Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Evan, one point. It is unclear to me whether the issue is 100% invalid addresses, or as some people have implied, valid addresses where the registrant has not replied in 15 days. The two situations are substantively different, and we need to get a handle on which is the cause of these suspensions, or if mixed, what percentage. If ssomeone on this list *knows* definitively what the answer is, it would be much appreciated. Alan At 06/07/2014 11:57 AM, Evan Leibovitch wrote:
I was actually surprised to hear Fadi's comments about this at the Fayre.
I was both dismayed at the stance he took (I recall him saying the incident diminished the standing of "law enforcement") and his choice of venues (one of too many speeches delivered at a social event when many of the participants were winding down after a day of exhaustion).
Had the issue been raised at a time where genuine interaction and thoughtfulness were called for, I suspect Fadi may not have received the anticipated response, as this incident clearly indicates how out of touch ICANN is with the rest of the world,.
*Inside the ICANN bubble:*
* "We are appalled that 800,000 domains were taken down for having non-responsive contact info" * *The rest of the world:* *"Did you just say that 800,000 domains have non-responsive contact info?"*
The methods of verification and the speed of takedown could be tweaked to ensure that good actors with minor access problems (such as mail going into spam filters, increasing time to respond, forget to change after moving, etc) would not be adversely affected. But the end objective is absolutely welcomed from the non-registrant end-user point of view.
So I personally have zero ethical qualms about the suspensions, noting that the issue has already been inflated for dramatic effect. A claim of 800,000 domains becomes a million in the headlines. And then there was this gem:
*"We have stories of healthcare sites that have gone down,"*, chimes Elliot Noss in the CircleID article <http://domainincite.com/16963-a-million-domains-taken-down-by-email-checks> .
I don't know about the rest of you ... but given the sensitivity of information at healthcare sites regarding privacy and accuracy, that category of site is amongst those *most* in need of accurate contact info IMO. So if such sites have non-functional contact info, frankly, I couldn't suspend them fast enough until things are fixed. This attempt at media manipulation backfires.
The salient point is that a contact address is just that, a way to make contact. If it won't work from the registrant's own registrar or registry -- a body with which whom the registrant has a contractual and financial relationship -- it certainly won't work if someone from the public has a question, complaint, or warrant to serve. If policy indicates that contact info must be accurate and current, then that is what needs to be enforced.
When the interests of ICANN and contracted parties are hurt by inaction of registrants -- notably non-payment -- enforcement such as suspension is immediate, automated and non-controversial. (Indeed, it was even once gamed by some contracted parties, which is what led to the PEDNR <http://icannwiki.com/index.php/PEDNR> debate.) But here, the inaction indicates harm to the public interest while enforcement threatens financial loss to ICANN and contracted parties, so all hell breaks loose and Fadi lectures us at the Fayre.
This isn't just a matter of law enforcement, and I am puzzled why that community is being singled out for recrimination. Sure, some chunk of those 800,000 are bad actors in the sense of intending to have unusable contact info. But how many of the others have bad contact info because the domains themselves are neglected and unused, squatted or speculated names that their registrants have just locked away and forgotten? How does that serve the interest of end users to have so many extant but useless domains?
So, by all means, let's engage in a proper dialogue -- not one initiated, almost in passing, at a social event more than halfway into the ICANN meeting. We may all look at this incident and see within it a deep problem, but the problems At-Large identifies may be far different from those seen by the registrars.
Be careful what you wish for. While registrars complaining loudly may score power points inside the bubble (at the expense of public-interest advocacy), outside it just reinforces ICANN's detachment from the rest of the Internet-using world. If news broke that there were 800,000 cars on the road with unusable contact info related to their license plates, public reaction would be loud and ugly no matter what proportion of those cars belonged to criminals.
I look forward to any debate going forward on the issue in At-Large's Regulatory Issues Working Group, which is where I believe any future ALAC stance must be discussed and first formulated.
- Evan _______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/alac
At-Large Online: http://www.atlarge.icann.org ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALA...)
Agreed. As I said in my earlier message, if this is an implementation issue -- such as too short a wait time or other matters of mechanics -- it can be easily fixed. The policy goal behind the action remains sound. The method by with which the matter has been brought to the rest of the ICANN community, along with the accompanying sense of alarm, indicates a broader and opportunistic agenda. (ie, the consistent attachment of references to demands from "law enforfcement"). Those who have been running to the media and ICANN senior staff on the issue seem to have little interest in the very real nuances you describe, because it couldn't then be over-dramatized. - Evan
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running the day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants. Kerry Brown ________________________________________ From: at-large-bounces@atlarge-lists.icann.org <at-large-bounces@atlarge-lists.icann.org> on behalf of Evan Leibovitch <evan@telly.org> Sent: Sunday, July 6, 2014 10:42 AM To: Alan Greenberg Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks Agreed. As I said in my earlier message, if this is an implementation issue -- such as too short a wait time or other matters of mechanics -- it can be easily fixed. The policy goal behind the action remains sound. The method by with which the matter has been brought to the rest of the ICANN community, along with the accompanying sense of alarm, indicates a broader and opportunistic agenda. (ie, the consistent attachment of references to demands from "law enforfcement"). Those who have been running to the media and ICANN senior staff on the issue seem to have little interest in the very real nuances you describe, because it couldn't then be over-dramatized. - Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business.
Well, sure. Indeed, the reason I became a domain reseller was because it was easier than repeatedly rescuing friends and clients from all of the random nitwits they'd picked to register domains. There are dozens of ways an incompetent provider can make your service fail, with the most common being failure to pay someone else, and we expect people to deal with it. What is there about screwing up the contact email that makes it special? I expect that a lot more than 0.6% of domains are suspended for failure to pay. Regards, John Levine, john.levine@cauce.org CAUCE North America
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes. This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website? Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email. People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that. Ciao -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> now blogging & more at http://bertola.eu/ <--------
This is really interesting feedback - and thank you for it. So the problem is NOT LEAs - or may not be. It is about - at least partly - registrants and their lack of awareness of their responsibilities for their domain name. The issue is still about accurate Whois Information, but it is also about education - and probably best - at least in part - from the organisation they would have at least some contact with: the registrar;reseller. Holly On 7 Jul 2014, at 2:18 pm, Vittorio Bertola <vb@bertola.eu> wrote:
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes.
This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website?
Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email.
People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that.
Ciao -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> now blogging & more at http://bertola.eu/ <-------- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Vittorio The privacy issue you raise is one that EU based registrars face every day. ICANN currently has a comment period open on this subject, but I'm not seeing many comments so far: https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-e... Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 -----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Vittorio Bertola Sent: Monday, July 07, 2014 5:19 AM To: Kerry Brown Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes. This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website? Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email. People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that. Ciao -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> now blogging & more at http://bertola.eu/ <-------- _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
If we are to drag EU privacy law into this debate: If we can agree that if any party in the EU has his whois data "privatized", his domain shall be suspended immediately the first time he abuses my rights where I don't reside in the EU Union, then we can talk about this. Further a complimentary system need to be set up by EU regulators where non-EU citizens can report details of abuse of their rights by holders of domains protected under EU legislation and the abused will be heard and promptly so, not six weeks or like by which time much harm can be done already. Otherwise it be best to remember that the world is bigger than the EU Union, we are talking about gTLD's and my rights are not subservient to the rights of somebody living in the EU. Europe is home to only about 12% of the world population. The EU has access to .EU domains etc, why not use them? Without this, we may as well consider our information super highway trying to apply UK road rules and US road rules at the same time with predictable disastrous conclusion. Derek Smythe On 2014-07-07 01:01 PM, Michele Neylon - Blacknight wrote:
Vittorio
The privacy issue you raise is one that EU based registrars face every day.
ICANN currently has a comment period open on this subject, but I'm not seeing many comments so far:
https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-e...
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Vittorio Bertola Sent: Monday, July 07, 2014 5:19 AM To: Kerry Brown Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes.
This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website?
Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email.
People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that.
Ciao
: No vivo en la UE. Vivo en un país de América Latina donde como en muchos países de esta región ya existe una ley de protección de datos personales. Claro que una cosa son las leyes y otra la efectiva implantación, según los diferentes países y sus desarrollos. Estas nuevas normas tienen más antiguedad y más tiempo de aplicarse en la UE, donde están por la segunda o tercera generación de normas sobre datos personales, se trata de países con un desarrollo diferente, que permite aplicar leyes y exigir el cumplimiento de otra manera más efectiva. En mi país la ley es de 2008 y se generó gran inquietud en ese momento en especial en el área comercial, que veía complicada su actividad. Hoy el proceso de capacitación continúa, se sigue en etapa difusión, lentamente se ven los beneficios de la ley, la gente aprenden sus derechos, la aplicación práctica ha mejorado, aunque falta bastante. Mi intención es contribuir al diálogo y que se vean distintos puntos de vista y la parte legal, para ajustar las normas a todos los países. En EEUU u otros países existen otras normas. ICANN deberá tener en cuenta que en distintos países hay distintas leyes y que deben ser respetadas las leyes de cada país y evitar que la gente incurra en responsabilidades. Saludos 2014-07-07 9:39 GMT-03:00 Derek Smythe <derek@aa419.org>:
If we are to drag EU privacy law into this debate:
If we can agree that if any party in the EU has his whois data "privatized", his domain shall be suspended immediately the first time he abuses my rights where I don't reside in the EU Union, then we can talk about this. Further a complimentary system need to be set up by EU regulators where non-EU citizens can report details of abuse of their rights by holders of domains protected under EU legislation and the abused will be heard and promptly so, not six weeks or like by which time much harm can be done already.
Otherwise it be best to remember that the world is bigger than the EU Union, we are talking about gTLD's and my rights are not subservient to the rights of somebody living in the EU. Europe is home to only about 12% of the world population. The EU has access to .EU domains etc, why not use them?
Without this, we may as well consider our information super highway trying to apply UK road rules and US road rules at the same time with predictable disastrous conclusion.
Derek Smythe
On 2014-07-07 01:01 PM, Michele Neylon - Blacknight wrote:
Vittorio
The privacy issue you raise is one that EU based registrars face every day.
ICANN currently has a comment period open on this subject, but I'm not seeing many comments so far:
https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-e...
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto: at-large-bounces@atlarge-lists.icann.org] On Behalf Of Vittorio Bertola Sent: Monday, July 07, 2014 5:19 AM To: Kerry Brown Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes.
This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website?
Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email.
People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that.
Ciao
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Aida Noblia
I do not live in the UE I live in a country in Latin America where as in many countries in this region and there is a law on protection of personal data. Of course laws are one thing and another effective implementation, in different countries and their development. These new rules have more seniority and longer applied in the UE, where they are the second or third generation of standards for personal data, these are countries with a different development that allows applying laws and enforce another way effective. In my country the law of 2008 and generated great concern at the moment especially in the commercial area, which was complicated activity. Today the training process continues, it continues to broadcast stage, slowly see the benefits of the law, people learn their rights, the practical application has improved, although quite lacking. My intention is to contribute to dialogue and different points of view and the legal side look to adjust the rules to all countries. In the U.S. and other countries there are other standards. ICANN should consider that there are different laws in different countries and that should be respected the laws of each country and keep people incur responsibilities. 2014-07-07 9:39 GMT-03:00 Derek Smythe <derek@aa419.org>:
If we are to drag EU privacy law into this debate:
If we can agree that if any party in the EU has his whois data "privatized", his domain shall be suspended immediately the first time he abuses my rights where I don't reside in the EU Union, then we can talk about this. Further a complimentary system need to be set up by EU regulators where non-EU citizens can report details of abuse of their rights by holders of domains protected under EU legislation and the abused will be heard and promptly so, not six weeks or like by which time much harm can be done already.
Otherwise it be best to remember that the world is bigger than the EU Union, we are talking about gTLD's and my rights are not subservient to the rights of somebody living in the EU. Europe is home to only about 12% of the world population. The EU has access to .EU domains etc, why not use them?
Without this, we may as well consider our information super highway trying to apply UK road rules and US road rules at the same time with predictable disastrous conclusion.
Derek Smythe
On 2014-07-07 01:01 PM, Michele Neylon - Blacknight wrote:
Vittorio
The privacy issue you raise is one that EU based registrars face every day.
ICANN currently has a comment period open on this subject, but I'm not seeing many comments so far:
https://www.icann.org/public-comments/whois-conflicts-procedure-2014-05-22-e...
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
Park,Sleaty
Road,Graiguecullen,Carlow,Ireland Company No.: 370845
-----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto: at-large-bounces@atlarge-lists.icann.org] On Behalf Of Vittorio Bertola Sent: Monday, July 07, 2014 5:19 AM To: Kerry Brown Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes.
This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website?
Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email.
People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that.
Ciao
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Aida Noblia
-----Messaggio originale----- Da: at-large-bounces@atlarge-lists.icann.org [mailto:at-large- bounces@atlarge-lists.icann.org] Per conto di Derek Smythe Inviato: lunedì 7 luglio 2014 08:40 A: at-large@atlarge-lists.icann.org Oggetto: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
......
Otherwise it be best to remember that the world is bigger than the EU Union, we are talking about gTLD's and my rights are not subservient to the rights of somebody living in the EU. Europe is home to only about 12% of the world population. The EU has access to .EU domains etc, why not use them?
Without this, we may as well consider our information super highway trying to apply UK road rules and US road rules at the same time with predictable disastrous conclusion.
It is true that if all used only ccTLDs, where the jurisdiction is clear, the situation would be simpler. As a matter of fact, there's also a .US domain that, similarly, could be used by US people to avoid problems. However, gTLDs are a reality, and we are in a situation where, to use the same image, we cannot apply at the same time UK rules and US rules at the same time. But the question is which of the two use. Cheers, R.
The privacy issue you raise is one that EU based registrars face every day.
FWIW, I'm seeing that the EU position on privacy has been, shall we say, declining in credibility <http://www.theguardian.com/commentisfree/2014/jul/06/right-to-be-forgotten-i...>. It has probably been necessary to engage the experiment to see what happens when obsession with privacy -- to the exclusion of accountability, free speech rights or public interest -- is carried to its logical conclusions. It wouldn't surprise me to see some of these excesses rolled back.
Evan The "right to be forgotten" debacle is tied to a single court ruling. Using that to question the "credibility" of ALL privacy law is a bit of a stretch Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: evanleibovitch@gmail.com [mailto:evanleibovitch@gmail.com] On Behalf Of Evan Leibovitch Sent: Monday, July 07, 2014 3:29 PM To: Michele Neylon - Blacknight Cc: Vittorio Bertola; Kerry Brown; ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks The privacy issue you raise is one that EU based registrars face every day. FWIW, I'm seeing that the EU position on privacy has been, shall we say, declining in credibility<http://www.theguardian.com/commentisfree/2014/jul/06/right-to-be-forgotten-i...>. It has probably been necessary to engage the experiment to see what happens when obsession with privacy -- to the exclusion of accountability, free speech rights or public interest -- is carried to its logical conclusions. It wouldn't surprise me to see some of these excesses rolled back.
Il 07/07/14 9:33, Michele Neylon - Blacknight ha scritto:
Evan
The "right to be forgotten" debacle is tied to a single court ruling.
Using that to question the "credibility" of ALL privacy law is a bit of a stretch
Moreover, laws don't have "credibility". Laws are laws and are to be obeyed, no matter whether they are stupid or clever. And if a EU citizen registers a domain name from a EU registrar, there is no doubt that EU privacy laws apply (in fact, I have no problem if people in other parts of the world do not have privacy protection because their culture and laws are different from the European ones, as long as they don't insist on preventing us from upholding our laws and culture in our own countries). Ciao -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> now blogging & more at http://bertola.eu/ <--------
It is true that the world until now handled in many areas with certain inaccuracy and amicable settlement between the parties of handcrafted tidied certain matters like this the email of the person in the register of domain names and had no problems although some data that were not true, that suited the particular case of each and goodwill of any person, for good reason, and between well-meaning people. The problem is that the world has changed. These information technology and communications have grown exponentially databases way, people involved in the processes increase, all processes that are internationalized especially concerning domain names and connections that each of these names domain you can have, given that international trade and relations of any kind increases. This also further increase the amount of new domain names rigging the opening of IPV6. The value and importance of data also increases. The data, or the data can be used for many purposes. The consequences of knowing or not knowing too. Consequently also increase accountability. With this has come the need to better organize the multiplied amount of data to the record itself is true, to be precise and appropriate and without that to get to the person using the domain has to talk to the one who best they lent his address to user domain name, respond to reality standardization of procedures. Also to know who is responsible for the use or misuse of the data in your case and how to notify the holder of the data and in this case the domain, how to tell the end user quickly, from eel own registry, everything may be interested in regarding your domain and your data. This goes to the better service. The data accuracy of a record is one element that allows you to provide better service because in the case of email, from registration providing fast you get to the right person at the right time when needed. Also include compliance with that service as any service that generates responsibilities The accuracy in the data that is on the public record, and this record is a record that is open to the public, aid to the location of the person. As Salanieta said this is a culture of compliance, accuracy of data, that "At least this will enforce a culture of compliance and, ultimately, at the end of the day is in the best interest of the average end user. " If you wake up to the people to take the "verification" seriously, then so be it. This topic is very broad and complex. On the other hand is also the responsibility of the records as to the accuracy of the data. If erroneous data because they did not bother to take good data, maybe they can be held accountable for this when someone is harmed. It would also have to take into account national laws on inter alia the laws of data protection. In the case of e-mail in my country informed of the holder of the email to be published consent is required. This would be resolved if the contract performed by the end user and owner of the domain name with the person who records it and makes the process of registration. This contract should have a clause in which the end user expressly agrees that the person registering the domain of your email to register for purposes of registration. 2014-07-07 1:18 GMT-03:00 Vittorio Bertola <vb@bertola.eu>:
Il 06/07/14 19:41, Kerry Brown ha scritto:
I can speak from the end user point of view on this issue. As a
consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
This is just so true... When, several years ago, I used to make websites for small companies and non-profits in Italy, most of the people in charge at the customer had no idea of what "Whois" was. I had the choice of either listing as the main contact the actual registrant, who would not be able to understand any communication about this matter, or myself, which I did. Later, I stopped doing that job, but I could not convince almost any of my former customers that they needed to put someone else as a contact, also because they didn't have anyone able to assume the role. Now, I am a nice guy and continue watching over their domain names for free, but in any other case those domains would now be stuck with the contact information of someone who does not care anymore about them, let alone update the information as it changes.
This is also because, you know, the only thing people usually expect from their domain name is for it to point to their website and/or mail server. They don't expect their domain name to be a point of contact for their company or themselves, nor to have to waste time on updating a wondrously complex set of contacts. Actually, even if their Whois contacts are not up to date, usually you could just go to their website and find an e-mail address and/or phone number that works, and that they keep up-to-date. In case something bad happens with their domain name, it takes you ten seconds to google their name and find their contacts - it actually takes less than using Whois. So why should registrants lose time to update contact information that no one uses (actually, no one even knows that it exists) except a small community of techies and lawyers, when they already provide valid contact information in a page on their website?
Moreover, among the few registrants who actually know what Whois is, I know many here in Italy who provide bogus contact information on purpose: the registrant's name is correct, but the address and phone number are not, and the e-mail address either does not work at all or, more likely, is a specific "spammable" e-mail address that they use for situations in which they don't know how the information will be managed (e.g. obscure websites that require a registration to allow you to do something which you only need to do once), and which is so full of spam that it is never read except at the time when you register somewhere and need to click on a confirmation email.
People would be much more likely to submit real contact information if they knew that it wouldn't be made public to anyone who would want to abuse it, e.g. spammers, phishers, bully lawyers and the likes. I don't think that ICANN has any right to blame anyone not providing valid contact information if it is not providing any protection for the privacy of that information, and I would expect the ALAC (at least its European members) to point out just that.
Ciao -- vb. Vittorio Bertola - vb [a] bertola.eu <-------- --------> now blogging & more at http://bertola.eu/ <--------
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
-- Aida Noblia
This is so true! As a registrar in ccTLD I faced so many suchlike cases when a webcompany register the domain in their name and then disappear. Or a registrant provides a bogus email address not to be targeted by spammers. In the first case it's necessary to improve the registrants' literacy. As Holly told, here the resellers, registrars, even ALSs, the Internet Societies can have their contribution. This is the matter of education. In the second situation the registrars can give an option for registrants to hide the contact email address from public view yet keep the up-to-date email address for notifications by them [registrar]. Some percentage of those registrants who feel unprotected could provide correct email address if they know that it won't be available publicly. Lianna On Mon, July 7, 2014 4:41 am, Kerry Brown wrote:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
Kerry Brown
________________________________________ From: at-large-bounces@atlarge-lists.icann.org <at-large-bounces@atlarge-lists.icann.org> on behalf of Evan Leibovitch <evan@telly.org> Sent: Sunday, July 6, 2014 10:42 AM To: Alan Greenberg Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Agreed.
As I said in my earlier message, if this is an implementation issue -- such as too short a wait time or other matters of mechanics -- it can be easily fixed. The policy goal behind the action remains sound.
The method by with which the matter has been brought to the rest of the ICANN community, along with the accompanying sense of alarm, indicates a broader and opportunistic agenda. (ie, the consistent attachment of references to demands from "law enforfcement").
Those who have been running to the media and ICANN senior staff on the issue seem to have little interest in the very real nuances you describe, because it couldn't then be over-dramatized.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
Lianna Registrars do not have the leeway in the 2013 contract to hide contact email addresses from public view. Also switching the email address around would effectively make the registrar the registrant in terms of domain control which would impede the registrant's ability to move their domain should they choose to do so. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 -----Original Message----- From: at-large-bounces@atlarge-lists.icann.org [mailto:at-large-bounces@atlarge-lists.icann.org] On Behalf Of Lianna Galstyan Sent: Monday, July 07, 2014 10:17 AM To: Kerry Brown Cc: ICANN ALAC list; Alan Greenberg; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks This is so true! As a registrar in ccTLD I faced so many suchlike cases when a webcompany register the domain in their name and then disappear. Or a registrant provides a bogus email address not to be targeted by spammers. In the first case it's necessary to improve the registrants' literacy. As Holly told, here the resellers, registrars, even ALSs, the Internet Societies can have their contribution. This is the matter of education. In the second situation the registrars can give an option for registrants to hide the contact email address from public view yet keep the up-to-date email address for notifications by them [registrar]. Some percentage of those registrants who feel unprotected could provide correct email address if they know that it won't be available publicly. Lianna On Mon, July 7, 2014 4:41 am, Kerry Brown wrote:
I can speak from the end user point of view on this issue. As a consultant to small businesses I have seen several clients suffer business hardship because of this issue (invalid contact email). It is not uncommon for a small business owner to not want to deal with "the internet". They hire someone to get them "the internet". This usually means a domain, a web site, email, etc. Someone sells them a package that includes all this. Often the contact email will be the person that sells them the package. Some of these resellers are unscrupulous, some are just incompetent, some for whatever reason leave the business. The domain may not even be registered in the small business name but in the name of the reseller who has disappeared. When the domain goes dark the business loses email, their website, and possibly more. By the time the small business owner contacts someone like me to fix their internet a few weeks to a month may have gone by. Small business owners are busy running th e day to day things and thought they had "the internet" covered, after all they have been paying someone to deal with it. By the time they figure out they don't have someone to deal with it and find someone who will they may have lost the domain. There is almost aways a charge from the registrar to reinstate the domain. They have not had email or a web site for long enough that it has cost them business. They end up with a very sour taste for "the internet" and the people that "run" it. They equate internet governance with the people that run the internet. They have no idea how things happen so they they are on "the internet". They mostly think of Al Gore when they even think about how the internet works. We who have built this ecosystem have not built it for people that are not intimately involved in it. It is up to us to fix it. We can't simply blame registrants.
Kerry Brown
________________________________________ From: at-large-bounces@atlarge-lists.icann.org <at-large-bounces@atlarge-lists.icann.org> on behalf of Evan Leibovitch <evan@telly.org> Sent: Sunday, July 6, 2014 10:42 AM To: Alan Greenberg Cc: ICANN ALAC list; ICANN At-Large list Subject: Re: [At-Large] [ALAC] Fwd: A million domains taken down by email checks
Agreed.
As I said in my earlier message, if this is an implementation issue -- such as too short a wait time or other matters of mechanics -- it can be easily fixed. The policy goal behind the action remains sound.
The method by with which the matter has been brought to the rest of the ICANN community, along with the accompanying sense of alarm, indicates a broader and opportunistic agenda. (ie, the consistent attachment of references to demands from "law enforfcement").
Those who have been running to the media and ICANN senior staff on the issue seem to have little interest in the very real nuances you describe, because it couldn't then be over-dramatized.
- Evan _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large At-Large Official Site: http://atlarge.icann.org
I am reminded by Kerry's comments of my involvement in negotiations regarding the RAA <http://icannwiki.com/index.php/RAA> that were taking place about five or so years ago, before I was on the ALAC. I recall that Beau Brendler, who WAS at that time on the ALAC, was involved with me in trying to embed an assertion of registrants rights into the RAA. This happened at one meeting -- I believe it was this one <http://sel.icann.org/node/7372>, held during the Seoul ICANN meeting in 2009, which became a kind of verbal firing squad. A room full or registries and registrars on one side, Beau and me on the other, taking what I can best rexcall as a relentless attack. How DARE we try to affect the business models of registrars?!?! Though we had come to the meeting to simply explore the idea, Beau and I were put on the spot to indicate EXACTLY what kind of rights we had in mind. Over a matter of a few minutes, pressed for time, I came up with a list that I thought was a reasonable first stab, intended to be later expanded and reworded but at least giving an idea of what we were hoping for. That list, preserved here <https://community.icann.org/display/atlarge/raa+wg+a+workspace+for+aspiratio...>, asserted that a registrant has the right to - have accurate, current and complete contact and locative information regarding their registrar - be the sole entity capable of asserting and changing ownership information for their domain - have ample opportunity to renew their existing domain(s) at the same rates as new domains - protect their trade name against unauthorized use - refuse the transfer of their personal information to unauthorized bodies - expect ICANN to enforce its agreements with registrars We didn't think there was anything really contentious in that list. Nonetheless, it was dismissed by the registrars and registries in the room as out of the scope, and that while the ALAC could do whatever it wanted with this "aspirational set of rights" they would never find their way into the RAA. We went for support elsewhere amongst registrant constituencies in the GNSO but found no takers -- the commercial side was obsessed with protecting trademarks and the non-commercial side obsessed with protecting anonymity. Not having found any partners to fight for something that wasn't even really within ALAC's remit, Beau and I eventually gave up on it (Beau eventually gave up on ICANN), and only scant records exist <http://nbo.icann.org/node/8896> to verify that the effort ever existed. So I hear you, Kerry. ICANN has served its vested interests well, and the rest are left to fend for themselves. Sell as many domains as possible and let the consequences sort themselves out later. (Such is the mantra of the current gTLD expansion as well.) But this is why I focus on the end user side of things. While I feel for the small business registrant that has been sideswiped by consultants and agents (and have rescued a few of them myself!), in this forum I am most mindful of the end user. Registrants have their own designated champions within ICANN; if they can't do the job we can't fight their battles for them. We can barely fight our own. The core point of this thread, the suspension issue and the ALAC position -- is that domains must have clear contact information. Kerry's comments that this is necessary both in the case of abuse *by* a registrant and abuse *of* a registrant. - Evan
Evan, one point. It is unclear to me whether the issue is 100% invalid addresses, or as some people have implied, valid addresses where the registrant has not replied in 15 days. The two situations are substantively different, and we need to get a handle on which is the cause of these suspensions, or if mixed, what percentage. If someone on this list *knows* definitively what the answer is, it would be much appreciated.
As the sub-registrar of one of those 800,000 domains, I can report that the confirmation mail has a link you have to click to confirm that you got it. It is not a big deal. If you don't click on the link in the original message, they send multiple reminders. I strongly endorse everything that Evan said, and also reiterate that this is basically about money: registrars not wanting to spend anything to comply with the RAA that they and the registrants agreed to. Regards, John Levine, john.levine@cauce.org CAUCE North America
participants (11)
-
Aida Noblia -
Alan Greenberg -
Derek Smythe -
Evan Leibovitch -
Holly Raiche -
John Levine -
Kerry Brown -
Lianna Galstyan -
Michele Neylon - Blacknight -
Roberto Gaetano -
Vittorio Bertola