PPSAI folks,
I've given some thought to Privacy and Proxy Providers.
1. Privacy and Proxy providers are qualitatively different.
Privacy providers provide alternative contact details -- email,
phone, physical address -- but do not obscure the registrant's identity.
The purpose is to route correspondence to people who are designated to
accept and act on the registrant's behalf, and to avoid disclosing the
registrant's direct contact details.
In the normal physical world, this is accomplished by explicitly
designating a correspondence address.
In the current implementations of registration data, inserting the
correspondence address into the data elements allocated to the
registrant's
contact is mistake that has two consequences.
- It obscures the fact that the contact data is not related to the
registrant but is, instead, contact data for a different role.
- It makes it impossible to include registrant contact information
in the database that may -- or should -- be available to authorized
requestors.
- The correct path forward is to define a new role,
Correspondent. This role is optional. If it is included, it
indicates where correspondence should be directed. This data should
usually be public. In contrast, the registrant's address, etc. can be
private and not disclosed in response to normal requests.
2. Proxy providers fall into two categories, known and unknown.
Unknown proxy providers should be treated as ordinary registrants.
That is, they should be presumed to be the actual registrant, with all of
the rights, privileges, responsibilities and obligations as any other
registrant.
Known proxy providers should be identified as such. One possible way
to do so is to extend the distinction between Natural and Legal
Persons to
include a third category, Known Proxy Provider. They are the legal
registrants, with the full set of rights, privileges, responsiblities and
obligations as other registrants, but it will be important to many
requestors to know that the registrant is actually a proxy provider.
The concept of Known Proxy Provider is not the same as an accredited
proxy provider. Accreditation presumably implies an agreement with the
proxy provider to adhere with some rules regarding disclosure to
appropriate requestors. The concept of a Known Proxy Provider simply
conveys to the requestor that the registration has been carried out by a
proxy provider, but there is no implication as to what the proxy provider
will do when asked to reveal the beneficial registrant.
If it is desired to institute a process of accrediting Known Proxy
Providers, we need a careful understanding of the intended purpose and a
good argument as to why it will work. In the current environment, there
are no rules barring someone from using a proxy provider and no rules
requiring that proxy providers be identified. Registrars are
likely to be
able to identify well known proxy providers and add that detail to their
registration data, but I do not see any reliable mechanism for
identifying
a proxy registration when the proxy provider does not want to be
known as a
proxy provider.
3. Proxy providers pose a potential policy conflict
Registrars have obligations to collect accurate registration data,
and they have an obligation to protect that data from inapprpriate
disclosure. Where does a proxy provider fit into this picture? What
service does it provide that is not in conflict with the registrar's role?
Thanks,
Steve
--
Sent by a Verified
sender
