March 2014 - Gnso-ppsai-pdp-wg

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 5, 2014

March 5, 2014

ROFL - ok - Carlton 5 points -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: Carlton Samuels [mailto:carlton.samuels@gmail.com] Sent: Wednesday, March 5, 2014 3:52 PM To: Michele Neylon - Blacknight Cc: Marika Konings; gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Yessir, I quite agree. But [GNSO] WG outputs certainly do have sway in the overall [DNS] system in which they operate. That subtlety is accessible I think to even the most ardent nationalist. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Wed, Mar 5, 2014 at 10:22 AM, Michele Neylon - Blacknight <michele(a)blacknight.com<mailto:michele@blacknight.com>> wrote: Carlton - while I might agree with your concepts just a gentle reminder - this group cannot have any sway over ccTLDs .. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%209183072> Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> Fax. +353 (0) 1 4811 763<tel:%2B353%20%280%29%201%204811%20763> Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>] On Behalf Of Carlton Samuels Sent: Wednesday, March 5, 2014 3:04 PM To: Marika Konings Cc: gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 .....Um, my understanding is that Marika was highlighting what would seem intuitive from the gitgo; a generic difficulty in accessing data related to privacy/proxy questions for cause. The intuit raised for P/P services should - or ought to - have forecast this; somebody somewhere has a need to obscure/place a barrier to access/discombobulate would be busybodies. In any event - and as Stephanie has raised so may times in my hearing - in places where the law compels a privacy regime on the registrar/registry, it hardly matters if the arena is ccTLD or gTLD controlled. What we must arrive at is a generic set of rules that embrace a consistent approach to embracing the privacy principle, consistent with law. And to the extent it advances the stability and security of the entire system, inclusive of ccTLDs and gTLDs. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799<tel:876-818-1799> Strategy, Planning, Governance, Assessment & Turnaround ============================= On Wed, Mar 5, 2014 at 8:59 AM, Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> wrote: I would like to encourage you all to review the whole quote from the Interisle report (see below) which places this specific sentence into context. It merely refers to the difficulty that may exist in verifying this claim independently due to the challenges that accuracy studies in a gTLD environment pose - it does not challenge whether P/P registration information is more accurate or not (as far as I understand). Again, please share the information about the other studies you are referring to so that these can be included as well. Thanks, Marika * Interviewees who represented providers of WHOIS privacy and proxy services claimed that the quality of the registrant data they hold for their customers is much better than for public WHOIS services in general. This seems credible because those providers tend to have a direct business relationship with their customers. However it is doubtful if these claims could be independently audited or verified. Assessing the accuracy of a representative sample of public WHOIS data is already very difficult. It would be far harder to do so for a representative sample of data protected by WHOIS privacy and proxy services. In its 2010 study of WHOIS data accuracy, NORC was able to assess the accuracy of privacy-registered domain information, but was not able to do the same for proxy-registered domains. From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Wednesday 5 March 2014 14:47 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Marika and All, I think the quote remains misleading in its context and placement. I recommend we a) delete it or b) clarify it and place it in context with explanatory text. For the bottom line is that regardless of the study drafters' personal opinions (and it is an opinion -- not what they were asked to study or prove in their study), it's wrong. Studies have been done; results have been found. If you protect people's/organization's privacy, the data they provide is more accurate. That's true of ccTLDs and gTLDs! Best, Kathy So, more proposed edits to come!: To further clarify, the quote in Kathy's email ('it is doubtful if these claims could be independently audited or verified') is a direct quote from the Interisle Study. It may be important to distinguish here between a ccTLD study and a gTLD study of P/P registrations. The Nominet opt-out programme is managed by Nominet and has specific eligibility requirements, this makes it presumably easier to 1) get access to the underlying data and 2) verify whether the data is accurate or not, which does not seem to have been the case for studies that have focused on accuracy of gTLD registration data (also presumably because without an accreditation program it is even hard to identify whether or not the researcher dealing with a P/P service as well as getting access to the underlying customer data). However, as said before, if you have any additional data or studies that are relevant to this question, please share these so that they can be added to the template. Best regards, Marika From: Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> Date: Tuesday 4 March 2014 16:07 To: Michele Neylon - Blacknight <michele(a)blacknight.com<mailto:michele@blacknight.com>> Cc: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 All, please note that the information in the background section are all direct quotes from the Whois studies, Whois Review Team report or other studies. If you have any other studies/references that would be helpful to include, please share these with the list and I will be happy to add these to the document. Thanks, Marika On 4 mrt. 2014, at 15:49, "Michele Neylon - Blacknight" <michele(a)blacknight.com<mailto:michele@blacknight.com>> wrote: +1 to Kathy I recall seeing multiple studies stating exactly the same thing If you respect privacy then people will provide better quality data It's logical and obvious -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%209183072> Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> Fax. +353 (0) 1 4811 763<tel:%2B353%20%280%29%201%204811%20763> Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Tuesday, March 4, 2014 1:46 PM To: Marika Konings; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Marika, Tx you for checking with Lesley! But the results of that study were shared with the Whois Review Team, so the idea that "it is doubtful if these claims could be independently audited or verified" is not true. It has been checked - in this field and many others. People have less incentive to mislead when they know their interests (including privacy) are protected. I'm happy to work with you on finding additional studies, and summaries of studies, but the opinion in the paper does need to be updated or removed. Tx, Kathy : Kathy, on the Nominet study, please note the information in the updated template for Cat B question 2 that was circulated last week. (see attached). I reached out to Lesley Cowley last week and she informed me that unfortunately the study is not publicly available. However, should there be any specific questions in relation to the data on opt-out, she would be do her best to try and assist. Best regards, Marika From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 4 March 2014 14:23 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 What Volker writes below makes sense to me, All. Provided the agreed upon 2013 RAA review of data has been done by someone, I don't see why we should duplicate it. The scope of our WG is p/p providers affiliated with registrars -- so coordination of the review of the data, per the ICANN rules, in conjunction with the Registrar makes perfect sense to me. As does a "no-privacy penalty." What we have found (Nominet and others -- BTW no one on staff reached out to me to help dig out this study, can we do that this week?) is that when people know their data is private and protected, it is more accurate. That makes sense and complies with government advice from all corners. Even the US Federal Trade Commission says not to give out your name and phone number in a way that is open and unprotected! So I think we are already headed towards more accurate data... Best, Kathy : Hi Steven, if we can limit that obligation to those cases where no validation of the underlying data has been performed by the registrar of record, we might be getting somewhere. An independent obligation that duplicates work already done will help no one and confuse many. Volker Am 03.03.2014 19:51, schrieb Metalitz, Steven: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

1 0

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 5, 2014

March 5, 2014

Carlton - while I might agree with your concepts just a gentle reminder - this group cannot have any sway over ccTLDs .. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Carlton Samuels Sent: Wednesday, March 5, 2014 3:04 PM To: Marika Konings Cc: gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 .....Um, my understanding is that Marika was highlighting what would seem intuitive from the gitgo; a generic difficulty in accessing data related to privacy/proxy questions for cause. The intuit raised for P/P services should - or ought to - have forecast this; somebody somewhere has a need to obscure/place a barrier to access/discombobulate would be busybodies. In any event - and as Stephanie has raised so may times in my hearing - in places where the law compels a privacy regime on the registrar/registry, it hardly matters if the arena is ccTLD or gTLD controlled. What we must arrive at is a generic set of rules that embrace a consistent approach to embracing the privacy principle, consistent with law. And to the extent it advances the stability and security of the entire system, inclusive of ccTLDs and gTLDs. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Wed, Mar 5, 2014 at 8:59 AM, Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> wrote: I would like to encourage you all to review the whole quote from the Interisle report (see below) which places this specific sentence into context. It merely refers to the difficulty that may exist in verifying this claim independently due to the challenges that accuracy studies in a gTLD environment pose - it does not challenge whether P/P registration information is more accurate or not (as far as I understand). Again, please share the information about the other studies you are referring to so that these can be included as well. Thanks, Marika * Interviewees who represented providers of WHOIS privacy and proxy services claimed that the quality of the registrant data they hold for their customers is much better than for public WHOIS services in general. This seems credible because those providers tend to have a direct business relationship with their customers. However it is doubtful if these claims could be independently audited or verified. Assessing the accuracy of a representative sample of public WHOIS data is already very difficult. It would be far harder to do so for a representative sample of data protected by WHOIS privacy and proxy services. In its 2010 study of WHOIS data accuracy, NORC was able to assess the accuracy of privacy-registered domain information, but was not able to do the same for proxy-registered domains. From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Wednesday 5 March 2014 14:47 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Marika and All, I think the quote remains misleading in its context and placement. I recommend we a) delete it or b) clarify it and place it in context with explanatory text. For the bottom line is that regardless of the study drafters' personal opinions (and it is an opinion -- not what they were asked to study or prove in their study), it's wrong. Studies have been done; results have been found. If you protect people's/organization's privacy, the data they provide is more accurate. That's true of ccTLDs and gTLDs! Best, Kathy So, more proposed edits to come!: To further clarify, the quote in Kathy's email ('it is doubtful if these claims could be independently audited or verified') is a direct quote from the Interisle Study. It may be important to distinguish here between a ccTLD study and a gTLD study of P/P registrations. The Nominet opt-out programme is managed by Nominet and has specific eligibility requirements, this makes it presumably easier to 1) get access to the underlying data and 2) verify whether the data is accurate or not, which does not seem to have been the case for studies that have focused on accuracy of gTLD registration data (also presumably because without an accreditation program it is even hard to identify whether or not the researcher dealing with a P/P service as well as getting access to the underlying customer data). However, as said before, if you have any additional data or studies that are relevant to this question, please share these so that they can be added to the template. Best regards, Marika From: Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> Date: Tuesday 4 March 2014 16:07 To: Michele Neylon - Blacknight <michele(a)blacknight.com<mailto:michele@blacknight.com>> Cc: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 All, please note that the information in the background section are all direct quotes from the Whois studies, Whois Review Team report or other studies. If you have any other studies/references that would be helpful to include, please share these with the list and I will be happy to add these to the document. Thanks, Marika On 4 mrt. 2014, at 15:49, "Michele Neylon - Blacknight" <michele(a)blacknight.com<mailto:michele@blacknight.com>> wrote: +1 to Kathy I recall seeing multiple studies stating exactly the same thing If you respect privacy then people will provide better quality data It's logical and obvious -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072<tel:%2B353%20%280%29%2059%C2%A0%209183072> Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090<tel:%2B353%20%280%2959%209183090> Fax. +353 (0) 1 4811 763<tel:%2B353%20%280%29%201%204811%20763> Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Tuesday, March 4, 2014 1:46 PM To: Marika Konings; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Marika, Tx you for checking with Lesley! But the results of that study were shared with the Whois Review Team, so the idea that "it is doubtful if these claims could be independently audited or verified" is not true. It has been checked - in this field and many others. People have less incentive to mislead when they know their interests (including privacy) are protected. I'm happy to work with you on finding additional studies, and summaries of studies, but the opinion in the paper does need to be updated or removed. Tx, Kathy : Kathy, on the Nominet study, please note the information in the updated template for Cat B question 2 that was circulated last week. (see attached). I reached out to Lesley Cowley last week and she informed me that unfortunately the study is not publicly available. However, should there be any specific questions in relation to the data on opt-out, she would be do her best to try and assist. Best regards, Marika From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 4 March 2014 14:23 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 What Volker writes below makes sense to me, All. Provided the agreed upon 2013 RAA review of data has been done by someone, I don't see why we should duplicate it. The scope of our WG is p/p providers affiliated with registrars -- so coordination of the review of the data, per the ICANN rules, in conjunction with the Registrar makes perfect sense to me. As does a "no-privacy penalty." What we have found (Nominet and others -- BTW no one on staff reached out to me to help dig out this study, can we do that this week?) is that when people know their data is private and protected, it is more accurate. That makes sense and complies with government advice from all corners. Even the US Federal Trade Commission says not to give out your name and phone number in a way that is open and unprotected! So I think we are already headed towards more accurate data... Best, Kathy : Hi Steven, if we can limit that obligation to those cases where no validation of the underlying data has been performed by the registrar of record, we might be getting somewhere. An independent obligation that duplicates work already done will help no one and confuse many. Volker Am 03.03.2014 19:51, schrieb Metalitz, Steven: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

3 2

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 5, 2014

March 5, 2014

Marika I'd agree with Kathy on this Making out that there is a "magical" difference between ccTLDs and gTLDs when it comes to certain things really doesn't hold up to any serious scrutiny Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Wednesday, March 5, 2014 1:59 PM To: Kathy Kleiman; gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 I would like to encourage you all to review the whole quote from the Interisle report (see below) which places this specific sentence into context. It merely refers to the difficulty that may exist in verifying this claim independently due to the challenges that accuracy studies in a gTLD environment pose - it does not challenge whether P/P registration information is more accurate or not (as far as I understand). Again, please share the information about the other studies you are referring to so that these can be included as well. Thanks, Marika * Interviewees who represented providers of WHOIS privacy and proxy services claimed that the quality of the registrant data they hold for their customers is much better than for public WHOIS services in general. This seems credible because those providers tend to have a direct business relationship with their customers. However it is doubtful if these claims could be independently audited or verified. Assessing the accuracy of a representative sample of public WHOIS data is already very difficult. It would be far harder to do so for a representative sample of data protected by WHOIS privacy and proxy services. In its 2010 study of WHOIS data accuracy, NORC was able to assess the accuracy of privacy-registered domain information, but was not able to do the same for proxy-registered domains. From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Wednesday 5 March 2014 14:47 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Marika and All, I think the quote remains misleading in its context and placement. I recommend we a) delete it or b) clarify it and place it in context with explanatory text. For the bottom line is that regardless of the study drafters' personal opinions (and it is an opinion -- not what they were asked to study or prove in their study), it's wrong. Studies have been done; results have been found. If you protect people's/organization's privacy, the data they provide is more accurate. That's true of ccTLDs and gTLDs! Best, Kathy So, more proposed edits to come!: To further clarify, the quote in Kathy's email ('it is doubtful if these claims could be independently audited or verified') is a direct quote from the Interisle Study. It may be important to distinguish here between a ccTLD study and a gTLD study of P/P registrations. The Nominet opt-out programme is managed by Nominet and has specific eligibility requirements, this makes it presumably easier to 1) get access to the underlying data and 2) verify whether the data is accurate or not, which does not seem to have been the case for studies that have focused on accuracy of gTLD registration data (also presumably because without an accreditation program it is even hard to identify whether or not the researcher dealing with a P/P service as well as getting access to the underlying customer data). However, as said before, if you have any additional data or studies that are relevant to this question, please share these so that they can be added to the template. Best regards, Marika From: Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> Date: Tuesday 4 March 2014 16:07 To: Michele Neylon - Blacknight <michele(a)blacknight.com<mailto:michele@blacknight.com>> Cc: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 All, please note that the information in the background section are all direct quotes from the Whois studies, Whois Review Team report or other studies. If you have any other studies/references that would be helpful to include, please share these with the list and I will be happy to add these to the document. Thanks, Marika On 4 mrt. 2014, at 15:49, "Michele Neylon - Blacknight" <michele(a)blacknight.com<mailto:michele@blacknight.com>> wrote: +1 to Kathy I recall seeing multiple studies stating exactly the same thing If you respect privacy then people will provide better quality data It's logical and obvious -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Tuesday, March 4, 2014 1:46 PM To: Marika Konings; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Marika, Tx you for checking with Lesley! But the results of that study were shared with the Whois Review Team, so the idea that "it is doubtful if these claims could be independently audited or verified" is not true. It has been checked - in this field and many others. People have less incentive to mislead when they know their interests (including privacy) are protected. I'm happy to work with you on finding additional studies, and summaries of studies, but the opinion in the paper does need to be updated or removed. Tx, Kathy : Kathy, on the Nominet study, please note the information in the updated template for Cat B question 2 that was circulated last week. (see attached). I reached out to Lesley Cowley last week and she informed me that unfortunately the study is not publicly available. However, should there be any specific questions in relation to the data on opt-out, she would be do her best to try and assist. Best regards, Marika From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 4 March 2014 14:23 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 What Volker writes below makes sense to me, All. Provided the agreed upon 2013 RAA review of data has been done by someone, I don't see why we should duplicate it. The scope of our WG is p/p providers affiliated with registrars -- so coordination of the review of the data, per the ICANN rules, in conjunction with the Registrar makes perfect sense to me. As does a "no-privacy penalty." What we have found (Nominet and others -- BTW no one on staff reached out to me to help dig out this study, can we do that this week?) is that when people know their data is private and protected, it is more accurate. That makes sense and complies with government advice from all corners. Even the US Federal Trade Commission says not to give out your name and phone number in a way that is open and unprotected! So I think we are already headed towards more accurate data... Best, Kathy : Hi Steven, if we can limit that obligation to those cases where no validation of the underlying data has been performed by the registrar of record, we might be getting somewhere. An independent obligation that duplicates work already done will help no one and confuse many. Volker Am 03.03.2014 19:51, schrieb Metalitz, Steven: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

2 1

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 5, 2014

March 5, 2014

Yes and it's a key thing we've been pushing in the EWG work .. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Wednesday, March 5, 2014 1:51 PM To: gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 So basically one could concluded from those studies that the unproven risk of slower access is offset by the much more valuable asset of data quality. Volker Am 05.03.2014 14:47, schrieb Kathy Kleiman: Hi Marika and All, I think the quote remains misleading in its context and placement. I recommend we a) delete it or b) clarify it and place it in context with explanatory text. For the bottom line is that regardless of the study drafters' personal opinions (and it is an opinion -- not what they were asked to study or prove in their study), it's wrong. Studies have been done; results have been found. If you protect people's/organization's privacy, the data they provide is more accurate. That's true of ccTLDs and gTLDs! Best, Kathy So, more proposed edits to come!: To further clarify, the quote in Kathy's email ('it is doubtful if these claims could be independently audited or verified') is a direct quote from the Interisle Study. It may be important to distinguish here between a ccTLD study and a gTLD study of P/P registrations. The Nominet opt-out programme is managed by Nominet and has specific eligibility requirements, this makes it presumably easier to 1) get access to the underlying data and 2) verify whether the data is accurate or not, which does not seem to have been the case for studies that have focused on accuracy of gTLD registration data (also presumably because without an accreditation program it is even hard to identify whether or not the researcher dealing with a P/P service as well as getting access to the underlying customer data). However, as said before, if you have any additional data or studies that are relevant to this question, please share these so that they can be added to the template. Best regards, Marika From: Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> Date: Tuesday 4 March 2014 16:07 To: Michele Neylon - Blacknight <michele(a)blacknight.com<mailto:michele@blacknight.com>> Cc: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 All, please note that the information in the background section are all direct quotes from the Whois studies, Whois Review Team report or other studies. If you have any other studies/references that would be helpful to include, please share these with the list and I will be happy to add these to the document. Thanks, Marika On 4 mrt. 2014, at 15:49, "Michele Neylon - Blacknight" <michele(a)blacknight.com<mailto:michele@blacknight.com>> wrote: +1 to Kathy I recall seeing multiple studies stating exactly the same thing If you respect privacy then people will provide better quality data It's logical and obvious -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Tuesday, March 4, 2014 1:46 PM To: Marika Konings; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Marika, Tx you for checking with Lesley! But the results of that study were shared with the Whois Review Team, so the idea that "it is doubtful if these claims could be independently audited or verified" is not true. It has been checked - in this field and many others. People have less incentive to mislead when they know their interests (including privacy) are protected. I'm happy to work with you on finding additional studies, and summaries of studies, but the opinion in the paper does need to be updated or removed. Tx, Kathy : Kathy, on the Nominet study, please note the information in the updated template for Cat B question 2 that was circulated last week. (see attached). I reached out to Lesley Cowley last week and she informed me that unfortunately the study is not publicly available. However, should there be any specific questions in relation to the data on opt-out, she would be do her best to try and assist. Best regards, Marika From: Kathy Kleiman <kathy(a)kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 4 March 2014 14:23 To: "gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 What Volker writes below makes sense to me, All. Provided the agreed upon 2013 RAA review of data has been done by someone, I don't see why we should duplicate it. The scope of our WG is p/p providers affiliated with registrars -- so coordination of the review of the data, per the ICANN rules, in conjunction with the Registrar makes perfect sense to me. As does a "no-privacy penalty." What we have found (Nominet and others -- BTW no one on staff reached out to me to help dig out this study, can we do that this week?) is that when people know their data is private and protected, it is more accurate. That makes sense and complies with government advice from all corners. Even the US Federal Trade Commission says not to give out your name and phone number in a way that is open and unprotected! So I think we are already headed towards more accurate data... Best, Kathy : Hi Steven, if we can limit that obligation to those cases where no validation of the underlying data has been performed by the registrar of record, we might be getting somewhere. An independent obligation that duplicates work already done will help no one and confuse many. Volker Am 03.03.2014 19:51, schrieb Metalitz, Steven: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

1 0

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 4, 2014

March 4, 2014

Agreed. Consistency of terminology reduces headaches for everyone. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Tuesday, March 4, 2014 8:00 PM To: gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Actually, the objective is validate some data points and verify one of two others. These terms have been defined in the RAA and to avoid confusion we should adopt those here. It makes no sense to re-define either term here, resulting in different definition across policies and agreements. Consistency should be an aim here as well... Volker Am 04.03.2014 19:37, schrieb Carlton Samuels: ..the objective is 'verified' contact datum/data. Make the rule for the general case; we need not be prescriptive here. We know the RAA 2013 requirements. So in instant case, I'd define 'verified'. Then I'd avoid all of that predetermination - that 'messiness' for determining whether the p/p provider is registrar or not you'd import into this interface and, what should apply in each case - simply by making the requirement one for 'verified' contact data. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Tue, Mar 4, 2014 at 3:18 AM, Luc SEUFER <lseufer(a)dclgroup.eu<mailto:lseufer@dclgroup.eu>> wrote: So the reasonable option would be to only compel the p/p provider to verify those details in cases this party has not already verified them in its capacity as registrar? Whereas we don't have a re-verification but two separate ones that can be merged to avoid redundancy. Any opposition to that? Luc On Mar 4, 2014, at 5:47, Holly Raiche <h.raiche(a)internode.on.net<mailto:h.raiche@internode.on.net><mailto:h.raiche@internode.on.net<mailto:h.raiche@internode.on.net>>> wrote: I have to agree with Steve on this. People should not have access to a domain name without someone verifying their details - regardless of whether those details are made public or not. Holly On 04/03/2014, at 5:51 AM, Metalitz, Steven wrote: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org><mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org><mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org><mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ -------------------------------------------------------- This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone. Think of the environment: don't print this e-mail unless you really need to. -------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

1 0

MP3 PPSAI WG - Tuesday 04 March 2014 at 1500 UTC
by Terri Agnew March 4, 2014

March 4, 2014

Dear All, Please find the MP3 recording for the Privacy and Proxy Services Accreditation Issues PDP Working group call held on Tuesday 04 March 2014 at 15:00 UTC at: <http://audio.icann.org/gnso/gnso-ppsa-20140304-en.mp3> http://audio.icann.org/gnso/gnso-ppsa-20140304-en.mp3 On page: <http://gnso.icann.org/en/group-activities/calendar%23mar> http://gnso.icann.org/en/group-activities/calendar#mar The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page: <http://gnso.icann.org/calendar/> http://gnso.icann.org/calendar/ Attendees: Luc Seufer - RrSG Volker Greimann - RrSG Graeme Bunton - RrSG Tim Ruiz - RrSG Sarah Wyld - RrSG David Heasley - IPC James Bladel - RrSG Steve Metalitz - IPC Kathy Kleiman - RySGgr Justin Macy - BC Darcy Southwell - RrSG Alex Deacon - IPC Todd Williams - IPC Don Blumenthal - RySG Libby Baney - BC Phil Marano - IPC Jim Bikoff - IPC Griffin Barnett - IPC Roy Balleste - NCUC Amr Elsadr - NCUC Kiran Malancharuvil - IPC David Cake - NCSG Valeriya Sherman - IPC Marie-Laure Lemineur - NPOC John Horton - BC Stephanie Perrin - NCSG Michele Neylon - RrSG Jennifer Standiford - RrSG Carlton Samuels - ALAC Maria Farrell - NCUC Apologies: Paul McGrady Tobias Sattler - RrSG Marika Konings - staff Joe Catapano - staff ICANN staff: Mary Wong Margie Milam Amy Bivins Mike Zupke Terri Agnew Nathalie Peregrine ** Please let me know if your name has been left off the list ** Mailing list archives: <http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/> http://mm.icann.org/pipermail/gnso-ppsai-pdp-wg/ Wiki page: <https://community.icann.org/x/9iCfAg> https://community.icann.org/x/9iCfAg Thank you. Kind regards, Terri Agnew ------------------------------- Adobe Connect chat transcript for Tuesday 04 March 2014: Terri Agnew:Welcome to the PPSAI WG Meeting on 04 March 2014 Volker Greimann:Hi Mary, hi Terri Terri Agnew:Hello Volker Mary Wong:Welcome, Volker! Volker Greimann:can you turn on microphone connection on the adobe? Nathalie Peregrine:Apologies Volker, done now! Kathy Kleiman:Hi All! Mary Wong:Welcome everyone; good morning/afternoon/evening all! Nathalie Peregrine:Marie-Laure Lemineur and Michele Neylon have joined the call Mary Wong:FYI we have "un-sync'ed" the slides so you can scroll up and down on your own screen using the arrow keys. Terri Agnew:Jim Bikoff has joined audio Terri Agnew:David Cake has joined audio Terri Agnew:Amr Elsadr has joined Terri Agnew:Kiran Malancharuvil has joined Terri Agnew:Jennifer Standiford has joined Kathy Kleiman:Tx you Volker! Michele Neylon:Can anyone hear him? Mary Wong:Yes - are you able to, Michele? Don Blumenthal:I can Michele Neylon:hmmm Michele Neylon:I'll dial in Terri Agnew:Michele - Let me know if you need us to dial out to you Volker Greimann:yup, we do that too, left that out Terri Agnew:Michele - I don't see your mic is active on adobe connect Kathy Kleiman:Tx you Graeme! Volker Greimann:If anyone is interested, our service is located at whoisproxy.org Michele Neylon:Terri - I didn't want to speak Amr Elsadr::) Graeme Bunton:Our terms are here: https://contactprivacy.com/?action=wp_mailer_show_terms Terri Agnew:Phil Marano has joined Graeme Bunton:thx James Kathy Kleiman:Tx James! Amr Elsadr:Thanks James. Bladel:DBP Terms of Service: https://www.domainsbyproxy.com/policy/ShowDoc.aspx?pageid=domain_nameproxy Libby Baney:Thanks to all speakers Carlton Samuels:Hi everbyody Terri Agnew:Carlton I have you noted on attendance Carlton Samuels:Thks Terri. Apologies for late connection; intervening priority needed attention Kiran Malancharuvil:Steve, I Can barely hear you, can you speak up? Kathy Kleiman:Sorry, but can't hear you Steve. Tim Ruiz:Can Steve speak up please? Luc Seufer:can't hear Steve Kiran Malancharuvil:I think maybe someone else isn't on mute? Carlton Samuels:Yes, much better Kiran Malancharuvil:better Terri Agnew:I am asking op to increase his volume Volker Greimann:I can answer Steve Michele Neylon:we're not obliged to Michele Neylon:not sure what he's asking Michele Neylon:we are obliged to check email or phone Michele Neylon:under 2013 Michele Neylon:(we aren't on 2013) Luc Seufer:this is how we handleit http://help.eurodns.com/customer/portal/articles/1439035-what-is-the-contact -validation-policy- Luc Seufer:(we don't offer p/p services ourselves) Carlton Samuels:@Volker: To be sure, IF there is a problem with the domain in your case it is the registrar that initiaites contact with the registrant of record, not the p/p provider? Graeme Bunton:also, to be clear, we don't offer our service to other registrars. Graeme Bunton:Domains need to be in OpenSRS Bladel:Not applicable in Arizona. :) steve metalitz:QUESTION for James, Volker, Graeme: Are Whois rdata eminders sent annually to p/p cusomters, and if so by whom (registrar or p/pp provider).? Bladel:Good question, I'll have to check that one. Libby Baney:Stephanie - could you share a cite to the Canada law you mentioned? Stephanie Perrin:Sure, I will do it via email if that is ok.... steve metalitz:Sorry for typos: "customer" and "p/p provider" Libby Baney:Thanks, that'd be great! Graeme Bunton:Steve - i am reasonably sure they are sent to p/p customers, and I believe that they are sent by the registrar Graeme Bunton:will confirm Kathy Kleiman:+1 Michele Amr Elsadr:+1 Michele. :) Libby Baney:Question to Volker -- you mentioned your service finds it an abuse of the service for use of domains for commercial purposes. May I ask, how do you define "commercial" in this context? Michele Neylon:only .cat and .tel Michele Neylon:in gtlds Stephanie Perrin:@Volker...given current sentiment about global privacy, seems like a good time to take a few cases to Court. :-) Michele Neylon:hinted? Michele Neylon:German understatement at its finest Amr Elsadr:Isn't there the ICANN procedure for handling whois conflict with privacy laws? Why don't registrars use it? Carlton Samuels:@Michele: The ICANN response has always been the registrant makes an agreement to publish when they buy the domain. The question has always been informed consent and whether it is given. Have to say in support of what you say we now have a better understanding of the relationship between data privacy law and WHOIS. Michele Neylon:Amr - it's broken Michele Neylon:Carlton - it needs to be fixed Volker Greimann:The devil will skate to work before that happens Volker Greimann:(ICANN looking into privacy) Luc Seufer:This is how we are dealing that Luc Seufer:The Customer understands and accepts that in the case of denial of the disclosure specified herein, the Domain Name Service cannot be provided and that any request to delete the Personal Data after the registration of the Domain Name will automatically entail the deletion of the Domain Name. Carlton Samuels:@Michele: No question about that! And a holistic fix is the preferred approach Amr Elsadr:@Michele: I hope you can explain to me why it's broken some time. Volker Greimann:I have started on the surveymonkey, but it just never ends... maria farrell:hi all, sorry to be joining for the last few minutes. IETF week in London coinciding with Too Much Work! Luc Seufer:same as Volker. I'll need to open a good bottle of wine and sit down for 2 hours to complete it. ;-) Stephanie Perrin:@Carlton, agreed....and sorry to repeat the harangue I have been on in the EWG, but in Canada that would be a coerced consent, and not acceptable under 4.3.3 of the Schedule to the Act Michele Neylon:Amr - it's very simple, - look at the current process - read it and if you can't see why it's broken I can explain it :) Amr Elsadr:OK. Thanks Michele. :) steve metalitz:@Kathy, what is missing from the B.1 summary? As distinct from B.2 where there has been a lot of list activity re B.2. Luc Seufer:@stephanie you are welcome to register a .fr domain name where your right to privacy will be respected. Luc Seufer:until ICANN acknowledges local laws, ccTLDs are the way to go. Michele Neylon:She can't register a .fr or a .eu Michele Neylon:due to nexus requirements Michele Neylon:stop teasing her! Kathy Kleiman:My concern is much more for the next table we look at... Mary Wong:This template is similar to what has been used to collate, review and respond to public comments by other WGs. We most definitely will include ALL responses received for the WG to review again. Luc Seufer:I am ready to act as proxy for her ! Terri Agnew:Maria Farrell has joined Stephanie Perrin:@Luc, maybe I will register the french versions of my domains there, thanks:-)...or move to Tucows and drive Graeme nuts with complaints..... Bladel:Need to drop, thanks everyone. Graeme Bunton:@Stephanie I can recommend lots of wonderful other registrars. Tim Ruiz:Need to go. Thanks Don an all! maria farrell:I support the idea of talking to cc's - they have a variety of approaches to these things, though luckily only one set of laws to comply with ! Graeme Bunton:Blacknight for example would love to have your domains. Tim Ruiz:@Maria +1 maria farrell:Michele yo uhave all my hosting already! Michele Neylon:Maria - ) maria farrell:;-) Michele Neylon::) Volker Greimann:thank you Mary maria farrell:thanks everyone. talk next week. Luc Seufer:@ Maria apparently you are not complaining enough Kiran Malancharuvil:thanks Don. maria farrell:heehee luc maria farrell:bye all Justin Macy:bye Luc Seufer:bye Carlton Samuels:Bye all Carlton Samuels:Great discussion Carlton Samuels:Grist for the EWG mill Mary Wong:Thanks everyone.

1 0

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Tim Ruiz March 4, 2014

March 4, 2014

Sorry Steve. I did not mean to take this offline. On Mar 3, 2014, at 3:00 PM, "Metalitz, Steven" <met(a)msk.com<mailto:met@msk.com>> wrote: No Tim, I am not making any such assumption. I fully agree with you that “the conditions under which you have that right is a question this group is to deal with.” My point is that satisfying the conditions for a “reveal” and whatever process is required is going to take some time. I hope it won’t be a lot of time, but it inevitably adds up to delay when compared to the non p/p situation. Your response rests on the premise that once the underlying contact data is obtained, the problem will be more quickly resolved than if the complainant could have used public Whois data to contact the registrant. No doubt sometimes that would be the case, but I am not prepared to indulge the assumption that it would always or even often be the case. The more realistic premise is that the information obtained through the “reveal” puts the complainant in about the same position that s/he would have been in at the outset had the contact data been publicly accessible through Whois. Accordingly, whatever reasonable steps can be taken to increase the likelihood that the information obtained will be accurate enough to facilitate contact and a solution are worth considering, in order to partially offset the delay that has inevitably occurred in accessing the data. BTW I am not sure if you intended to take this conversation offline but I am happy to have this exchange shared with the full list if you wish. Steve From: Tim Ruiz [mailto:tim@godaddy.com] Sent: Monday, March 03, 2014 2:21 PM To: Metalitz, Steven Cc: Tim Ruiz Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Yes, that's exactly what I am arguing. Regarding p/p registrations, you have instant access to the registrant and contact details. I just tried a few and it worked fine for me. What you are assuming is that you should have the right to instantly access, without due process, the details of someone the registrant has licensed use of the domain to. The conditions under which you have that right is a question this group is to deal with. That said, I am assuming there is ultimately a problem to solve, and that's why the contact info of the underlying user is sought. If so, then any delay in getting that data is offset by a more quickly solved problem (versus non-p/p) once you get it. If it is just getting contact info for the sake of having it, then that's a different issue and I would question anyone's right to that. Tim On Mar 3, 2014, at 2:08 PM, "Metalitz, Steven" <met(a)msk.com<mailto:met@msk.com>> wrote: Tim, are you really debating whether the use of a privacy/proxy service introduces any delay in gaining access to the contact details of the p/p service customer, as compared to the time it takes to obtain access to the contact details of a non-=proxy registrant? Since the latter is almost instantaneous, it seems hard to argue that use of a service does not introduce any delay. Surely it does, and Todd’s point is that this inherent delay ought to be balanced with greater reliability of the data once it is accessed. I appreciate your perspective on whether through DBP there are “more successful and consistent results” than through publicly accessible Whois. I can tell you that this is not always the experience of those who request a “reveal” under the current system from proxy service providers in general. An accreditation system ought to be aimed at ensuring “more successful and consistent results” from p/p providers across the board. One way to do that is to require providers, in order to obtain and maintain accreditation, to do more than the minimum validation that registrars are now required to do with respect to data in the publicly accessible Whois. Steve Metalitz From: gnso-ppsai-pdp-wg-bounces(a)icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Tim Ruiz Sent: Monday, March 03, 2014 10:35 AM To: Williams, Todd Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Regarding you last assumption, actually I believe that there is a delay is debatable. It is just that the process is different. But even if we give you that argument (and I'm not), the fact that there are more successful and consistent results when a problem involves a p/p service cancels out the perceived delay. This is based on my experience with DBP. Tim On Mar 3, 2014, at 10:21 AM, "Williams, Todd" <Todd.Williams(a)turner.com<mailto:Todd.Williams@turner.com>> wrote: Thanks Stephanie. To first respond to Michele’s point in the attached: as I mentioned below, I don’t think the argument depends on there being anything “inherently suspicious” or “nefarious” about P/P services or their users (any more so than tractor-trailers or their drivers are “inherently suspicious”), simply a recognition of the risks posed. Which then gets to your bigger point Stephanie that the “fundamental disagreement” between the “2013 RAA” camp and the “more” camp (as referenced below) is as to this question: whether there is in fact more “risk posed” by P/P services. But there are different ways to assess the “risk posed”, right? One is to ask: “Is the risk higher that users of P/P services will engage in abusive behavior?” I think that is what you are referring to when you say that we have a fundamental disagreement with rival studies. But I also think that we can put that disagreement to the side for now, because I don’t think we need to get that far when assessing the “risk posed.” Rather, I think there is a second question that we should also ask when assessing the “risk posed” by P/P services, which is this: “Once a user of a P/P service does engage in abusive behavior (however frequently or infrequently that happens), will the fact that they are using a P/P service increase the risk that such abuse will not be successfully addressed/corrected/stopped, etc.?” The answer to this second question has to be yes, for the reason that Steve mentioned in our last call: the P/P service introduces at least some element of delay to the enforcement process. I suppose that we can debate the magnitude of the risk posed by that delay, and I suppose that it will also be related to the parameters that we put in place for relay/reveal etc. procedures down the road. But the magnitude is not zero. From: Stephanie Perrin [mailto:stephanie.perrin@mail.utoronto.ca] Sent: Saturday, March 01, 2014 4:29 PM To: Williams, Todd Cc: James M. Bladel; Tim Ruiz; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 I don’t think we agree that there is more risk with P/P services, which is kind of a fundamental disagreement. We even have rival studies backing us up. As to the analogies, they are useful but limited, as they can capture our imaginations in ways which are not in accord with the facts. My analogy for a p/p registration would not be a tractor trailer licence, it would be a small car with tinted windows. Stephanie On Mar 1, 2014, at 3:52 PM, Williams, Todd <Todd.Williams(a)turner.com<mailto:Todd.Williams@turner.com>> wrote: I agree with James that using analogies/illustrations can be helpful to frame issues in these discussions, and I think his airport illustration does a nice job of that. But I would offer a different one: Couldn't we say that registering a "standard" domain (without a P/P service) is to using a P/P service as driving a car is to driving a tractor-trailer? Everybody recognizes that there is a baseline floor of verification that should be required before you can get a driver's license. But everybody also recognizes that because the potential risk from "bad" tractor-trailer drivers is greater than that of "bad" car drivers (I'm leaving "bad" undefined here intentionally, because it doesn't matter whether it's abusive/malicious/incompetent, etc.), some EXTRA level of verification is needed before you can get a license to drive a tractor-trailer. In other words, nobody would argue that the same test should be used to get a standard driver's license as to get a license to drive tractor-trailers, because the latter by definition carries more risk. So too with "standard" domain registrations vs. P/P registrations. To James's last point: note that the analogy doesn't depend on there being anything "inherently suspicious" about tractor-trailer drivers (in the normative sense); simply a recognition that what they are doing poses higher risks for the roadways. Note too that it wouldn't be much of an argument to say that because the extra verification required of tractor-trailer drivers wouldn't always catch "bad" drivers ahead-of-time, we should instead simply rely on the standard driver's license test. Of course, this doesn't address just how far beyond the 2013 RAA floor our verification/re-verification requirements should go, or what additional measures would or wouldn't be effective. This is just to say that if the choice we're wrestling with now is between the 2013 RAA vs. "more" (however "more" is defined), I don't understand the argument on the 2013 RAA side. Todd ________________________________ From: gnso-ppsai-pdp-wg-bounces(a)icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> <gnso-ppsai-pdp-wg-bounces(a)icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>> on behalf of James M. Bladel <jbladel(a)godaddy.com<mailto:jbladel@godaddy.com>> Sent: Saturday, March 1, 2014 6:30:35 AM To: Tim Ruiz Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 So my last sentence doesn't make much sense, unless I substitute "it" with the idea of having differing verification/validation standards for Registrars and PP services. Thanks-- J. Sent from my iPad On Mar 1, 2014, at 9:35, "James M. Bladel" <jbladel(a)godaddy.com<mailto:jbladel@godaddy.com>> wrote: In just one sentence, Tim has captured the essence of the problem. Which isn’t about determining the “right” answer, but attempting to strike a balance between security vs. ease of use and barriers to legitimate access. Here’s something we can all relate to: Back in 2001, some jerk tried to blow up a plane with his shoe. As a result, now 650 million passengers have to remove their shoes before boarding an airplane in the US. Is this reasonable? As a society, we have determined that it is, but would we feel the same if it was something more, like a full body search? Probably not. Our privacy service routinely investigates and suspends perhaps a thousand domain names in a year. Sounds like a lot, and it certainly keeps the Abuse team busy, but ultimately represents a tiny fraction of the tens of millions of domain names under management. In any event, I see no compelling reason why the verification requirements for a PP service should be any different than those of a registrar. First, as I believe some in this thread have pointed out, it would allow the service to leverage code, personnel, & processes developed by the affiliated registrar. And it creates a perception that there is something inherently suspicious about subscribing to a PP service, or wanting the equivalent of an unlisted phone number, which simply isn’t the case. Thanks— J. From: Tim Ruiz <tim(a)godaddy.com<mailto:tim@godaddy.com>> Date: Friday, February 28, 2014 at 21:39 To: John Horton <john.horton(a)legitscript.com<mailto:john.horton@legitscript.com>> Cc: PPSAI <gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 So to make your invsetigation of 150 cases easier (which I question in any event) millions of users are needlessly hassled. Makes perfect sense in today's world I guess. Tim On Feb 28, 2014, at 5:32 PM, "John Horton" <john.horton(a)legitscript.com<mailto:john.horton@legitscript.com>> wrote: Hi all, Verification and re-verification of registration data would be enormously useful and important in identifying, mapping and deterring malfeasance. Just to share our background to put our comments in context, we've assisted in over 150 drug or supplement investigations by conducting cybercrime research, and each project typically involved research into dozens, hundreds or even thousands of Whois records plus corresponding IP/NS/MX etc. information. There are numerous instances in which either 1) the accurate Whois data (including, accurate data behind a Whois privacy/proxy service) "broke open" the case, or 2) submitting a WDRPS complaint in instances where we could show that the Whois data was inaccurate resulted in modified Whois information that then "broke open" the case, either by virtue of the modified Whois information itself, or from derivative information (e.g., additional reverse queries on Whois, name server, IP address or other records). Keep in mind too that sometimes showing that the Whois record is falsified results in the suspension of the domain name, which also has the effect of stopping the harmful use of that particular domain name. Verification would result in some instances of inaccurate registration data becoming accurate, or alternatively, of discontinuing registration services. In the interests of brevity, I hope that summary is enough explanation, but if anyone still doesn't understand how (or agree that) verified registration data -- or by extension, verification and some sort of periodic re-verification -- is useful, I'm happy to provide a couple of real life examples of investigations we've worked on where either the a) accuracy of the Whois record or b) response to the inaccuracy finding was extremely useful, although I'll modify the domain names. Again, I'm happy to provide real-life examples, with redacted information. It's not just occasionally or mildly useful. It's enormously important. One additional point: keep in mind that when researching criminal networks, there are typically multiple (hundreds or even thousands) of domain names at play, and even if -- as Tim pointed out -- the verified email and phone number have nothing to do with the person's real identity, good cybercrime research across the thousands of Whois records can often result in derivative information pointing to the real identity of the criminal entities. As to the point that the domain name isn't harmful but the content may be, I suspect that there are minds that won't be changed in this group on both sides of that argument. :) But, I'd point out that that train has left the station, so to speak: Section 3.18 of the 2013 RAA clearly contemplates harmful use of a domain name. Thanks, John Horton President, LegitScript <image001.jpg> Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com/> | Google+<https://plus.google.com/112436813474708014933/posts> On Fri, Feb 28, 2014 at 12:36 PM, Tim Ruiz <tim(a)godaddy.com<mailto:tim@godaddy.com>> wrote: It doesn't. I can use perfectly good information, including a verifiable phone number and email address, that has nothing to do with who I really am. As we have tried to argue before, unsuccessfully, is that all verification does is push the "miscreants" to be better at obfiscating who they are (and it just isn't that hard). As you said, it only results in making it difficult for everyone for the acts of a few. Tim On Feb 28, 2014, at 2:07 PM, "Stephanie Perrin" <stephanie.perrin(a)mail.utoronto.ca<mailto:stephanie.perrin@mail.utoronto.ca>> wrote: My apologies I totally mis-read that. So how does verification catch that then? On 2014-02-28, at 1:52 PM, John Horton wrote: Well, because absent an accurate Whois record, it can be difficult to know who to hold accountable. Stephanie, to clarify: I was saying that 95% of Whois data in a certain sub-category of criminal or miscreant behavior (spam, malware, phishing) is inaccurate (not "accurate"). John Horton President, LegitScript <image001.jpg> Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com/> | Google+<https://plus.google.com/112436813474708014933/posts> On Fri, Feb 28, 2014 at 9:44 AM, Stephanie Perrin <stephanie.perrin(a)mail.utoronto.ca<mailto:stephanie.perrin@mail.utoronto.ca>> wrote: I agree, it is all about risk...but what risk are we really talking about? I dont understand why a P/P provider should be forced to take on more risk than other registrars. Further,why should the registrar be accountable for verified data, once the original data verification is done. If John is correct and in 95% of cases the data from the P/P service provider was proven accurate, then how does any amount of data verification solve the problem? The accountability for miscreant behaviour of all kinds rests with the domain name user. IF the data is inaccurate, ramp up the penalties if it can be shown that the data was rendered inaccurate for the purposes of fraudulent activity. At the risk of sounding overly philosophical, It seems to me that the Internet ecosystem is somehow being held to account for the actions of individuals. It is the individuals that should be held to account. Not the domain name, or the company that issued it. Particularly, I think that if products sold are tainted, then there is plenty of other consumer protection law that applies...why are we trying to solve that problem? Cheers Stephanie perrin On 2014-02-28, at 12:29 PM, Carlton Samuels wrote: ..which seems to me all about risk management on part of the provider. Its the results that matter. So, for all the possible permutations, in line with those enumerated by Volker, might it not be more useful to refer 'verified credentials' as a requirement on the provider, allow them to accept the business risk and leave it to them to decide how to do it.......and, inherently, the risks acceptable to them for provisioning the service? -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799<tel:876-818-1799> Strategy, Planning, Governance, Assessment & Turnaround ============================= On Fri, Feb 28, 2014 at 6:29 AM, Volker Greimann <vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi John, I am having a bit of a hard time understanding your point here. You are describing three different cases here, two of which will not benefit from verification in the least bit and one might, but only in some cases: a) The data is accurate, but stolen: Here verification would not uncover any issues with the data as it is essentially correct and will most likely be identified as accurate. b) The data is false: Here, depending on the methods used, the inaccuracy may be uncovered and would lead to an automated request to provide updated data or deactivation after a set time. Remember, in order to keep providing services in a sensible manner, this needs to be automated in some form, i.e. no individual record would likely see any manual review. c) The data is already accurate: If the data is already correct, what purpose does verification fulfill? The data cannot become more accurate. Verification in this case seems like an exercise in self-gratification. That said, even if there is a benefit to be derived from verification, such benefits are achieved once verification concludes. Re-verification of already verified data fulfills no purpose whatsoever. So if a set of data has already been verified by the registrar, there is no need for the p/p provider to again verify the same data. Only if no verification is or can be performed on the registrar level does verification by providers come into play. Volker Am 28.02.2014 00:32, schrieb John Horton: Thanks, Marika. I also wanted to provide a comment pertaining to Question 2 in the attachments (relating to periodic checks). In a few of the recent discussions, there's been some reference to criminals always or nearly always being untruthful in their Whois records (even if privacy-protected), leading to the conclusion that there is little purpose in having a registrar or any third party have to verify or re-verify the information (especially if it is difficult to prove that the data is falsified). I wanted to share our experience and observations on that point, in the hope that it's relevant to future discussion regarding Question 2. Our consistent observation has been that when it comes to a particular sub-category of criminal activity, spam, phishing, malware, and so forth, it's probably safe to say that that statement is true -- the registrant's Whois information is nearly always inaccurate. Even in cases, such as some where we've worked with law enforcement, when the Whois record for a domain name involved in spam, phishing or malware is privacy-protected and is subsequently unmasked, the Whois record is still not accurate behind the privacy curtain. There are probably exceptions, but that's what we've seen well over 95% of the time. On occasion, it's a real address and phone number, just not one genuinely connected to the registrant. But there are other types of criminal activity where the Whois record is not so regularly obfuscated. For example, we investigate a lot of websites selling tainted dietary supplements that end up containing some toxin or adulterant that harms people. In those cases, we've overwhelmingly seen that even if the Whois record is privacy-protected, the trend is that the underlying Whois record is accurate. The same has been true for illegal or counterfeit medical device websites that we've researched. On illegal Internet pharmacies not engaged in spam, it's probably 50-50. (It might be a shell corporation, but that's still valuable information.) One important point to consider is that the Whois registration can be relevant information from a banking perspective for commercial entities. That is, some banks are going to look at an online merchant's domain name registration record and if it's either inaccurate or protected, they may require disclosure, or ask about any discrepancy, which can be an incentive for criminals selling products online who nevertheless want to get paid via credit card to have an accurate Whois. Hackers, malware providers and spammers will find a way around that, but they don't necessarily constitute "most" criminal activity. The point here is, I think verification can still be a useful and necessary tool in either scenario, even if it doesn't uncover useful information a portion of the time. I realize that only pertains to a portion of the issues related to Question 2, but I hope that our observations on that are relevant. Thanks, John Horton President, LegitScript <image001.jpg> Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com/> | Google+<https://plus.google.com/112436813474708014933/posts> On Wed, Feb 26, 2014 at 2:39 AM, Marika Konings <marika.konings(a)icann.org<mailto:marika.konings@icann.org>> wrote: Dear All, Following our call yesterday, please find attached the updated templates for Category B – questions 1 & 2. Please review these templates to make sure the WG discussions have been accurately reflected and feel free to share any comments / edits you may have with the mailing list. We've created a page on the wiki where we'll post the templates that have been finalised for now (noting that for some of these the WG will need to come back to the template at a later date), see https://community.icann.org/x/ihLRAg. The WG will continue its deliberations on Category B – Question 2 next week. Some of the questions that came up during the conversation yesterday and which you are encouraged to share your views on (and/or add additional questions that need to be considered in this context) are: * What would be the arguments for not using the same standards / requirements for validation and verification as per the 2013 RAA? * Should there be a requirement for re-verification, and if so, what instances would trigger such re-verification? * In case of affliction between the P/P service and the registrar, if the registration information has already been verified by the registrar, should this exempt the P/P provider from doing so? * Should the same requirements apply to privacy and proxy services or is there a reason to distinguish between the two? Best regards, Marika _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net/> / www.RRPproxy.net<http://www.rrpproxy.net/>www.domaindiscount24.com<http://www.domaindiscount24.com/> / www.BrandShelter.com<http://www.brandshelter.com/> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu/> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net/> / www.RRPproxy.net<http://www.rrpproxy.net/>www.domaindiscount24.com<http://www.domaindiscount24.com/> / www.BrandShelter.com<http://www.brandshelter.com/> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu/> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg(a)icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg <RE [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2>

1 0

Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2
by Michele Neylon - Blacknight March 4, 2014

March 4, 2014

If the user of the domain name is the account holder with the registrar, then there will be validation of some kind .. -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces(a)icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Metalitz, Steven Sent: Tuesday, March 4, 2014 1:40 PM To: Volker Greimann Cc: gnso-ppsai-pdp-wg(a)icann.org Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Agree we should seek to avoid needless duplication. I look forward to learning more about how registrars verify contact details of non-registrants e.g. Customers of p/p services. Do they have any obligation under 2013 RAA to do so ? Sent from my iPhone On Mar 4, 2014, at 4:25 AM, "Volker Greimann" <vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi Steven, if we can limit that obligation to those cases where no validation of the underlying data has been performed by the registrar of record, we might be getting somewhere. An independent obligation that duplicates work already done will help no one and confuse many. Volker Am 03.03.2014 19:51, schrieb Metalitz, Steven: Thanks Volker. It is precisely because "the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant," that there should be an independent obligation on the part of the p/p service provider to validate its customer's contact information. Steve. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, March 03, 2014 5:32 AM To: Metalitz, Steven; gnso-ppsai-pdp-wg(a)icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2 Hi Steven, Even when this assertion is relevant, it may not be persuasive, for a number of reasons. For example, the Whois data reminder obligation applies to the registrant of record. In the case of a proxy service, the registrant or record is the service, not its customer. If a Whois data reminder is sent to a non-proxy registrant and bounces back, then the RAA requires the registrar to re-verify. But a data reminder sent to a proxy service will almost never bounce back, and therefore there may be no RAA obligation to re-verify. This is so even if the customer data provided to the service is inaccurate or outdated. In this circumstance it is up to the p/p service accreditation standards to specify the conditions under which customer data must be re-verified. This depends on how the service is set up. One could suggest that if such required messages from the registrar do not reach the registrant, it could become the providers' obligation to perform the information requirements on its own. The registrar could then rely on the provider to perform its duties under the accreditation agreement with ICANN just at it performs its own obligations under the RAA. Please also remember that the registrars obligation only extends to the registrant of record, not to anyone who may use the domain name with permission of that registrant. V. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann(a)key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

2 1

PPSAI WG documents
by Mary Wong March 4, 2014

March 4, 2014

Dear all, The documents under discussion in the current email thread on the WG mailing list can be found on the WG wiki; the latest documents (including the templates for Category B Questions 1 & 2, and the Nominet input to the Whois Review Team) can be found here (under "Next Meeting", i.e. today): https://community.icann.org/x/2xPRAg As you'll recall, all other relevant documents, including background staff papers and the various Whois studies (updated to include the summary of the prevalence of P/P findings from these studies that was circulated to the WG last week), can also be found on the WG wiki, largely under Background Documents: https://community.icann.org/x/XSWfAg If there are other, publicly-available documents that you think might be valuable to the work of this WG, please let staff know so that we can update and upload accordingly. Thanks so much! Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4892 Email: mary.wong(a)icann.org * One World. One Internet. *

1 0

Agenda for tomorrow and data sample of P/P terms and conditions
by Mary Wong March 3, 2014

March 3, 2014

Dear WG members, Please find below the proposed agenda for the WG meeting on Tuesday 4 March at 1500 UTC: 1. Roll call/SOI updates (3 mins) 2. Presentations on P/P services and different business models (30 mins) 3. Last call for finalization of template on Category B Question 1 (7 mins) 4. Continuation of discussion of template on Category B Question 2 (15 mins) 5. Planning for Singapore (5 mins) In addition, attached please find the results of the sampling of current privacy & proxy terms and conditions from providers affiliated with registrars under the 2013 RAA,. You will recall that the WG requested that this data be gathered. Of 20 registrars currently contracted under the 2013 RAA, we obtained responses from 6 affiliated providers their responses are shown in the attached spreadsheet. Some findings that WG members may find useful include: * There seems to be confusion over the meaning of proxy vs. privacy; in many of the terms & conditions some services are called 'privacy' services, but if you read the actual terms and conditions, they describe a proxy service (per the 2013 RAA definition); * Two of the services limit the eligibility for the service (one limits it to non-commercial domain names, but no further information is provided on how that is assessed, while the other one excludes digital brand services customers); * Only one service seems to notify the customer 24 hours in advance before contact data is revealed Although the WG is not slated to review the attached data till next week, the Chairs thought it would be useful to provide you with the data now, especially as it may provide some context for agenda item #2 tomorrow, which will see presentations from two registrars on privacy and proxy services. Thanks and cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4892 Email: mary.wong(a)icann.org * One World. One Internet. *

1 0