Questions to frame further D-2 discussion
Dear all, As noted during the call on Tuesday, we have undertaken to generate several questions stemming from the ongoing deliberations that we hope can stimulate further discussion on this list, with a view toward developing a preliminary conclusion for D-2. BACKGROUND: - As you¹ll recall, the question for D-2 is: "Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?² - Section 3.18 of the 2013 RAA specifies two forms of contact that a Registrar has to provide: the first is an abuse point of contact to whom illegal activity is reported in such cases the Registrar has to take ³reasonable and prompt² steps to respond. The second is a ³dedicated² abuse point of contact applicable only to consumer protection agencies, law enforcement and other such authorities for these it has to be on a 24/7 basis and the Registrar has to review a report within 24 hours. QUESTIONS FOR DISCUSSION: 1. Should accredited P/P providers provide a ³dedicated² point of contact or is it enough that they maintain and make available a point of contact with a requirement to respond (response to be determined)? 2. If ³dedicated², is what¹s currently in Section 3.18 sufficient? If not, what should that be? 3. On the need to respond to a report, Is it enough for the guideline/requirement to be the ³reasonable and prompt² standard in Section 3.18? If not, what should it be? Should there be a minimum time frame (if any) for a response (understanding that the response may not be an obligation to act on the report in all cases)? 4. What happens if it turns out action needs to be taken, but it may be action more appropriate for the Registrar rather than the P/P provider to take? We hope you will find these questions helpful in framing and informing the ongoing discussion. Thanks and cheers Mary
Mary These are my initial reactions to the questions - and thanks for framing them, as they are helpful 1. Should accredited P/P providers provide a "dedicated" point of contact or is it enough that they maintain and make available a point of contact with a requirement to respond (response to be determined)? Personally I think "dedicated" as defined in the context of the RAA is too much and that a responsive abuse contact should be able to address issues if / when they arise. If "abuse" of a domain is so serious that it needs to be addressed faster than that then I'd assume that it would warrant LEA intervention and they already have access to the registrar and the registrar could take the domain offline. 2. If "dedicated", is what's currently in Section 3.18 sufficient? If not, what should that be? n/a due to previous response 3. On the need to respond to a report, Is it enough for the guideline/requirement to be the "reasonable and prompt" standard in Section 3.18? If not, what should it be? Should there be a minimum time frame (if any) for a response (understanding that the response may not be an obligation to act on the report in all cases)? This probably merits further discussion. Personally I think "reasonable and prompt" should be ok 4. What happens if it turns out action needs to be taken, but it may be action more appropriate for the Registrar rather than the P/P provider to take? Surely this could be communicated to the reporter? We get notices sent to us that are not really within our scope to deal with and we don't have any issue telling the reporter who they need to address them to, so I'd view this as being similar Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Thanks for this. Comments interspersed. Holly On 5 Jun 2014, at 8:13 am, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
Mary
These are my initial reactions to the questions – and thanks for framing them, as they are helpful
1. Should accredited P/P providers provide a “dedicated” point of contact or is it enough that they maintain and make available a point of contact with a requirement to respond (response to be determined)? Personally I think “dedicated” as defined in the context of the RAA is too much and that a responsive abuse contact should be able to address issues if / when they arise. If “abuse” of a domain is so serious that it needs to be addressed faster than that then I’d assume that it would warrant LEA intervention and they already have access to the registrar and the registrar could take the domain offline.
When the issue was raised back in 2009, what the LEAs were seeking was a point of contact that was available 24/7. I am not clear how the word ‘dedicated’ crept into this, but what was wanted, and I assume is still wanted, is a point of contact where the person (doesn’t necessarily have to be the same person) has both the technical ability and authority to respond 24/7 to serious issues. And from what I was hearing then, the experience of some LEAs was that, even with a warrant, they were not able to reach ANYONE that could respond urgently - thus the requirement. Given that there is a 24/7 abuse point of contact that can take down a site - including in relation to sites using a P/P provider, the issue is then about responding to other, less urgent, issues.
2. If “dedicated”, is what’s currently in Section 3.18 sufficient? If not, what should that be? n/a due to previous response
3. On the need to respond to a report, Is it enough for the guideline/requirement to be the “reasonable and prompt” standard in Section 3.18? If not, what should it be? Should there be a minimum time frame (if any) for a response (understanding that the response may not be an obligation to act on the report in all cases)? This probably merits further discussion. Personally I think “reasonable and prompt” should be ok
Given that we address the 24/7 requirement above, I’d agree - reasonable and prompt should do it. I think the discussion does need to cover in what circumstances you are thinking that the P/P provider would not report.
4. What happens if it turns out action needs to be taken, but it may be action more appropriate for the Registrar rather than the P/P provider to take?
I’d assume your response below is the answer that should be followed
Surely this could be communicated to the reporter? We get notices sent to us that are not really within our scope to deal with and we don’t have any issue telling the reporter who they need to address them to, so I’d view this as being similar
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg
participants (3)
-
Holly Raiche -
Mary Wong -
Michele Neylon - Blacknight