Fwd: [council] Motion from the RrSG
The following motion was just sent to the GNSO Council list by Tim Ruiz on behalf of the Registrar Stakeholder Group. I will also forward the reply that I sent to the Council list. Alan
From: Tim Ruiz <tim@godaddy.com> To: GNSO Council <council@gnso.icann.org> Subject: [council] Motion from the RrSG Date: Tue, 13 Sep 2011 11:51:07 -0700
The following motion (also attached as a doc file) is being made at the request of the RrSG. We feel the recommendations contained in it are requested and generally agreed as necessary by Law Enforcement Agencies (LEA), are supported by the GAC, and have not garnered any opposition from other SGs or Cs.
Tim
--------------
WHEREAS, the Registrar Stakeholder Group has consulted extensively with representatives of international law enforcement agencies regarding the nature of Internet-based criminal activity and the information and tools available to help address crime that involves the domain name system; and
WHEREAS, the Registrar Stakeholder Group has reviewed law enforcement proposals and requests regarding registrar cooperation in addressing online crime; and
WHEREAS, the GNSO Council is prepared to assist law enforcement in its long-term effort to address Internet-based criminal activity;
NOW THEREFORE, the GNSO Council recommends to the ICANN Board of Directors that:
1. ICANN-accredited registrars must provide to ICANN staff, and ICANN staff must keep on record, a valid physical address for the purpose of receiving legal service. This record must include a valid street address, city, appropriate region, telephone number and fax number. Registrars must publish this information on their respective web sites, and must notify ICANN staff and update their published addresses within 30 days of a change of address.
2. ICANN-accredited registrars must provide to ICANN staff, and ICANN staff must keep on record, the names of each registrarâs respective corporate President, Vice President, and Secretary, or the appropriate equivalents of those positions. These data may be made available upon request to a verified representative of a law enforcement agency, in a manner agreed to by ICANN staff, ICANN-accredited registrars, and representatives of law enforcement agencies. Registrars will notify ICANN of any changes in this information within 30 days of a change.
3. ICANN-accredited registrars must publish on their respective web sites e-mail and postal mail addresses to which law enforcement actions may be directed. The e-mail address will use a uniform convention (example: lawenforcement@xxxxxxxxxxx) to facilitate ease of use by law enforcement agencies. Registrars may, at their individual discretion, include language in this section of their web sites, directed to the general public, that makes clear the use and expected outcomes of these points of contact and identifies the appropriate points of contact for other forms of business. Requests submitted by verified law enforcement agencies to this discrete point of contact must receive an acknowledgement of receipt from the registrar within 24 hours.
4. Law enforcement agencies provide, within six months of the date of approval of this policy by the ICANN Board and via the general advice of the GAC to the Board, their recommendations for a database and identification system that allows for expedient identification to a registrar of a law enforcement agency, and verification of the contacting party as a law enforcement agency upon that agency as first contact with a registrar.
5. Implementation and execution of these recommendations be monitored by the GNSO. Specifically:
a. ICANN staff will analyze and report to the GNSO at six-month intervals for one year following implementation, until such time as the GNSO resolves otherwise, with the intention of determining:
i. How effectively and to what extent the policies have been implemented and followed by Registrars, and
ii. Whether or not modifications to these policies should be considered by the GNSO as a result of experiences during the implementation and monitoring stages.
b. The purpose of these monitoring and reporting requirements are to allow the GNSO to determine when, if ever, these recommendations and any ensuing policy require additional amendment, clarification or attention based on the results of the reports prepared by ICANN staff.
Alan, Thanks for this. A few comments. While this is a good administrative step, we should not have too much optimism on its effectiveness. E-mail is an unreliable notification method. At best, a combination fo DKIM and S/MIME or PGP migh help identify if the sending LEA is really who they pretend to be, but this is not mandated in the submitted motion. Even then, the law of the country in which the registrar is established may not give any legal value to electronic search warrants. Even if it does, it is not guaranteed that what is considered illegal in country A is also illegal in country B. A recent example was the takedown of the rojadirecta.org domain, considered illegal by the DHS is the US, but perfectly legal in Spain, where the registrant is based. What is the risk for the registrar if they do not follow up on a foreign LEA request ? Should they help LEAs from autocratic regimes identify political opponents ? Did the GNSO discuss this or evaluate the cost/benefit ratio of such a measure ? Thank you for pointing out in your reply that the implementation might take a long time, and the concern about resellers. Best regards, Patrick Vande Walle On Tue, 13 Sep 2011 16:46:40 -0400, Alan Greenberg wrote:
The following motion was just sent to the GNSO
Council list by Tim Ruiz on behalf of the Registrar Stakeholder Group.
I will also forward the reply that I sent to the Council list.
Jean-Jacques is on leave. Hence, I don't have any feedback from his side.
participants (2)
-
Alan Greenberg -
Patrick Vande Walle