I agree with Volker.
Best,
Kathy
Hi John,
this seems to be more of a jurisdictional problem than one of
the privacy service being in place.
Being privacy protected, of course, we can’t
immediately tell who is operating the website. Can we get
law enforcement or courts in the registrar’s jurisdiction to
do anything –– e.g., go to the registrar and ask or require
them to reveal the identity of the registrant? No. Try to
buy a drug such as Xanax from this website. This Internet
pharmacy will ship anywhere in the world except to
Canada –– where its registrar and servers are located. To
protect its ability to sell drugs globally, the registrant
has sacrificed sales to a single country, and chosen a
registrar and servers there, to create a safe haven.
Consequently, Canadian law enforcement cannot point to a
violation of Canadian law: no drugs are being shipped into
Canada –– just everywhere else around the world. (Which, we
can infer, is why this registrant removed Canada from their
shipping destinations.) And, the reverse is true –– a court
order or law enforcement request from outside of Canada can
simply be ignored by the registrar and server companies in
Canada. Those who have argued that the best way to deal with
p/p use by illegal actors is simply to get a court order are
not accounting for this quite common scenario.
As you describe it, as no canadian laws are being broken, no
action can be taken. So how is this different from a site not
using privacy services operated openly by a canadian resident?
What would it help you to know who is operating the site if you
cannot get to him?
What is the difference if the registrant operated an offline
mail-oder business from Canada instead?
Being able to hide
their identity in the Whois record is also the perfect
set up for another reason: many registrars have said in
the past that they only way that they can (or perhaps,
will) take action on a domain name is if the Whois
record is falsified. But how would we know? It is
privacy protected. That removes the WDPRS as a mechanism
for dealing with abusive behavior.
As
registrar, it makes it easier to take action, because
incorrect whois is proven much more easily than illegal
action. But in the end, taking down questionable content using
whois complaints is not what the whois complaint system was
designed for. It is a crutch, in lieu of better tools, but
ultimately, it is abuse of a tool designed for better whois
quality.
We have even seen whois complaints being sent against domain
names where the whois is correct. The complainant way be
thinking that if they complain often enough, one complaint may
be failed to be answered and therefore be cause for a
takedown. In te end, all that does is to slow down the
process.
Does this commercial
registrant have a legitimate need for p/p services? I
would argue that that is not the question to be
answered. The question is: Does a consumer, consumer
protection firm, government agency, etc. have the
right to know who is operating this website? I
would submit to this group that it is incumbent upon us
to recommend a thoughtful, balanced policy that prevents
this sort of “perfect set up” for Internet criminals to
hide their identity as this one has. Keep in mind that,
as pointed out in the circulated paper, no such right
exists in the offline world –– rather, consumers have
the right to know who they are dealing with. Ample
requirements exist for business registrations to do
business transparently. There should be no difference in
the online world.
What
is the benefit of knowing the registrant if what he is doing
is not breaking any laws where he is situated?
Also, the offline-online comparison is flawed: Offline, the
corresponding rules are made by the governments where the
service is being provided. They are called laws and
regulations. Online, the same applies. governments make the
laws for services operated under their jurisdiction. If I
operate a commercial (or oher) site in Germany, I have to have
an Impressum, i.e. a page stating who I am and how to reach
me. If Canada wanted such a law, they should enact it. If the
US wants Canada to enact such a law, they should engage in
diplomacy. In the end, it is not our role to make public
policy better relegated to the state level.
Finally, recall that
the Affirmation of Commitments (AoC) requires "timely,
unrestricted and public access to accurate and complete
WHOIS information." The AoC goes on to state that WHOIS
policy and its implementation needs to meet "the
legitimate needs of law enforcement and promote consumer
trust." I ask the group, is ICANN fulfilling its
commitment, not only to law enforcement but especially
to promote consumer trust, if it allows websites like
this to continue using p/p services?
Whois
privacy services provide "accurate and complete WHOIS
information", therefore I cannot see what you are
inferring. Law enforcement of appropriate jurisdiction can contact
the service provider and get the data, provided there is a legal
basis for that.
Best,
Volker
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
_______________________________________________
Gnso-ppsai-pdp-wg mailing list
Gnso-ppsai-pdp-wg@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg