Kiran, the same applies to trademark rights or copyrights, right?

The right to privacy is neither absolute nor omnipresent, and should be balanced with responsibilities and others' rights.

We have yet to come to the conclusion you're taking for granted because we haven't explored the full context.

Thanks,

Kiran

Kiran Malancharuvil Policy Counselor MarkMonitor 415.222.8318 (t) 415.419.9138 (m) www.markmonitor.com

-----Original Message----- From: Chris Pelling [mailto:chris@netearthone.com] Sent: Wednesday, October 29, 2014 11:34 AM To: PPSAI Cc: Michele Neylon - Blacknight; Kiran Malancharuvil Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

+1 -----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Metalitz, Steven Sent: Wednesday, October 29, 2014 3:09 PM To: 'Chris Pelling'; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Chris: You state, in reference to disclosure of contact data masked by a proxy/privacy service, "No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period." However, as a registrar, your company reserves the right to do so with your customers: We only share personal information with other companies or individuals in the following limited circumstances: •...... •We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law. Source: http://www.netearthone.com/support/privacy.php I don't see anything in there about "due process of law." If you would post to this list the Terms of Service for whatever privacy/proxy service you provide to registrants (I recognize that since your company is not listed as having signed the 2013 RAA you may not be legally required to do so), I strongly suspect that those terms would allow you to terminate the service (thus causing contact data to be not only "disclosed," as this group has defined the term, but "published") without "due process of law." Please feel free to join us in the postal code where we have moved beyond simplistic slogans and are working to craft some fair and comprehensive rules defining the circumstances under which p/p services should disclose this information to a requester. Steve Metalitz -----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Firstly my apologies to those that may have got this twice (first one missing a chunk) : Surely we are not going to re-inventing the wheel here? As per the Oxford English Dictionary : Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right. To do a relay - no breach/violation of privacy - thats how simple it is. No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period. Kind Regards, Chris NetEarth One, inc ----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't This is a conclusion we have yet to reach. Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m) Sent from my mobile, please excuse any typos. On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Steve Disclosure = breach of privacy Relay = communication It's that simple. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make. Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used. The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse. One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.” Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed. If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not. Steve Metalitz From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Michele, We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly. To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate. From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't Don I'm not sure what the sanest way of framing this is. We'd see malware and phishing as being network abuse issues and treat them accordingly. While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also. However the problem arises when there is a question of "judgement". But it's never that simple .. For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't Good afternoon, My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain. However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses. I may be forgetting a question. Let me know. Don _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Steve, that is the right of the provider and the customer to make an "agreement" detailing the extent of the service provided. Some providers "choose" to take action based on less than due process, but others may not. We should not try to legislate based on the choices of a few providers... Volker Am 29.10.2014 20:08, schrieb Metalitz, Steven:

Chris:

You state, in reference to disclosure of contact data masked by a proxy/privacy service, "No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period."

However, as a registrar, your company reserves the right to do so with your customers:

We only share personal information with other companies or individuals in the following limited circumstances: •...... •We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law.

Source: http://www.netearthone.com/support/privacy.php

I don't see anything in there about "due process of law."

If you would post to this list the Terms of Service for whatever privacy/proxy service you provide to registrants (I recognize that since your company is not listed as having signed the 2013 RAA you may not be legally required to do so), I strongly suspect that those terms would allow you to terminate the service (thus causing contact data to be not only "disclosed," as this group has defined the term, but "published") without "due process of law."

Please feel free to join us in the postal code where we have moved beyond simplistic slogans and are working to craft some fair and comprehensive rules defining the circumstances under which p/p services should disclose this information to a requester.

Steve Metalitz

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Hi Steve, no I am not, but that does not invalidate my point as the determination what constitutes a violation currently lies solely with the provider, i.e. the provider gets to decide the merits of the complaint. In other words, the definition of what constitutes a violation (and if such a violation may be cured prior to termination) lies entirely in the eye of the beholder. Volker Am 29.10.2014 23:05, schrieb Metalitz, Steven:

Volker (or others), are you aware of any provider that does not reserve the right unilaterally to terminate its service, i.e., "publish" in our definition, for a range of reasons, including but not necessarily limited to violation of the terms of service?

Steve

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Wednesday, October 29, 2014 3:25 PM To: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Steve,

that is the right of the provider and the customer to make an "agreement" detailing the extent of the service provided. Some providers "choose" to take action based on less than due process, but others may not. We should not try to legislate based on the choices of a few providers...

Volker

Am 29.10.2014 20:08, schrieb Metalitz, Steven:

...

Chris:

You state, in reference to disclosure of contact data masked by a proxy/privacy service, "No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period."

However, as a registrar, your company reserves the right to do so with your customers:

We only share personal information with other companies or individuals in the following limited circumstances: •...... •We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law.

Source: http://www.netearthone.com/support/privacy.php

I don't see anything in there about "due process of law."

If you would post to this list the Terms of Service for whatever privacy/proxy service you provide to registrants (I recognize that since your company is not listed as having signed the 2013 RAA you may not be legally required to do so), I strongly suspect that those terms would allow you to terminate the service (thus causing contact data to be not only "disclosed," as this group has defined the term, but "published") without "due process of law."

Please feel free to join us in the postal code where we have moved beyond simplistic slogans and are working to craft some fair and comprehensive rules defining the circumstances under which p/p services should disclose this information to a requester.

Steve Metalitz

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Hi Steve, I am already in that postal code - thank you very much. I don't however and won't agree to allow unilateral "steam rolling" of a consumers right to privacy. If that consumer has done nothing wrong, nor has the actual "domain name" in question. We as a registrar already have to provide via the 2009 RAA and 2013 RAA (we are not signed up for 2013 RAA as we cannot because of EU privacy law) escrow data in the form of the RDE specification. Whatever next, not able to get the data from the PP provider, lobby ICANN for access to a registrars escrowed data ? Over the top - granted. Also we (NEO) do not host websites, so if someone came along to request assistance, we help them, either passing them UDRP info if the "actual domain" is in violation or the hosting company - so currently we do not normally fall into the crack of having to provide data access. Lastly, yes, LEA requests data, if it is from the UK Police force, they get it BECAUSE of who they are. UK Court order demands it - yes we provide it to the court Chris ----- Original Message ----- From: "Steven Metalitz" <met@msk.com> To: "Chris Pelling" <chris@netearthone.com>, "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 7:08:45 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Chris: You state, in reference to disclosure of contact data masked by a proxy/privacy service, "No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period." However, as a registrar, your company reserves the right to do so with your customers: We only share personal information with other companies or individuals in the following limited circumstances: •...... •We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law. Source: http://www.netearthone.com/support/privacy.php I don't see anything in there about "due process of law." If you would post to this list the Terms of Service for whatever privacy/proxy service you provide to registrants (I recognize that since your company is not listed as having signed the 2013 RAA you may not be legally required to do so), I strongly suspect that those terms would allow you to terminate the service (thus causing contact data to be not only "disclosed," as this group has defined the term, but "published") without "due process of law." Please feel free to join us in the postal code where we have moved beyond simplistic slogans and are working to craft some fair and comprehensive rules defining the circumstances under which p/p services should disclose this information to a requester. Steve Metalitz -----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Firstly my apologies to those that may have got this twice (first one missing a chunk) : Surely we are not going to re-inventing the wheel here? As per the Oxford English Dictionary : Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right. To do a relay - no breach/violation of privacy - thats how simple it is. No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period. Kind Regards, Chris NetEarth One, inc ----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't This is a conclusion we have yet to reach. Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m) Sent from my mobile, please excuse any typos. On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Steve Disclosure = breach of privacy Relay = communication It's that simple. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make. Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used. The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse. One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.” Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed. If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not. Steve Metalitz From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Michele, We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly. To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate. From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't Don I'm not sure what the sanest way of framing this is. We'd see malware and phishing as being network abuse issues and treat them accordingly. While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also. However the problem arises when there is a question of "judgement". But it's never that simple .. For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't Good afternoon, My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain. However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses. I may be forgetting a question. Let me know. Don _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Let's ratchet the rhetoric back. One of the things that I have appreciated about our work is that we been more collegial than I thought might be the case. I'd hate to lose that so late in the game. Nobody is trying to steamroll anyone else. No group represented here has avoided simplistic overstatements (except the RySG of course). And while it worked to make an point during a discussion and follow, maybe the postal code analogy has lost its value. I'm tempted to add suggested rules of the road, but that's a bit over the top. Besides, it's time to leave for this year's Ann Arbor Vampire's Ball. As vaudeville magicians used to say in the US according to my grandfather, "always keep them wondering." Don -----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 4:34 PM To: Steven Metalitz Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Hi Steve, I am already in that postal code - thank you very much. I don't however and won't agree to allow unilateral "steam rolling" of a consumers right to privacy. If that consumer has done nothing wrong, nor has the actual "domain name" in question. We as a registrar already have to provide via the 2009 RAA and 2013 RAA (we are not signed up for 2013 RAA as we cannot because of EU privacy law) escrow data in the form of the RDE specification. Whatever next, not able to get the data from the PP provider, lobby ICANN for access to a registrars escrowed data ? Over the top - granted. Also we (NEO) do not host websites, so if someone came along to request assistance, we help them, either passing them UDRP info if the "actual domain" is in violation or the hosting company - so currently we do not normally fall into the crack of having to provide data access. Lastly, yes, LEA requests data, if it is from the UK Police force, they get it BECAUSE of who they are. UK Court order demands it - yes we provide it to the court Chris ----- Original Message ----- From: "Steven Metalitz" <met@msk.com> To: "Chris Pelling" <chris@netearthone.com>, "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 7:08:45 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Chris: You state, in reference to disclosure of contact data masked by a proxy/privacy service, "No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period." However, as a registrar, your company reserves the right to do so with your customers: We only share personal information with other companies or individuals in the following limited circumstances: •...... •We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to rights, property or safety, of our users, us or the public as required or permitted by law. Source: http://www.netearthone.com/support/privacy.php I don't see anything in there about "due process of law." If you would post to this list the Terms of Service for whatever privacy/proxy service you provide to registrants (I recognize that since your company is not listed as having signed the 2013 RAA you may not be legally required to do so), I strongly suspect that those terms would allow you to terminate the service (thus causing contact data to be not only "disclosed," as this group has defined the term, but "published") without "due process of law." Please feel free to join us in the postal code where we have moved beyond simplistic slogans and are working to craft some fair and comprehensive rules defining the circumstances under which p/p services should disclose this information to a requester. Steve Metalitz -----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Firstly my apologies to those that may have got this twice (first one missing a chunk) : Surely we are not going to re-inventing the wheel here? As per the Oxford English Dictionary : Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right. To do a relay - no breach/violation of privacy - thats how simple it is. No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period. Kind Regards, Chris NetEarth One, inc ----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't This is a conclusion we have yet to reach. Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m) Sent from my mobile, please excuse any typos. On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote: Steve Disclosure = breach of privacy Relay = communication It's that simple. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make. Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used. The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse. One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.” Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed. If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not. Steve Metalitz From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't Michele, We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly. To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate. From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't Don I'm not sure what the sanest way of framing this is. We'd see malware and phishing as being network abuse issues and treat them accordingly. While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also. However the problem arises when there is a question of "judgement". But it's never that simple .. For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't Good afternoon, My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain. However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses. I may be forgetting a question. Let me know. Don _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

RE the DPA session, I am pleased to report that the EU has named Giovanni Buttarelli as the new EDPS, replacing Peter Hustinx who wrote to ICANN recently re the data escrow requirements. Giovanni has been the Assistant EDPS for the last five years and originally hails from the Italian supervisory authority, where he worked with Rodota. He understands our issues very well. I doubt that he would have time to speak to us, but one never knows until one asks. Cheers Stephanie On 14-10-29 4:10 PM, Don Blumenthal wrote:

If nothing else, recent discussions about SME and content suggest that definitions can vary. :)

I think that we need to focus on standards for relay/disclosure/reveal and avoid statements that get us into legal determinations. We will get into quagmires that are a lot more complicated than anything of our other potentially vexing topics.

"[W]thout due process - period," and maybe any talk of due process, threatens to do that. For example, due process as defined in what jurisdiction? Might terms of service related to a provider's relay/disclose/publish policies in effect waive due process-type processes? (Flashbacks from discussions about consent in the Thick Whois WG privacy subgroup abound).

I think that there is a discussion to be had regarding privacy protections vs consent through contract provisions. It might be better to wait until we get closer to our hoped-for DPA session.

Don

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Yes NCSG hosted a privacy discussion when we were in London, and Achim Klabunde came and spoke. He is the tech guy in the EDPS office and is v knowledgeable about ICANN issues. Let me know if you would like to reach out to him, he said that while he is busy he would be willing to help explain the EU position on some of our ICANN issues. cheers SP On 14-10-29 5:05 PM, Don Blumenthal wrote:

Thanks very much, Stephanie. Giovanni might have alternatives if he can't speak with us.

Don

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Wednesday, October 29, 2014 4:38 PM To: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

RE the DPA session, I am pleased to report that the EU has named Giovanni Buttarelli as the new EDPS, replacing Peter Hustinx who wrote to ICANN recently re the data escrow requirements. Giovanni has been the Assistant EDPS for the last five years and originally hails from the Italian supervisory authority, where he worked with Rodota. He understands our issues very well. I doubt that he would have time to speak to us, but one never knows until one asks. Cheers Stephanie On 14-10-29 4:10 PM, Don Blumenthal wrote:

...

If nothing else, recent discussions about SME and content suggest that definitions can vary. :)

I think that we need to focus on standards for relay/disclosure/reveal and avoid statements that get us into legal determinations. We will get into quagmires that are a lot more complicated than anything of our other potentially vexing topics.

"[W]thout due process - period," and maybe any talk of due process, threatens to do that. For example, due process as defined in what jurisdiction? Might terms of service related to a provider's relay/disclose/publish policies in effect waive due process-type processes? (Flashbacks from discussions about consent in the Thick Whois WG privacy subgroup abound).

I think that there is a discussion to be had regarding privacy protections vs consent through contract provisions. It might be better to wait until we get closer to our hoped-for DPA session.

Don

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

---

Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Indeed. On 14-10-29 5:37 PM, Metalitz, Steven wrote:

Sounds like a good possibility, Stephanie, but let's make sure anyone invited is asked to give reactions as a subject matter expert to our preliminary conclusions, which is not necessarily the same as "the EU position on some of our ICANN issues."

Steve Metalitz

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Wednesday, October 29, 2014 5:11 PM To: Don Blumenthal; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Yes NCSG hosted a privacy discussion when we were in London, and Achim Klabunde came and spoke. He is the tech guy in the EDPS office and is v knowledgeable about ICANN issues. Let me know if you would like to reach out to him, he said that while he is busy he would be willing to help explain the EU position on some of our ICANN issues. cheers SP On 14-10-29 5:05 PM, Don Blumenthal wrote:

...

Thanks very much, Stephanie. Giovanni might have alternatives if he can't speak with us.

Don

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Stephanie Perrin Sent: Wednesday, October 29, 2014 4:38 PM To: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

RE the DPA session, I am pleased to report that the EU has named Giovanni Buttarelli as the new EDPS, replacing Peter Hustinx who wrote to ICANN recently re the data escrow requirements. Giovanni has been the Assistant EDPS for the last five years and originally hails from the Italian supervisory authority, where he worked with Rodota. He understands our issues very well. I doubt that he would have time to speak to us, but one never knows until one asks. Cheers Stephanie On 14-10-29 4:10 PM, Don Blumenthal wrote:

...

If nothing else, recent discussions about SME and content suggest that definitions can vary. :)

I think that we need to focus on standards for relay/disclosure/reveal and avoid statements that get us into legal determinations. We will get into quagmires that are a lot more complicated than anything of our other potentially vexing topics.

"[W]thout due process - period," and maybe any talk of due process, threatens to do that. For example, due process as defined in what jurisdiction? Might terms of service related to a provider's relay/disclose/publish policies in effect waive due process-type processes? (Flashbacks from discussions about consent in the Thick Whois WG privacy subgroup abound).

I think that there is a discussion to be had regarding privacy protections vs consent through contract provisions. It might be better to wait until we get closer to our hoped-for DPA session.

Don

-----Original Message----- From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Chris Pelling Sent: Wednesday, October 29, 2014 2:34 PM To: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Firstly my apologies to those that may have got this twice (first one missing a chunk) :

Surely we are not going to re-inventing the wheel here?

As per the Oxford English Dictionary :

Disclosure : The action of making new or secret information known: ref : http://www.oxforddictionaries.com/definition/english/disclosure

Relay *verb* : Receive and pass on (information or a message): ref : http://www.oxforddictionaries.com/definition/english/relay

This whole point regarding "Breach of privacy" on mere speculation you are requesting that someones private information be made public - even if public to the requester, it is by definition still public. In Europe which ICANN has to appreciate there will be PP providers this is a breach/violation of a persons right.

To do a relay - no breach/violation of privacy - thats how simple it is.

No IP lawyer nor Brand protection company has the right to breach or violate a consumers right to privacy without due process - period.

Kind Regards,

Chris

NetEarth One, inc

----- Original Message ----- From: "Kiran Malancharuvil" <Kiran.Malancharuvil@markmonitor.com> To: "Michele Neylon - Blacknight" <michele@blacknight.com> Cc: "PPSAI" <gnso-ppsai-pdp-wg@icann.org> Sent: Wednesday, 29 October, 2014 3:33:24 PM Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

This is a conclusion we have yet to reach.

Kiran Malancharuvil Internet Policy Counselor MarkMonitor 415-419-9138 (m)

Sent from my mobile, please excuse any typos.

On Oct 29, 2014, at 7:28 AM, Michele Neylon - Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> wrote:

Steve

Disclosure = breach of privacy

Relay = communication

It's that simple.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: Metalitz, Steven [mailto:met@msk.com] Sent: Wednesday, October 29, 2014 2:19 PM To: 'Don Blumenthal'; Michele Neylon - Blacknight; PPSAI Subject: RE: What is content and what isn't

As this thread originated in a comment I made on yesterday’s call, let me return to the only point I am trying to make.

Abuse comes in two flavors: abuse that derives from registration of the domain name itself, and abuse that derives from how the domain name is used.

The first category (which happens to be the one that Phil Corwin wants to exclude from disclosure requirements, but that’s a different thread) requires looking at the domain name itself. The second category requires looking at the resource (such as but not necessarily limited to a website) associated with the domain name. Websites engaged in counterfeiting and piracy fall in the second category; so do websites used for distribution of malware. If you wish, you can call one of these content and the other something else, but they share the important characteristic that they require looking beyond the domain name to see the abuse.

One can complain all one wishes about “regulating content,” but there are at least two problems with that. First, one should hesitate to do so if one has signed the 2013 RAA, which requires one to “investigate and respond appropriately” to any report of “conduct involving use of a Registered Name sponsored by Registrar that is prohibited by applicable law.”

Second, nobody in this WG is talking about “regulating content.” Quite the opposite: the very purpose of disclosure is to enable a complainant to go directly to a registrant, so that registrars (or hosting providers for that matter) don’t have to step in and regulate. If registrars wish to accept responsibility for the conduct by their registrants, then there would be no need to seek disclosure of the contact details of registrants who use a service provided by registrar to keep those details secret. But as registrars do not wish to accept that responsibility, then a mechanism is needed to define when those details should be disclosed.

If you are still with me to this point, then we are (as Volker has put it) in the same postal code, and we can roll up our sleeves to try to define that mechanism as best we can. If not, not.

Steve Metalitz

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 12:26 PM To: Michele Neylon - Blacknight; PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] What is content and what isn't

Michele,

We’ve wandered into an area where the practical considerations for contracted parties and others in the infrastructure will be different from p/p providers. As for bit.ly<http://bit.ly>, it would be covered by our policy but we would not act blindly.

To be accurate, we refer to registrars for action. They have the direct contractual relationships with registrants and are in a better position to investigate.

From: Michele Blacknight <michele@blacknight.com<mailto:michele@blacknight.com>> Date: Tuesday, October 28, 2014 at 12:12 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: What is content and what isn't

Don

I'm not sure what the sanest way of framing this is.

We'd see malware and phishing as being network abuse issues and treat them accordingly.

While some registries may have provisions in their policies to deal with this, hosting providers, network providers and registrars may do so also.

However the problem arises when there is a question of "judgement".

But it's never that simple ..

For example this weekend bitly was flagged for malware by Google. Sure, some links on bitly might have led to malware, but pulling down the entire domain would have been a really really bad idea.

Regards

Michele

-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.technology.ie<http://www.technology.ie/> http://www.blacknight.press<http://www.blacknight.press/> for all our news & media Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845

From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ i cann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Don Blumenthal Sent: Tuesday, October 28, 2014 4:07 PM To: PPSAI Subject: [Gnso-ppsai-pdp-wg] What is content and what isn't

Good afternoon,

My point about whether we need to definite content was based as I said on my experience with PIR. The considerations may be different in the context of p/p obligations and processes than they are for a contracted party when reviewing a complaint about a domain.

However, I focused on Steve’s description of malware as a content issue. Our posted anti-abuse policy lists malware as something that could cause us to act against a domain. The basis is that it creates a threat to the security and stability of the Internet. Malware is not a content issue for purpose of our complaint analyses.

I may be forgetting a question. Let me know.

Don

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

---

Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

---

Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg