> >
> > From my perspective, this is a very good attempt to articulate findings
> and recommendations, and I am happy to work with this position.
> >
> > I will wait to hear from others before diving into detail too much, to
> get a sense if this is an approach we can work with.
> >
> > Thanks again.
> >
> > Peter
> >
> > ----- Original Message -----
> > From: Seth M Reiss [mailto:seth.reiss at lex-ip.com]
> > Sent: Thursday, December 01, 2011 02:26 PM
> > To: 'Smith, Bill' <bill.smith at paypal-inc.com>
> > Cc: rt4-whois at icann.org <rt4-whois at icann.org>
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > mmm, didn't really want that kind of pressure.
> >
> > Here's an attempt:
> >
> > Data Access- Proxy Service
> >
> > 1.      The Review Team considers a Proxy Service as a relationship in
> which
> > the registrant is acting on behalf of another. The WHOIS data is that of
> the
> > agent/proxy service and the agent/proxy service alone obtains all rights
> and
> > assumes all responsibility for the domain name and its manner of use.
> > 2.      ICANN should clarify that any registrant that may be acting as a
> > proxy service for another is in all respects still the registrant and, in
> > ICANN's view, should be held fully responsible for the use of the domain
> > name including for any and all harm that results from the use of the
> domain
> > name.
> > 2.      Because of ICANN's position on proxy services to date, which
> > tolerates the proxy service industry that has arisen and which through
> RAA
> > provisions gives recognition and attempts to regulate that industry, has
> > been used by courts and others to allow proxy services to escape
> liability
> > for bad acts of the proxy service customers, ICANN should either delete
> or
> > amend those provisions of the RAA that can or have been used to allow
> proxy
> > services to escape liability.
> > 3.      The Review Team acknowledges that there may be legitimate reasons
> > for the occasional use of a proxy service, as for example to protect a
> > valuable trade secret at product launch. At the same time proxy services
> > should not be viewed or used as a substitute for privacy services that
> are
> > designed to shield an individual's personal contact information.  The
> > legitimate use a proxy service would be the exception and not widespread.
> > 4.    A proxy service industry willing to accept full risks and
> liabilities
> > for the manner in which domain names through its service will be used
> will
> > take the necessary precautionary measures, in its relationship with its
> > customers, such that domain names so registered are unlikely to be
> misused
> > and, if misused, a remedy for those victimized will more likely be
> > available.
> >
> > I suspect most of you are asleep by now anyway.  If not, feel free to
> > comment or modify or supplement, or in the morning.
> >
> > Seth
> >
> >
> > -----Original Message-----
> > From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> > Sent: Wednesday, November 30, 2011 4:34 PM
> > To: Seth M Reiss
> > Cc: Kathy Kleiman; rt4-whois at icann.org; Susan Kawaguchi
> > Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >
> > Seth,
> >
> > Any chance you cold take a crack at this? Your writing on the subject
> seems
> > on point and I suspect you could say it using fewer words than I.
> >
> > Bill
> >
> > On Nov 30, 2011, at 6:27 PM, "Susan Kawaguchi" <susank at fb.com> wrote:
> >
> >> Hi Bill,
> >>
> >> This is a valuable (albeit frustrating) discussion and necessary to make
> > sure we get this right, I appreciate the argument.  I think we all want
> the
> > end result but it is getting to that point that may be painful but we
> knew
> > this task could be painful when we signed on.
> >>
> >> Is there a stronger recommendation that you and Seth could draft that
> > outlines your view point?
> >>
> >> This is all that we said in the recommendations in Dakar
> >>
> >> "Remove proxy services from the RAA since the proxy, as an agent, is the
> > registrant. Expand and ? affirmative sentence"
> >>
> >> I cannot live with that  what would you propose to strengthen the
> > recommendation?
> >>
> >> At this point, I am not willing to walk away from the best practices
> > recommendation but I am very willing to continue the discussion and see
> if
> > there is a way forward on a recommendation we all agree to.
> >>
> >> I am going to eat dinner and walk the dog so will be offline for an
> hour.
> >>
> >> Susan
> >>
> >> -----Original Message-----
> >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> >> Sent: Wednesday, November 30, 2011 5:19 PM
> >> To: Susan Kawaguchi
> >> Cc: Seth M Reiss; Kathy Kleiman; rt4-whois at icann.org
> >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >>
> >> Susan,
> >>
> >> It may not seem like it but I am supportive, very supportive of your
> > position of to not rely on litigation to solve these types of problems.
> > Where we disagree is the best approach to avoid the litigation.
> >>
> >> I am not suggesting that cigarette-style litigation is the way forward.
> > Rather, I am concerned that proposal for retail proxy indemnification (if
> > I've read it right) will result in exactly that situation, some time far
> in
> > the future when society and the courts finally realize that allowing
> > unfettered criminal activity on the Internet is a bad idea. Retail
> proxies
> > will happily sell a service to people they don't know as long as they
> have
> > no liability.
> >>
> >> If instead of no liability, we insist that they have the liability of
> the
> > Registrant, since that's what they are, I strongly suspect that counsel
> for
> > these services will understand that they now carry at least some risk in
> > these transactions. Consequently, they will either recommend against
> them or
> > insist on some mechanism to mitigate the risk, through insurance or other
> > mechanisms - perhaps even actually knowing something about their
> customers.
> > Any or all of these would involve higher costs hence higher prices making
> > these services less attractive to criminals, etc.
> >>
> >> By the addition of SLAs into contracts, and mandatory consequences, we
> > provide a means for ICANN to ensure that valid queries, information
> > requests, corrections, etc. are made in a timely manner. A registrant
> could
> > ignore a request knowing that the specific penalty for failing to comply
> > with such request. With mandatory revocation the consequence of last
> resort,
> > we give the community and ICANN the ability to revoke a name (the only
> thing
> > of value under our control).
> >>
> >> If a proxy is a party to any of these transactions, they act as the
> > Registrant and must respond either directly or with guidance from the
> > licensee per the agreement SLAs. Failure to do so results in the same
> > consequences.
> >>
> >> By setting SLAs and consequences appropriately, ICANN can influence the
> > behavior of Registrants and those that act as proxies for them.
> >>
> >> Even if we go with language you an James worked on, and I realize that
> you
> > put in a great deal of effort on that, we'll still need something like
> what
> > I have outlined because as we discussed in Dakar, anyone can act as a
> proxy
> > for a Registrant no matter what ICANN tries to do to prevent it. If the
> > "best practices" ICANN develops for the retail trade prove too onerous,
> > proxy providers will simply step outside of the ICANN tent and provide
> their
> > services likely failing to adhere to the best practices.
> >>
> >> I hope this makes sense.
> >>
> >> Bill
> >>
> >>
> >> On Nov 30, 2011, at 4:38 PM, Susan Kawaguchi wrote:
> >>
> >> HI Bill,
> >>
> >> Thank you for your thoughts  I think your statement below is my biggest
> > pain point.
> >>
> >> "I think they are inherently contradictory. How a service is *sold*
> should
> > not determine liability. If this were the case and we applied the
> proposed
> > definitions to consumer products, untold numbers of tort cases would be
> > summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> > properly claim, "I don't know the buyer therefor I have no liability"."
> >>
> >> All of the cases you mention above relied on litigation to clarify the
> > existence of liability and impose that liability on the manufacturer.
> It
> > would be overwhelming and burdensome to rely on litigation to fix this
> > problem especially when it involves global entities as proxy service
> > providers.  I think we have the opportunity to incentivize the
> registrars to
> > help with the problem.
> >>
> >> If I or LE are forced to rely on litigation of any sort of court order
> to
> > get information on the licensee of a domain name to pursue a provider of
> > counterfeit drugs, for example, this would take years for each domain
> name
> > involved.
> >>
> >> If we take a very extreme step and recommend that proxy services are not
> > allowed in the gTlds (as .US has done) how would that ever be enforced?
> > Proxy registrations provide a vital service for many in the domain name
> > space.
> >>
> >> Susan
> >>
> >> -----Original Message-----
> >> From: Smith, Bill [mailto:bill.smith at paypal-inc.com]
> >> Sent: Wednesday, November 30, 2011 4:20 PM
> >> To: Seth M Reiss
> >> Cc: Susan Kawaguchi; Kathy Kleiman;
> > rt4-whois at icann.org<mailto:rt4-whois at icann.org>
> >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >>
> >> See below:
> >>
> >> On Nov 30, 2011, at 4:03 PM, "Seth M Reiss"
> > <seth.reiss at lex-ip.com<mailto:seth.reiss at lex-ip.com><mailto:
> seth.reiss at lex-i
> > p.com>> wrote:
> >>
> >> I am not advocating ignoring proxy services simply clarifying their role
> > and liability as registrant.  I suspect we are very closely aligned
> > regarding outcome, just not how to reach there.
> >>
> >> I guess I'm advocating that we get as close to ignoring them as we can.
> > Recognizing them, even in the limited way the current RAA does gave the
> > Ninth Circuit everything it need to make its liability absolving
> decision.
> >>
> >> While the community may not be inclined to receive a proposal to "ignore
> > proxy services" with open arms, I hope they would consider it if we
> present
> > it as in the public interest.
> >>
> >>
> >> I think we disagree regarding whether we need to tolerate an industry
> > simply because it exists and has for a time.  ICANN did not tolerate
> domain
> > name tasting, although it acted relatively quickly there and has not
> here.
> >>
> >> I believe it to be a dangerous proposition to say that we need to
> > accommodate existing practices simply because ICANN has allowed them to
> > exist for a period of time, although I think it's an unfortunately
> > circumstance.  If you apply this line of reasoning broadly, you
> effectively
> > allow the industry to restrict what ICANN can and cannot do.
> >>
> >> If we make this assumption generally, our report would be very short.
> Yes
> > there are problems with WHOIS. However, it has existed in this manner for
> > too long and therefor it cannot be changed.
> >>
> >>
> >> I would like to find a middle ground.  I am not one for asking people to
> > think differently.  I just don't see how holding stating a proxy should
> be
> > held fully responsible, and then at the same time having retail proxy
> > services definitions and a voluntary best practices policy, will not be
> > viewed as inherently contradictory.
> >>
> >> I think they are inherently contradictory. How a service is *sold*
> should
> > not determine liability. If this were the case and we applied the
> proposed
> > definitions to consumer products, untold numbers of tort cases would be
> > summarily thrown out. Cigarette, toy, and asbestos manufacturers could
> > properly claim, "I don't know the buyer therefor I have no liability".
> >>
> >> Other than to satisfy, the current purveyors of these fine services, I
> > can't see any reason to develop a complex set of definitions and
> liability
> > flows. Together these give attorneys and courts ample room to for truck
> > driving.
> >>
> >>
> >> Seth
> >>
> >>
> >> From: Susan Kawaguchi [mailto:susank at fb.com]
> >> Sent: Wednesday, November 30, 2011 1:29 PM
> >> To: Kathy Kleiman; Seth M Reiss
> >> Cc:
> > rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:
> rt4-whois at icann.org>
> >> Subject: RE: [Rt4-whois] streamlined proxy recommendation language
> >>
> >> HI Seth,
> >>
> >> I am going to respond to you out of order
> >> In all our discussions, I have still not heard a persuasive argument
> why a
> > proxy service industry that can shield itself from liability is
> necessary or
> > good or appropriate.    I agree with you but it is what is.   The
> situation
> > arose over 10 years ago and I do not think that advocating to do away
> with
> > proxy services is going to be well received by  the ICANN community.
> Also
> > to date, there has been very few examples of a proxy service being held
> > liable.
> >>
> >> We need proxy services but we need responsive proxy services many of the
> > providers are acting responsibly it is the bad actors that I would like
> to
> > change their behavior.
> >>
> >> Once you introduce definitions concerning affiliates, retail services
> and
> > different flavors of proxy services, the cheap ones with flimsy
> > relationships, and the expensive ones with fiduciary type relationships,
> it
> > will appear to the court that you do not really mean what you saying in
> > bullet number 6.  This will confuse the courts (and the public) and the
> > registrant proxy services is more likely to be able to weasel out of
> being
> > held liable.
> >>
> >> I am not sure that these definitions would be accepted outside of ICANN
> > and at least we would have a clearer picture of who we are dealing with.
> >>
> >> I am not convinced at all that just removing the language from the RAA
> > would impact the practices of the current proxy services.  If you have
> > another argument let me know I am open to rethinking this but I am not
> open
> > to ignoring proxy service providers.
> >>
> >> Susan
> >>
> >> From:
> > rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org><mailto:
> rt4-w
> > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf
> Of
> > Kathy Kleiman
> >> Sent: Wednesday, November 30, 2011 3:15 PM
> >> To: Seth M Reiss
> >> Cc:
> > rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:
> rt4-whois at icann.org>
> >> Subject: Re: [Rt4-whois] streamlined proxy recommendation language
> >>
> >> Great comments, Seth. I defer to Susan and James, as the experts on this
> > material.
> >> Best,
> >> Kathy
> >>
> >> :
> >> Thank you Kathy for breaking this out.  I have not been good about
> > reviewing the entire document.
> >>
> >> To respond to Peter's question about what would be legally enforceable,
> I
> > think if you look at bullet number 6, if this bullet was implemented in a
> > very clear and unambiguous way, by itself and without some of the other
> > material being proposal, then I think there would be reasonable
> expectation
> > that national courts would hold the registrant proxy service fully
> > responsible for harm caused by a website hosted at the domain name at
> issue.
> > In other words, the Ninth Circuit decision that Susan highlighted would
> have
> > been decided differently.
> >>
> >> Once you introduce definitions concerning affiliates, retail services
> and
> > different flavors of proxy services, the cheap ones with flimsy
> > relationships, and the expensive ones with fiduciary type relationships,
> it
> > will appear to the court that you do not really mean what you saying in
> > bullet number 6.  This will confuse the courts (and the public) and the
> > registrant proxy services is more likely to be able to weasel out of
> being
> > held liable.
> >>
> >> The current proposal on the table suggests to me a somewhat more
> > complicated model whereby the registrant proxy service is fully liable
> for
> > the use of the domain name but can shield that liability by adopted and
> > fully complying the a specific set of reveal and relay processes etc.  I
> > voluntary set of best practices would not do this, but a mandatory set of
> > provisions to qualify a proxy service for a "safe harbor" would.  Such a
> > safe hard model would in my view be more difficult to implement and is
> > likely to give rise to a certain amount of uncertainty and inconsistent
> > outcomes even if prudently implemented.  But this also assumes that we
> need
> > to have a proxy service in which proxies may shield themselves from
> > liability.  In all our discussions, I have still not heard a persuasive
> > argument why a proxy service industry that can shield itself from
> liability
> > is necessary or good or appropriate.
> >>
> >> Seth
> >>
> >>
> >> From:
> > rt4-whois-bounces at icann.org<mailto:rt4-whois-bounces at icann.org><mailto:
> rt4-w
> > hois-bounces at icann.org> [mailto:rt4-whois-bounces at icann.org] On Behalf
> Of
> > Kathy Kleiman
> >> Sent: Wednesday, November 30, 2011 12:24 PM
> >> To:
> > rt4-whois at icann.org<mailto:rt4-whois at icann.org><mailto:
> rt4-whois at icann.org>
> >> Subject: [Rt4-whois] streamlined proxy recommendation language
> >>
> >> Hi All,
> >> I feel like I am sending altogether too many emails today. Sorry :-)!
> > Anyway, here's one more.  I worked with James, a little, and Susan,
> more, on
> > streamlining the Proxy recommendations to look, sound and flow like the
> > Privacy recommendations. Of course, proxy is voluntary, and privacy is a
> > requirement, but the rest is fairly close.
> >>
> >> They are below and attached. If you like them, we'll send them on to
> Alice
> > for inclusion. Note: the definitions went into a footnote which should be
> > easy to see as it will be quite extensive.
> >>
> >> here's the text:
> >>
> >> Data Access- Proxy Service
> >>
> >> 1.      ICANN should facilitate the review of existing practices by
> > reaching out to proxy providers to create a discussion which sets out
> > current processes followed by proxy service providers.
> >>
> >> 2.      Registrars should be required to disclosure their relationship
> > with any Affiliated Retail proxy service provider to ICANN.
> >>
> >> 3.      ICANN should develop and manage a set of voluntary best practice
> > guidelines for appropriate proxy services [footnote 1] consistent with
> > national laws. These voluntary guidelines should strike an appropriate
> > balance between stakeholders with competing but legitimate interests. At
> a
> > minimum this would include privacy, law enforcement and the industry
> around
> > law enforcement.
> >>
> >> Such voluntary guidelines may include:
> >>
> >> + Proxy services provide full contact details as required by the Whois
> >>
> >> + Publication by the proxy service of its process for revealing and
> > relaying information
> >>
> >> + Standardization of reveal and relay processes and timeframes,
> consistent
> > with national laws
> >>
> >> + Maintenance of a dedicated abuse point of contact for the proxy
> service
> > provider
> >>
> >> + Due diligence checks on licensee contact information.
> >>
> >> 5. ICANN should encourage and incentivize registrars to interact with
> the
> > retail service providers that adopt the best practices.
> >>
> >> 6. For the avoidance of doubt, the WHOIS Policy, referred to in
> > Recommendation 1 above, should include an affirmative statement that
> > clarifies that a proxy means a relationship in which the Registrant is
> > acting on behalf of another. The WHOIS data is that of the agent, and the
> > agent alone obtains all rights and assumes all responsibility for the
> domain
> > name and its manner of use.
> >>
> >> Footnote 1 (all the remaining text)
> >> As guidance to the Community and as useful background for the Proxy
> > Service Recommendations, the Review Team provides its working
> definitions of
> > proxy service and different types of proxy service providers:
> >>
> >> - Proxy Service - a relationship in which the registrant is acting on
> > behalf of another The WHOIS data is that of the agent and the agent alone
> > obtains all rights and assumes all responsibility for the domain name and
> > its manner of use. [KK: is this the definition we are using in other
> places
> > in the Report?]
> >>
> >> - Affiliated Registrar - another ICANN accredited registrar that
> operates
> > under a common controlling interest (2009 Registrar Accreditation
> Agreement,
> > Section 1.20)
> >>
> >> - Affiliate retail proxy service provider - entity operating under a
> > common controlling interest of a registrar.
> >>
> >> - Retail proxy service provider - proxy service with little or no
> > knowledge of the entity or individual requesting the service  beyond
> their
> > ability to pay and their agreement to the  general terms and conditions.
> >>
> >> - Limited proxy service provider - proxy service for an entity or
> > individual in which there is an ongoing business relationship bound by a
> > contract that is specific to the relationship.
> >>
> >>
> >> --- end
> >> same text attached
> >> Kathy
> >>
> >>
> >> --
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Rt4-whois mailing list
> >>
> > Rt4-whois at icann.org<mailto:Rt4-whois at icann.org><mailto:
> Rt4-whois at icann.org>
> >> https://mm.icann.org/mailman/listinfo/rt4-whois
> >>
> >
> > _______________________________________________
> > Rt4-whois mailing list
> > Rt4-whois at icann.org
> > https://mm.icann.org/mailman/listinfo/rt4-whois
> >
> >
> >
> -------------------------------------------------------------------------------
> >
> > NOTICE: This email message is for the sole use of the intended
> recipient(s)
> > and may contain confidential and privileged information. Any unauthorized
> > review, use, disclosure or distribution is prohibited. If you are not the
> > intended recipient, please contact the sender by reply email and destroy
> all
> > copies of the original message.
> >
> > This message has been content scanned by the Axway MailGate.
> > MailGate uses policy enforcement to scan for known viruses, spam,
> undesirable content and malicious code. For more information on Axway
> products please visit www.axway.com.
> >
> >
> >
> -------------------------------------------------------------------------------
> >
>
> _______________________________________________
> Rt4-whois mailing list
> Rt4-whois at icann.org
> https://mm.icann.org/mailman/listinfo/rt4-whois
>



-- 




*
*

76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811 • m: +44 (0)7540 049 322
emily at emilytaylor.eu

*www.etlaw.co.uk*

Emily Taylor Consultancy Limited is a company registered in England and
Wales No. 730471. VAT No. 114487713.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/67bbb88d/attachment.html

More information about the Rt4-whois mailing list