Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant". Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders. I join the conference now. Regards, Gema -----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group Hello Gema, Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope. As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar. Luc On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote: Dear all, I agree with commentators that this categorization is clearer than the previous one. Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity? Thank you, Gema De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group Dear All, Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft. To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories: * MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows: MAIN ISSUES 1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers? 2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process? 3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which? 4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability? 5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers? MAINTENANCE 1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service? 2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how? 3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply. 4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes? 5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person? 6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes? CONTACT 1. What measures should be taken to ensure contactability and responsiveness of the providers? 2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA? 3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required? 4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider? RELAY 1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers? 2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer? REVEAL 1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers? 2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters? 3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure? 4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted? 5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies? 6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)? Please let me know if this categorization is helpful. Jim James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com> _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ -------------------------------------------------------- This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone. Think of the environment: don't print this e-mail unless you really need to. --------------------------------------------------------

True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message: But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs? Don On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org <gnso-ppsai-pdp-wg-bounces@icann.org> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

We’re getting way ahead of ourselves here but this discussion is going to be very complex when it happens. From many years of hearing use cases kicked around, it’s safe to say that even simplest, on the surface, one vs the other distinction will have potential issues. We also will have to be alert to differences in legal definitions and requirements for, as an example, doing business. Don On 1/14/14, 12:22 PM, "Volker Greimann" <vgreimann@key-systems.net> wrote:

I think if we enter into discussions of use-scenarios, we would be lost quickly, and the commercial/ non-commercial differentiation is purely content. Here we could also look at whether hacked sites justified reveal, i.e. where a perfectly innocent registrant is himself victimized by a hacker who infilterated his old wordpress installation to insert illegal pages. How would a privacy/proxy service provider, who can only see the registration data of the domain name and the content publicly available on the internet even begin to differentiate which is which?

It would make more sense to differentiate if the registrant is a private individual or a corporate entity, which of course only the the p/p service provider would be able to tell.

Volker

Am 14.01.2014 17:59, schrieb Don Blumenthal:

...

True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message:

But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs?

Don

On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com> wrote:

...

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org <gnso-ppsai-pdp-wg-bounces@icann.org> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De:

gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ica nn .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

---

Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Totally agree. This is something we have discussed in the EWG somewhat extensively. The internet equivalent of having a garage sale, or letting someone place a commercial sign in your front field or on the side of building, does not turn that registrant into a commercial entity, regardless of how the tax authorities view the matter of the monetary exchange. ICANN has no business going there, nor demanding that registrars try to sort through these inherently inter-jurisdictional nuances. I totally agree on the more fundamental principle of examining content too. Stephanie Perrin On 2014-01-14, at 12:33 PM, Tim Ruiz wrote:

That's exactly why we shouldn't go there. It is a rabbit hole leading to some crazy, unending debate about use, IMHO. If some due process is undertaken (outside of ICANN) and an appropriate notice/order is given to the p/p provider, they should take whatever course of action they are directed or ordered to take. We don't have to debate what is legal or isn't that is not our task, again IMHO.

Tim

...

On Jan 14, 2014, at 12:00 PM, "Don Blumenthal" <dblumenthal@pir.org> wrote:

True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message:

But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs?

Don

...

On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org <gnso-ppsai-pdp-wg-bounces@icann.org> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Hi all, I think that the commercial/non-commercial distinction is a valid policy question for the WG to consider. It seems to me that as part of that deliberation, we shouldn't be taking the question of the "...use of the Registered name.." off the table. To be clear, my point in this email isn't to argue what the answer should be on the question of commercial/non-commercial distinction for privacy/proxy services. Rather, my point is that I think it's a valid (indeed, central) policy question that is worth deliberation by this group, and that the question necessarily implicates questions relating to the use of the Registered name. Two points in response, if I may: - *Registrant status vs use of the Registered name*. As to the suggestion about looking to whether the registrant is a commercial or non-commercial entity (as opposed to the actual use), allow me to argue why that approach may not be entirely effective, again using the example of rogue Internet pharmacies. The concrete problem we see is that the proverbial "guy operating from his basement" who is not a licensed pharmacy (and not a licensed corporation) and is selling fake drugs on the Internet, sometimes leading to illness or death of the customer (or, for example, to non-treatment, e.g., a patient thinking that he or she is treating their cancer when it it only getting worse because the drugs have no active ingredients). In this case, the registrant is only a private individual, but is engaged in commercial activity. In many jurisdictions this triggers consumer protection or other laws. My point here is not to start the debate in this string as to what sort of privacy/proxy protections should or should not be offered. Rather, my point is to argue that these are appropriate questions for this WG to consider and discuss, and to provide an example of why. - *Content/Non-Content*. To build on the previous bullet, I understand the point about content/non-content (e.g., the difference between a domain name and content on a server), but I think that whether we all agree with it or not, requirements in the RAA, for example, step firmly into the world of use of a domain name and pointed-to content. Provisions in the 2013 RAA, for example, explicitly reference "...use of a Registered name..." and the provisions of the RAA that pertain to illegal activity (e.g., 3.18 and 1.13) certainly, I think, contemplate the content a Registered name points to as the way that a domain name is being "used." We should look at the ramifications of data privacy from every angle. Again, my primary point here is not to argue that ICANN policies implicating content questions are right or wrong; rather, I want to argue that there is no longer any historical precedent suggesting that discussions of content or domain name usage are not, and never have been, within the ambit of ICANN. Indeed, such policy considerations seem necessary to discuss broader implementation of data privacy, and the responsibilities ICANN entrusts to future accredited privacy and proxy services providers. Thanks, John Horton President, LegitScript *Follow LegitScript*: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | *Blog <http://blog.legitscript.com>* | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 14, 2014 at 9:56 AM, Stephanie Perrin < stephanie.perrin@mail.utoronto.ca> wrote:

Totally agree. This is something we have discussed in the EWG somewhat extensively. The internet equivalent of having a garage sale, or letting someone place a commercial sign in your front field or on the side of building, does not turn that registrant into a commercial entity, regardless of how the tax authorities view the matter of the monetary exchange. ICANN has no business going there, nor demanding that registrars try to sort through these inherently inter-jurisdictional nuances. I totally agree on the more fundamental principle of examining content too. Stephanie Perrin On 2014-01-14, at 12:33 PM, Tim Ruiz wrote:

...

That's exactly why we shouldn't go there. It is a rabbit hole leading to some crazy, unending debate about use, IMHO. If some due process is undertaken (outside of ICANN) and an appropriate notice/order is given to the p/p provider, they should take whatever course of action they are directed or ordered to take. We don't have to debate what is legal or isn't that is not our task, again IMHO.

Tim

...

On Jan 14, 2014, at 12:00 PM, "Don Blumenthal" <dblumenthal@pir.org> wrote:

True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message:

But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs?

Don

...

On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org <gnso-ppsai-pdp-wg-bounces@icann.org> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto: gnso-ppsai-pdp-wg-bounces@icann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Hello Gema, ICANN’s mission is defined in its by-laws which state as follows: http://www.icann.org/en/about/governance/bylaws#I Section 1. MISSION The mission of The Internet Corporation for Assigned Names and Numbers ("ICANN") is to coordinate, at the overall level, the global Internet's systems of unique identifiers, and in particular to ensure the stable and secure operation of the Internet's unique identifier systems. In particular, ICANN: 1. Coordinates the allocation and assignment of the three sets of unique identifiers for the Internet, which are a. Domain names (forming a system referred to as "DNS"); b. Internet protocol ("IP") addresses and autonomous system ("AS") numbers; and c. Protocol port and parameter numbers. 2. Coordinates the operation and evolution of the DNS root name server system. 3. Coordinates policy development reasonably and appropriately related to these technical functions. As you can see ICANN’s purview doesn’t include hosting services but are limited to the DNS system. This is why the accreditation agreements that ICANN has with contracted parties only pertain to domain name services. To be authorised to act as domain name registrar, one need to enter into an accreditation agreement with iCANN. However, there is no such requirement for hosting services providers. Further and to take our example, EuroDNS is an ICANN accredited registrar but not a hosting services provider. As such, we have no technical means to act on the content of a website pointed by a domain name registered by one of our customers. Only the hosting service provider can act if the website publisher defaults. And to bring this discussion back within the scope of the charter of this WG, please remember that we are here working on an accreditation program for entities that may not be registrars nor hosting providers. Hoping this will help. For your introductive inquiries I’ll let a native speaker answer those. Best Wishes, Luc On Jan 14, 2014, at 19:22, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> wrote: I´m sorry but my limited English capabilities don’t help to understand your comment, Don. I set out the paragraphs where I´m lost: What if the use is legal... What use do you refer to? The use of the domain name? Do you mean that the string itself (e.g.: fulanito.com<http://fulanito.com/>) doesn´t infringe third party rights? The domain´s commercial/non-commercial designation… The way the domain name holder considers or label himself? A hobbyist´s backyard habitat website… What is this? A blog or a website where you share your views on issues of your interests that you run as a hobby? An Amazon affiliate link… A link to the Amazon website to buy a book you are recommending, for instance? Furthermore, I still don´t understand why you, Tim or others in the group insist on separating content or use (websites) from domain name holders. Why should this matter in reveal requests addressed to proxy and privacy services? Should P&P services only reply to those requests when they are persuaded that the domain name holder is the service provider responsible for the website? I take advantage of this message to respond to one of Luc Seufer´s remarks which is related to this thread. When public authorities search for the owner of a website, we resort to all providers that can provide information. We try to follow a logical path starting with the ones closer to the service provider, but if they don´t answer us (and many hosting providers don´t answer), we have to go up the ladder and ask the advertisement networks, VISA and other payment means, telecom operators, registrars and P&P services…. Naturally, the first thing one infringes when leads an illegal activity is article 5 of the Directive 2000/31/CE, and subsequently, they don´t display any information or very little one about themselves on their websites. Thank you very much for help in understanding your case as regards content and registrants and its relationship with the remit of this group. Best regards, Gema -----Mensaje original----- De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Don Blumenthal Enviado el: martes, 14 de enero de 2014 18:00 Para: Tim Ruiz CC: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message: But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs? Don On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com<mailto:tim@godaddy.com>> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> <gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ic<mailto:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ic> ann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ -------------------------------------------------------- This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone. Think of the environment: don't print this e-mail unless you really need to. --------------------------------------------------------

Thank you, Don. I´ve read your previous message and thanks to your answers, it makes sense to me now. Best, Gema De: Don Blumenthal [mailto:dblumenthal@pir.org] Enviado el: martes, 14 de enero de 2014 20:20 Para: Campillos Gonzalez, Gema Maria CC: gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group Gema, Thanks for mentioning the issues. My responses are in the body of your note. Don From: "<Campillos Gonzalez>", Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> Date: Tuesday, January 14, 2014 at 1:22 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, Tim Ruiz <tim@godaddy.com<mailto:tim@godaddy.com>>, "Luc SEUFER (lseufer@dclgroup.eu<mailto:lseufer@dclgroup.eu>)" <lseufer@dclgroup.eu<mailto:lseufer@dclgroup.eu>> Cc: PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group I´m sorry but my limited English capabilities don't help to understand your comment, Don. I set out the paragraphs where I´m lost: What if the use is legal... What use do you refer to? The use of the domain name? Do you mean that the string itself (e.g.: fulanito.com) doesn´t infringe third party rights? DMB - My reference was to Tim's mention of Illegal content and his suggestion that examining illegal content is not within ICANN"s mission. I was asking about whether it might be ICANN's job where the content is legal but may show that the domain holder isn't staying within the bounds of whatever p/p designation allowed it to use proxy or privacy. The domain´s commercial/non-commercial designation... The way the domain name holder considers or label himself? DMB - How to determine that, if at all, is up to the WG. I was just borrowing a term that's comment in p/p discussions. A hobbyist´s backyard habitat website... What is this? A blog or a website where you share your views on issues of your interests that you run as a hobby? DMB - Yes, in this case maintaining property in a way that encourages wildlife to visit. A vast oversimplification, and not entirely accurate for this site that began as habitat pages. Still, it's an example that I know of. www.wrenaissance.com<http://www.wrenaissance.com> An Amazon affiliate link... A link to the Amazon website to buy a book you are recommending, for instance? DMB - Your example is a good one. Furthermore, I still don´t understand why you, Tim or others in the group insist on separating content or use (websites) from domain name holders. Why should this matter in reveal requests addressed to proxy and privacy services? Should P&P services only reply to those requests when they are persuaded that the domain name holder is the service provider responsible for the website? DMB - The primary reason to separate domains from websites is that not all domain holders have them. Many recent law enforcement actions such as ones against botnets are in that category. As for your other questions, I I will leave them for later discussion by the WG if we get to the point that they are relevant in our p/p deliberations. Again, my points were directed, and only as questions, to issues about whether ICANN might have a legitimate role in examining content. I take advantage of this message to respond to one of Luc Seufer´s remarks which is related to this thread. When public authorities search for the owner of a website, we resort to all providers that can provide information. We try to follow a logical path starting with the ones closer to the service provider, but if they don´t answer us (and many hosting providers don´t answer), we have to go up the ladder and ask the advertisement networks, VISA and other payment means, telecom operators, registrars and P&P services.... Naturally, the first thing one infringes when leads an illegal activity is article 5 of the Directive 2000/31/CE, and subsequently, they don´t display any information or very little one about themselves on their websites. Thank you very much for help in understanding your case as regards content and registrants and its relationship with the remit of this group. Best regards, Gema -----Mensaje original----- De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Don Blumenthal Enviado el: martes, 14 de enero de 2014 18:00 Para: Tim Ruiz CC: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message: But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs? Don On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com<mailto:tim@godaddy.com>> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> <gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es%3cmailto:GCAMPILLOS@minetur.es>>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ic<mailto:gnso-ppsai-pdp-wg-bounces@icann.org%3cmailto:gnso-ppsai-pdp-wg-bounces@ic> ann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org%3cmailto:gnso-ppsai-pdp-wg@icann.org>> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com%3cmailto:jbikoff@sgbdc.com>>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org%3cmailto:Gnso-ppsai-pdp-wg@icann.org>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Tim, I know that the WG will have to address the issue. I was answering in the questions in the context that they presented. As for checking content, from the charter questions include non-compliance with proxy/privacy requirements. If 1. we do suggest categories and 2. mechanisms for enforcing compliance in that context, and 3. don’t limit what can be examined in the context of proactive compliance checks or complaint investigations,. then website content could be very relevant to whomever does the compliance work depending on how we define the categories. Harm (except in some broad “harm to the p/p system sense) and legality would not be factors in that instance, IMO. I raised the issue for completeness. Maybe I need to scale back to to avoid pushing discussions beyond where we are. Don From: Tim Ruiz <tim@godaddy.com<mailto:tim@godaddy.com>> Date: Wednesday, January 15, 2014 at 9:01 AM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>> Cc: "Campillos Gonzalez, Gema Maria" <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group Don, You are assuming that the accreditation policy should make a distinction between commercial and non-commercial p/p customers. I thought the WG is to determine if that actually should be the case or not. But regardless, my point wasn't about ICANN not determining what is legal or not. It was that ICANN should not be into regulating use, period. So whether a p/p customer is commercial, a business, or a natural person is then irrelevant. And if the use is legal, then what is the harm anyway? Tim On Jan 14, 2014, at 2:20 PM, "Don Blumenthal" <dblumenthal@pir.org<mailto:dblumenthal@pir.org>> wrote: Gema, Thanks for mentioning the issues. My responses are in the body of your note. Don From: "<Campillos Gonzalez>", Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> Date: Tuesday, January 14, 2014 at 1:22 PM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, Tim Ruiz <tim@godaddy.com<mailto:tim@godaddy.com>>, "Luc SEUFER (lseufer@dclgroup.eu<mailto:lseufer@dclgroup.eu>)" <lseufer@dclgroup.eu<mailto:lseufer@dclgroup.eu>> Cc: PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group I´m sorry but my limited English capabilities don’t help to understand your comment, Don. I set out the paragraphs where I´m lost: What if the use is legal... What use do you refer to? The use of the domain name? Do you mean that the string itself (e.g.: fulanito.com<http://fulanito.com>) doesn´t infringe third party rights? DMB – My reference was to Tim’s mention of Illegal content and his suggestion that examining illegal content is not within ICANN”s mission. I was asking about whether it might be ICANN’s job where the content is legal but may show that the domain holder isn’t staying within the bounds of whatever p/p designation allowed it to use proxy or privacy. The domain´s commercial/non-commercial designation… The way the domain name holder considers or label himself? DMB – How to determine that, if at all, is up to the WG. I was just borrowing a term that’s comment in p/p discussions. A hobbyist´s backyard habitat website… What is this? A blog or a website where you share your views on issues of your interests that you run as a hobby? DMB – Yes, in this case maintaining property in a way that encourages wildlife to visit. A vast oversimplification, and not entirely accurate for this site that began as habitat pages. Still, it’s an example that I know of. www.wrenaissance.com<http://www.wrenaissance.com> An Amazon affiliate link… A link to the Amazon website to buy a book you are recommending, for instance? DMB – Your example is a good one. Furthermore, I still don´t understand why you, Tim or others in the group insist on separating content or use (websites) from domain name holders. Why should this matter in reveal requests addressed to proxy and privacy services? Should P&P services only reply to those requests when they are persuaded that the domain name holder is the service provider responsible for the website? DMB – The primary reason to separate domains from websites is that not all domain holders have them. Many recent law enforcement actions such as ones against botnets are in that category. As for your other questions, I I will leave them for later discussion by the WG if we get to the point that they are relevant in our p/p deliberations. Again, my points were directed, and only as questions, to issues about whether ICANN might have a legitimate role in examining content. I take advantage of this message to respond to one of Luc Seufer´s remarks which is related to this thread. When public authorities search for the owner of a website, we resort to all providers that can provide information. We try to follow a logical path starting with the ones closer to the service provider, but if they don´t answer us (and many hosting providers don´t answer), we have to go up the ladder and ask the advertisement networks, VISA and other payment means, telecom operators, registrars and P&P services…. Naturally, the first thing one infringes when leads an illegal activity is article 5 of the Directive 2000/31/CE, and subsequently, they don´t display any information or very little one about themselves on their websites. Thank you very much for help in understanding your case as regards content and registrants and its relationship with the remit of this group. Best regards, Gema -----Mensaje original----- De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Don Blumenthal Enviado el: martes, 14 de enero de 2014 18:00 Para: Tim Ruiz CC: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group True. However, what if the use is legal but the website content creates questions about the domain¹s commercial/non-commercial designation if the WG recommends differentiation? To steal Gema¹s example in her first message: But, what is the difference between them? A hobbyist¹s backyard habitat website and another hobbyist¹s backyard habitat website that has, or later adds, an Amazon affiliate link to defray costs? Don On 1/14/14, 10:11 AM, "Tim Ruiz" <tim@godaddy.com<mailto:tim@godaddy.com>> wrote:

That is an issue with use/content, which is not within ICANN's mission, as far as I read their mission. How an accredited p/p service responds when properly notified of illegal content (following due process), should be the same as what is required of an accredited registrar. ________________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> <gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>> on behalf of Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>> Sent: Tuesday, January 14, 2014 10:01 AM To: Luc SEUFER Cc: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Thank you for the reminder, Luc. I give another real-world and trickier instance using the word "registrant".

Has the registrant a commercial purpose when he runs a forum-like website on which he also offers access to copyrighted works free of charge? In this case, the registrant leads this activity for the sake of it and doesn't get any profits at all from it. But, he is causing great damage to right holders.

I join the conference now.

Regards,

Gema

-----Mensaje original----- De: Luc SEUFER [mailto:lseufer@dclgroup.eu] Enviado el: martes, 14 de enero de 2014 15:33 Para: Campillos Gonzalez, Gema Maria CC: Jim Bikoff; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Asunto: Re: [Gnso-ppsai-pdp-wg] Privacy and Protection ServiceAccreditation Issues Working Group

Hello Gema,

Just a kind reminder that ICANN is only dealing with domain names, not websites. Thus, in my opinion, the distinction should be made on the registrant type alone. Hosting services are regulated by ad'hoc laws and those services are outside of ICANN's scope.

As you know, to serve the EU an online merchant has to abide by Directive 2000/31 (its national transpositions to be more precise) and must publish their details on their website. Should they fail to do so, the hosting provider should be the party that LEA should contact, not the registrar.

Luc

On Jan 14, 2014, at 14:24, Campillos Gonzalez, Gema Maria <GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es<mailto:GCAMPILLOS@minetur.es>>> wrote:

Dear all,

I agree with commentators that this categorization is clearer than the previous one.

Although I am aware of your reluctance to introduce variations to the Charter questions passed by the GNSO Council on 31st October, a doubt has come up to my mind. Some of the questions rest on the difference between commercial and non-commercial activities (4, 5 and 6 in the first group and 4 in the last one). But, what is the difference between them? A copyright infringing website where video streaming or downloads are free of charge but which is supported by advertisements or SMS premium services is a commercial or a non-commercial activity?

Thank you,

Gema

De: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ic<mailto:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@ic> ann .org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Jim Bikoff Enviado el: lunes, 13 de enero de 2014 23:05 Para: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Asunto: [Gnso-ppsai-pdp-wg] FW: Privacy and Protection Service Accreditation Issues Working Group

Dear All,

Although the question groupings are still being completed, it may be helpful to our audience if we grouped the questions in the letters in some logical, categorical manner, even if that grouping is but a draft.

To address the substantive content of the questions, it seems that the ultimate issue is set forth in the first question: "What, if any, are the types of Standard Services Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?" The questions following it address that main issue. Most of the issues and questions could be subsumed under the following general categories:

* MAINTENANCE of privacy/proxy services; * CONTACT point provided by each privacy/proxy service; * RELAY of complaints to the privacy/proxy customer; and * REVEAL of privacy/proxy customers' identities. If we followed this categorization, the issues and questions would be grouped as follows:

MAIN ISSUES

1. What, if any, are the types of Standard Service Practices that should be adopted and published by ICANN-accredited privacy/proxy service providers?

2. Should ICANN distinguish between privacy and proxy services for the purpose of the accreditation process?

3. What are the contractual obligations, if any, that, if unfulfilled, would justify termination of customer access by ICANN-accredited privacy/proxy service providers? Should there be any forms of non-compliance that would trigger cancellation or suspension of registrations? If so, which?

4. What are the effects of the privacy and proxy service specification contained in the 2013 RAA? Have these new requirements improved WHOIS quality, registrant contactability, and service usability?

5. What should be the contractual obligations of ICANN accredited registrars with regard to accredited privacy/proxy service providers? Should registrars be permitted to knowingly accept registrations where the registrant is using unaccredited service providers that are bound to the same standards as accredited service providers?

MAINTENANCE

1. Should ICANN-accredited privacy/proxy service providers be required to label WHOIS entries to clearly show when a registration is made through a privacy/proxy service?

2. Should ICANN-accredited privacy/proxy service providers be required to conduct periodic checks to ensure accuracy of customer contact information; and if so, how?

3. What rights and responsibilities should customers of privacy/proxy services have? What obligations should ICANN-accredited privacy/proxy service providers have in managing these rights and responsibilities? Clarify how transfers, renewals, and PEDNR policies should apply.

4. Should ICANN-accredited privacy/proxy service providers distinguish between domain names registered or used for commercial with those registered or used for personal purposes? Specifically, is the use of privacy/proxy services appropriate when a domain name is registered or used for commercial purposes?

5. Should there be a difference in the data fields to be displayed if the domain name is registered or used for a commercial purpose or by a commercial entity instead of a natural person?

6. Should the use of privacy/proxy services be restricted only to registrants who are private individuals using the domain name for non-commercial purposes?

CONTACT

1. What measures should be taken to ensure contactability and responsiveness of the providers?

2. Should ICANN-accredited privacy/proxy service providers be required to maintain dedicated points of contact for reporting abuse? If so, should the terms be consistent with the requirements applicable to registrars under Section 3.18 of the RAA?

3. Should full WHOIS contact details for ICANN-accredited privacy/proxy service providers be required?

4. What forms of malicious conduct, if any, should be covered by a designated published point of contact at an ICANN-accredited privacy/proxy service provider?

RELAY

1. What, if any, baseline minimum standardized relay processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to forward to the customer all allegations of illegal activities they receive relating to specific domain names of the customer?

REVEAL

1. What, if any, baseline minimum standardized reveal processes should be adopted by ICANN-accredited privacy/proxy service providers?

2. Should ICANN-accredited privacy/proxy service providers be required to reveal customer identities for the specific purpose of ensuring timely service of cease and desist letters?

3. What forms of alleged malicious conduct, if any, and what evidentiary standard would be sufficient to trigger such disclosure? What specific violations, if any, would be sufficient to trigger such disclosure?

4. What safeguards, if any, should be put in place to ensure adequate protections for privacy and freedom of expression? Should these standards vary depending on whether the website is being used for commercial or non-commercial purposes? What safeguards or remedies should be available in cases where publication is found to have been unwarranted?

5. What circumstances, if any, would warrant access to registrant data by law enforcement agencies?

6. What clear, workable, enforceable and standardized processes should be adopted by ICANN-accredited privacy/proxy services in order to regulate such access (if such access is warranted)?

Please let me know if this categorization is helpful.

Jim

James L. Bikoff Silverberg, Goldman & Bikoff, LLP 1101 30th Street, NW Suite 120 Washington, DC 20007 Tel: 202-944-3303 Fax: 202-944-3306 jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com<mailto:jbikoff@sgbdc.com>>

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

________________________________

--------------------------------------------------------

This e-mail and any attached files are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail by mistake, please notify the sender immediately and delete it from your system. You must not copy the message or disclose its contents to anyone.

Think of the environment: don't print this e-mail unless you really need to.

-------------------------------------------------------- _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg