[Rt4-whois] GETTING TO CLOSURE: A ROADMAP

Mikhail Yakushev m.yakushev at corp.mail.ru
Thu Dec 1 17:00:17 UTC 2011 

I am in favor of Lynn’s proposal.
Option 2.
Rgds,
Michael

From: rt4-whois-bounces at icann.org [mailto:rt4-whois-bounces at icann.org] On Behalf Of lynn at goodsecurityconsulting.com
Sent: Thursday, December 01, 2011 6:53 PM
To: Emily Taylor
Cc: rt4-whois at icann.org
Subject: Re: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP

I am in favor of #2:  adopt the text drafted by Susan and James which includes good practices.
This is a good and fair compromise and will make a realistic step forward in improving the abusive activities
which ultimately harm everyone in the domain name industry.

As an independent expert on this team, I feel it is important for us to be mindful that the AoC review requirement is an alternative to formal government regulation and it is a form of self-regulation.  I have fully supported that approach.  But it will fail if we do not consider the public interest and the trend of escalating fraud on the Internet.

Lynn

-------- Original Message --------
Subject: [Rt4-whois] GETTING TO CLOSURE: A ROADMAP
From: Emily Taylor <emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>>
Date: Thu, December 01, 2011 10:18 am
To: rt4-whois at icann.org<mailto:rt4-whois at icann.org>

Hi

I went to bed last night thinking that we were nearly in agreement on the proxy recommendations that James, Susan and Kathy have been working on over the past weeks.

In the middle of the night, I awoke to find new text on the table.

You all know that our cut off date was yesterday, and we are now on negative time.  However, I do want to go through the time zones so that we all have a chance to consider the options.

Broadly, we have three alternatives.

1. Adopt the very brief text agreed in Dakar and no more
2. Adopt the relatively stable text drafted by that small group which includes good practices
3. Adopt the new text, drafted last night by Seth on behalf of another small team.

We act by consensus.  But we also have a deadline.  I'm therefore going to call it before I go to sleep tonight, and in default of an alternative agreement we will have to go back to what we agreed in Dakar.  I know that some people are not happy with it, but it has a simplicity, and avoids confusion about whether or not the good practices conflicts with the idea of liability.

Alternatively, we can adopt different text, but it has to be by consensus.  Remember, folks, that's difficult to achieve, and leaves everyone feeling a little bit frustrated, and like they could have got more if they pushed harder.

Please try to bear in mind that we have a very, very strong full report.  This is one part of the whole puzzle, which has to be seen within its own context.  There will be further studies on proxies/privacy.  There will be another review team on WHOIS which will kick off in less than 2 years.  To speak for a moment in support of voluntary good practices, this is a well known regulatory step.  It's what you do when you're not happy with the current situation (check), but you're not quite sure what will be an effective regulatory intervention (check).  So, you explore the landscape - as I think the draft recommendations (alternative 2 below) very eloquently do.  I should emphasise that good practices are not the final word.  They are an interim plug, a step in the right direction.  If, having gone through that, Bill and others are right and it's all still a mess, that's when you go for the next incremental step - but the important bit is, industry has been given a chance to clean out the stables after being told in no uncertain terms that there's a problem . That's where we are now.

The third choice is that we adopt the new text, maybe with tweaks or changes.  If that's what we're doing, I would be failing in my duties as your Chair if I did not set some deadline for this.  We have known the issues for a long time, we have been wrestling with them, and reaching consensus is hard.  I don't think that this is a case of "just a bit more time", but I'm very willing to be proved wrong.

So, my challenge to you is - tell me what you have all agreed on proxies by 10pm UTC.  If the answer is "nothing" we go with what we agreed in Dakar.

Whatever the outcome, we have done a wonderful job on this report.  Take it in its entirety, it represents a lot of work, and a lot of willpower and cooperation, plus - importantly - a willingness to step outside of one's individual, commercial interests and think about the public interest.  I have been marvelling at the sheer energy that has been focused on this mailing list and the incredible progress we have made since the weekend  (remember, I'm a Brit, not American, so I don't say these sort of things easily!).

Keep up this discussion.  But please focus your thoughts and exchanges on the give and take that's necessary for consensus.

To assist those who may not be fully up to speed, the text for the three alternatives are below.  Whatever happens, we are closing this discussion in just under 7 hours.  Good luck!

Kind regards

Emily

---------
Alternative 1
the text we agreed in Dakar on proxy definition and proxy liability
For the avoidance of doubt, the WHOIS Policy[, referred to in Recommendation 1 above], should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use
Alternative 2
The text on best practices worked on by Susan, James and Kathy last night (latest version)
Data Access- Proxy Service
1.      ICANN should facilitate the review of existing practices by reaching out to proxy providers to create a discussion which sets out current processes followed by proxy service providers.
2.      Registrars should be required to disclosure their relationship with any Affiliated Retail proxy service provider to ICANN.
3.      ICANN should develop and manage a set of voluntary best practice guidelines for appropriate proxy services [footnote 1] consistent with national laws. These voluntary guidelines should strike an appropriate balance between stakeholders with competing but legitimate interests. At a minimum this would include privacy, law enforcement and the industry around law enforcement.
Such voluntary guidelines may include:
+ Proxy services provide full contact details as required by the Whois
+ Publication by the proxy service of its process for revealing and relaying information
+ Standardization of reveal and relay processes and timeframes, consistent with national laws
+ Maintenance of a dedicated abuse point of contact for the proxy service provider
+ Due diligence checks on licensee contact information.
5. ICANN should encourage and incentivize registrars to interact with the retail service providers that adopt the best practices.
6. For the avoidance of doubt, the WHOIS Policy, referred to in Recommendation 1 above, should include an affirmative statement that clarifies that a proxy means a relationship in which the Registrant is acting on behalf of another. The WHOIS data is that of the agent, and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use.
Footnote 1 (all the remaining text)
As guidance to the Community and as useful background for the Proxy Service Recommendations, the Review Team provides its working definitions of proxy service and different types of proxy service providers:
- Proxy Service – a relationship in which the registrant is acting on behalf of another The WHOIS data is that of the agent and the agent alone obtains all rights and assumes all responsibility for the domain name and its manner of use. [KK: is this the definition we are using in other places in the Report?]
- Affiliated Registrar - another ICANN accredited registrar that operates under a common controlling interest (2009 Registrar Accreditation Agreement, Section 1.20)
- Affiliate retail proxy service provider – entity operating under a common controlling interest of a registrar.
- Retail proxy service provider - proxy service with little or no knowledge of the entity or individual requesting the service  beyond their ability to pay and their agreement to the  general terms and conditions.
- Limited proxy service provider - proxy service for an entity or individual in which there is an ongoing business relationship bound by a contract that is specific to the relationship.


Alternative 3
Seth's proposal.
Data Access- Proxy Service

1.      The Review Team considers a Proxy Service as a relationship in which
the registrant is acting on behalf of another. The WHOIS data is that of the
agent/proxy service and the agent/proxy service alone obtains all rights and
assumes all responsibility for the domain name and its manner of use.
2.      ICANN should clarify that any registrant that may be acting as a
proxy service for another is in all respects still the registrant and, in
ICANN's view, should be held fully responsible for the use of the domain
name including for any and all harm that results from the use of the domain
name.
2.      Because of ICANN's position on proxy services to date, which
tolerates the proxy service industry that has arisen and which through RAA
provisions gives recognition and attempts to regulate that industry, has
been used by courts and others to allow proxy services to escape liability
for bad acts of the proxy service customers, ICANN should either delete or
amend those provisions of the RAA that can or have been used to allow proxy
services to escape liability.
3.      The Review Team acknowledges that there may be legitimate reasons
for the occasional use of a proxy service, as for example to protect a
valuable trade secret at product launch. At the same time proxy services
should not be viewed or used as a substitute for privacy services that are
designed to shield an individual's personal contact information.  The
legitimate use a proxy service would be the exception and not widespread.
4.    A proxy service industry willing to accept full risks and liabilities
for the manner in which domain names through its service will be used will
take the necessary precautionary measures, in its relationship with its
customers, such that domain names so registered are unlikely to be misused
and, if misused, a remedy for those victimized will more likely be
available.
[Description: Image removed by sender.]


--


   [Description: Image removed by sender.]


76 Temple Road, Oxford OX4 2EZ UK
t: +44 (0)1865 582 811<tel:%2B44%20%280%291865%20582%20811> • m: +44 (0)7540 049 322<tel:%2B44%20%280%297540%20049%20322>
emily at emilytaylor.eu<mailto:emily at emilytaylor.eu>

www.etlaw.co.uk<http://www.etlaw.co.uk/>

Emily Taylor Consultancy Limited is a company registered in England and Wales No. 730471. VAT No. 114487713.

________________________________
_______________________________________________
Rt4-whois mailing list
Rt4-whois at icann.org<mailto:Rt4-whois at icann.org>
https://mm.icann.org/mailman/listinfo/rt4-whois
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/cd013bdb/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
Url : http://mm.icann.org/pipermail/rt4-whois/attachments/20111201/cd013bdb/WRD000.jpg

More information about the Rt4-whois mailing list