First -a big thanks to Kathy for the comments. Next, a big thanks to Steve and Graeme for the paper. Between both inputs, there is both plenty to discuss, but possible avenues for ways forward in what are thorny issues for all of us Holly On 3 Mar 2015, at 9:59 am, Kathy Kleiman <Kathy@kathykleiman.com> wrote:

Hi All, First, thank you, Steve, Graeme and All. I know a lot of people have spent a lot of time in the IP and Registrar Communities working on this draft. Tx you – and appreciate your invitation to comments and concerns! I have reviewed the Draft carefully and have some initial comments to share. Although I spoke with people in the WG while preparing them, these comments are my own.(If there is problem with the formatting below, please let me know.) 1. General Comments

a. `Let’s make the wording more neutral. Let’s add “alleged” or “claimed” in all references of infringement (e.g., trademarks, copyrights of domain names/websites. Another good term would be “claimed infringement” -- which is the one used in similar sections of the Digital Millennium Copyright Act to the sections we are working on here.

2. More substantive comments

a. Are we missing levels of protections for the Customer/Registrant? In the Digital Millennium Copyright Act (DMCA), there were two levels of protections for the “users.”

i. The first was sanctions for misrepresentation. Basically, any company which knowingly materially misrepresents that material or activity is infringing is liable for damages, including costs and attorney fees caused from injury resulting from the misrepresentation. Don’t we need similar sanctions here?

ii. A much higher bar for revealing the identity of the alleged infringer. The DMCA allows rapid takedown based on statements very similar to the one we proposing, but Reveal is a whole different story. The standard is much higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a subpoena to reveal data:

a. [Section 512] “(h) SUBPOENA TO IDENTIFY INFRINGER- `(1) REQUEST- A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with this subsection…

Shouldn’t we have a higher standard too? It seems important to balance the rights of both sides, including whether the Allegation of Illegality sufficiently outweighs the Privacy Interests and Rights of the Battered Women’s Shelter, Online Magazine or Bloggers posting unpopular views of corruption.

iii. A deep concern about default. As I read the rules, if you don’t respond, you lose and your data is revealed. But this is a problem because we can think of many reasons why Customers/Registrants would not respond. For example: a. Request came at the beginning of August, b. Request disappeared into spam; c. Registrant/Customer is unable to respond (perhaps language barriers); and/or d. Registrant/Customer is scared to respond.

2. I would submit that in something as important as revealing identity and physical locations, there should be no automatic default. It is completely possible that a) the allegations are incorrect on their face (no jurisdictional overlap, for example), or b) that there are clear defenses on “its face,” e.g., on the website.

Thus, an anti-bullying group may post the copyrighted logo of a gang engaging in bullying (or worse) in a local school or neighborhood; is so, the gang’s allegation of copyright infringement could be clearly weighed against the “safe neighborhoods for all” activity taking place on the website.

Similarly, an online publication in Europe may have every right to use the logo and trademark of a large multinational it is criticizing, or the image of Mohammed, without having its identity and address revealed without due process.

Ditto for a battered women’s shelter posting a copyright logo, motto or design and urging women to watch for it and those bearing it.

Due process is not automatic default, but a full and fair review of the website and other reachable information, even if the Customer/Registrant is unable to respond for herself or himself.

3. Option: we might consider Third Party or Independent Review. This is something that Steve and Graeme’s draft have already suggested for rejections of IP Owner Requests. It could serve Customers too by creating a review of default situations – or perhaps an independent forum for Service Providers who choose to outsource this difficult evaluation.

iv. Privacy of communication between Customers and their Providers . The rules of Section III(A) seem to bar private communication with your Provider. Everything a Customer/Registrant might write to their Provider must be passed on verbatim (if I read this correctly). But that’s a problem for those with English as a second language (or third) or those without lawyers, and those simply trying to explain in clear and informal language to explain this situation. 0What will happen, I am concerned, is that whatever informal response a Customer provides to its Provider will operate (unintended) as an Admission Against Interest or an unintended Waiver.

Further, the Customer/Registrant might inadvertently reveal a bit about their identity or even location – trying to explain their position clearly to the Provider – and this should not be passed on to the Requester automatically either. I am not sure of th answer here as IP Owners should know something about the response, but not necessarily the full communication of the Customer (e.g., he is stalking me).

Thanks for reading! Best, Kathy

On 3/2/2015 9:54 AM, Metalitz, Steven wrote:

...

PPSAI WG members,

Attached please find an updated version of the document Graeme and I circulated prior to last week’s meeting. This updated version includes three or four wording tweaks, intended to reflect the discussion on last week’s call. Looking forward to further discussion on tomorrow’s call.

Steve Metalitz

From: <Metalitz>, Steven <met@msk.com> Date: Monday, February 23, 2015 at 11:57 To: "'PPSAI (gnso-ppsai-pdp-wg@icann.org)'" <gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Category F -- updated status report and text for discussion

PPSAI WG members,

This follows up on our note of Feb. 3 providing a status report on subgroup discussions among some IP interests and p/p service providers regarding p/p disclosure standards. To reiterate, the group’s work is not meant to obviate or displace the work of the larger PPSAI WG on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration.

In light of further consideration and of the need to move forward the WG discussion on Category F, we present the attached document that we hope will help provide a framework for discussion of the disclosure issue in the WG. We emphasize that this is not a proposal from IPC, the Registrar Stakeholder Group, or any subset of either, and that we fully anticipate the text to be modified and improved through further discussion at the WG level. (We also acknowledge that the WG may find the proposal wholly unsatisfactory but hope that it will at least help advance debate.)

The attached is put forward as a starting point, to use intellectual property infringement complaints as one illustrative example of minimum disclosure standards, in a framework that addresses (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request.

We look forward to the discussion of this document among WG members.

Graeme Bunton Steve Metalitz

From: Metalitz, Steven Sent: Tuesday, February 03, 2015 3:57 PM To: PPSAI (gnso-ppsai-pdp-wg@icann.org) Subject: Category F -- status report

Dear WG colleagues,

As you know, several PPSAI Working Group members, including representatives of the IPC and privacy and proxy service providers, have endeavored to develop a collaborative proposal on the minimum standards for disclosure (Category F). The group’s work is not meant to obviate or displace the work of the larger group on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. This is an update on this sub-group’s progress.

But first, a little background: At the face-to-face meeting of the PPSAI Working Group in Los Angeles on October 10, 2014, one important topic was minimum standards for disclosure of contact information of customers of privacy/proxy services who may or may not be using their private domain name registrations to carry out infringing or other abusive activities.

Prior to the face-to-face meeting, IPC participants in the Working Group circulated a proposal on this topic. A responsive redline was circulated to the WG by Volker Greimann.

Following extensive discussion of these proposals and of the topic in general at the face-to-face meeting, a sub-group of WG participants have continued this discussion. The sub-group includes participants from the IPC and privacy/proxy service providers. Meeting by teleconference and working over e-mail, the sub-group has sought to develop a text that could be jointly presented to the PPSAI Working Group as a framework for further discussion on the issue of standards for disclosure.

Some progress has been made, and the sub-group is continuing its efforts with the goal of producing a document for presentation to the PPSAI Working Group as soon after the Singapore ICANN meeting as feasible. If such a document is completed, it is hoped that it would be a constructive contribution to eventual WG approval of a set of recommendations on “Category F” for inclusion in the Draft Report of the WG.

Unlike the documents discussed by the full WG last October, the framework under discussion does not purport to establish a single general policy for when disclosure of contact information in cases of alleged abusive activities would be available. Instead, it seeks to focus more narrowly on intellectual property infringement complaints as one illustrative example of minimum disclosure standards. The framework would describe (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. While considerable progress has been made in the first two areas, a number of critical issues remain to be resolved in the third area, and discussion has not been concluded on any of the areas.

The expressed common goal of the discussion group participants is a framework that would give requestors a higher degree of certainty and predictability as to if, when and how they could obtain what level of disclosure; that would preserve for service providers a sufficient degree of flexibility and discretion in acting upon requests for disclosure; and that would include reasonable safeguards and procedures to protect the legitimate interests of customers of accredited proxy/privacy service providers. Of course, balancing these interests is the difficult task before our working group. As stated, participants in the discussion group hope to be able to make a constructive contribution to the WG’s efforts to do so.

Graeme Bunton Steve Metalitz

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Kathy, Thanks very much for taking the time to post your thoughts. They should be very helpful in generating discussion tomorrow and in online conversations. Best, Don On 3/2/2015 5:59 PM, Kathy Kleiman wrote:

Hi All,

First, thank you, Steve, Graeme and All. I know a lot of people have spent a lot of time in the IP and Registrar Communities working on this draft. Tx you – and appreciate your invitation to comments and concerns!

I have reviewed the Draft carefully and have some initial comments to share. Although I spoke with people in the WG while preparing them, these comments are my own.(If there is problem with the formatting below, please let me know.)

1. General Comments

a. `Let’s make the wording more neutral. Let’s add “alleged” or “claimed” in all references of infringement (e.g., trademarks, copyrights of domain names/websites. Another good term would be “claimed infringement” -- which is the one used in similar sections of the Digital Millennium Copyright Act to the sections we are working on here.

2. More substantive comments

a. Are we missing levels of protections for the Customer/Registrant? In the Digital Millennium Copyright Act (DMCA), there were two levels of protections for the “users.”

i. The first was sanctions for misrepresentation. Basically, any company which knowingly materially misrepresents that material or activity is infringing is liable for damages, including costs and attorney fees caused from injury resulting from the misrepresentation. Don’t we need similar sanctions here?

ii. A much higher bar for revealing the identity of the alleged infringer. The DMCA allows rapid takedown based on statements very similar to the one we proposing, but Reveal is a whole different story. The standard is much higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a subpoena to reveal data:

a. [Section 512] “(h) SUBPOENA TO IDENTIFY INFRINGER-

`(1) REQUEST- A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with this subsection…

Shouldn’t we have a higher standard too? It seems important to balance the rights of both sides, including whether the Allegation of Illegality sufficiently outweighs the Privacy Interests and Rights of the Battered Women’s Shelter, Online Magazine or Bloggers posting unpopular views of corruption.

iii. A deep concern about default. As I read the rules, if you don’t respond, you lose and your data is revealed. But this is a problem because we can think of many reasons why Customers/Registrants would not respond. For example:

a. Request came at the beginning of August,

b. Request disappeared into spam;

c. Registrant/Customer is unable to respond (perhaps language barriers); and/or

d. Registrant/Customer is scared to respond.

2. I would submit that in something as important as revealing identity and physical locations, there should be no automatic default. It is completely possible that a) the allegations are incorrect on their face (no jurisdictional overlap, for example), or b) that there are clear defenses on “its face,” e.g., on the website.

Thus, an anti-bullying group may post the copyrighted logo of a gang engaging in bullying (or worse) in a local school or neighborhood; is so, the gang’s allegation of copyright infringement could be clearly weighed against the “safe neighborhoods for all” activity taking place on the website.

Similarly, an online publication in Europe may have every right to use the logo and trademark of a large multinational it is criticizing, or the image of Mohammed, without having its identity and address revealed without due process.

Ditto for a battered women’s shelter posting a copyright logo, motto or design and urging women to watch for it and those bearing it.

Due process is not automatic default, but a full and fair review of the website and other reachable information, even if the Customer/Registrant is unable to respond for herself or himself.

3. Option: we might consider Third Party or Independent Review. This is something that Steve and Graeme’s draft have already suggested for rejections of IP Owner Requests. It could serve Customers too by creating a review of default situations – or perhaps an independent forum for Service Providers who choose to outsource this difficult evaluation.

iv. Privacy of communication between Customers and their Providers . The rules of Section III(A) seem to bar private communication with your Provider. Everything a Customer/Registrant might write to their Provider must be passed on verbatim (if I read this correctly). But that’s a problem for those with English as a second language (or third) or those without lawyers, and those simply trying to explain in clear and informal language to explain this situation. 0What will happen, I am concerned, is that whatever informal response a Customer provides to its Provider will operate (unintended) as an Admission Against Interest or an unintended Waiver.

Further, the Customer/Registrant might inadvertently reveal a bit about their identity or even location – trying to explain their position clearly to the Provider – and this should not be passed on to the Requester automatically either. I am not sure of th answer here as IP Owners should know something about the response, but not necessarily the full communication of the Customer (e.g., he is stalking me).

Thanks for reading!

Best,

Kathy

Good observations, Kathy. Worthy of discussion. Philip S. Corwin, Founding Principal Virtualaw LLC 1155 F Street, NW Suite 1050 Washington, DC 20004 202-559-8597/Direct 202-559-8750/Fax 202-255-6172/cell Twitter: @VlawDC "Luck is the residue of design" -- Branch Rickey From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Carlton Samuels Sent: Tuesday, March 03, 2015 9:35 AM To: Kathy Kleiman Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns Thanks for the heavy lifting here Kathy. I belatedly read the document and I can tell you now your arguments are compelling. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Mon, Mar 2, 2015 at 5:59 PM, Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> wrote: Hi All, First, thank you, Steve, Graeme and All. I know a lot of people have spent a lot of time in the IP and Registrar Communities working on this draft. Tx you – and appreciate your invitation to comments and concerns! I have reviewed the Draft carefully and have some initial comments to share. Although I spoke with people in the WG while preparing them, these comments are my own.(If there is problem with the formatting below, please let me know.) 1. General Comments a. `Let’s make the wording more neutral. Let’s add “alleged” or “claimed” in all references of infringement (e.g., trademarks, copyrights of domain names/websites. Another good term would be “claimed infringement” -- which is the one used in similar sections of the Digital Millennium Copyright Act to the sections we are working on here. 2. More substantive comments a. Are we missing levels of protections for the Customer/Registrant? In the Digital Millennium Copyright Act (DMCA), there were two levels of protections for the “users.” i. The first was sanctions for misrepresentation. Basically, any company which knowingly materially misrepresents that material or activity is infringing is liable for damages, including costs and attorney fees caused from injury resulting from the misrepresentation. Don’t we need similar sanctions here? ii. A much higher bar for revealing the identity of the alleged infringer. The DMCA allows rapid takedown based on statements very similar to the one we proposing, but Reveal is a whole different story. The standard is much higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a subpoena to reveal data: a. [Section 512] “(h) SUBPOENA TO IDENTIFY INFRINGER- `(1) REQUEST- A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with this subsection… Shouldn’t we have a higher standard too? It seems important to balance the rights of both sides, including whether the Allegation of Illegality sufficiently outweighs the Privacy Interests and Rights of the Battered Women’s Shelter, Online Magazine or Bloggers posting unpopular views of corruption. iii. A deep concern about default. As I read the rules, if you don’t respond, you lose and your data is revealed. But this is a problem because we can think of many reasons why Customers/Registrants would not respond. For example: a. Request came at the beginning of August, b. Request disappeared into spam; c. Registrant/Customer is unable to respond (perhaps language barriers); and/or d. Registrant/Customer is scared to respond. 2. I would submit that in something as important as revealing identity and physical locations, there should be no automatic default. It is completely possible that a) the allegations are incorrect on their face (no jurisdictional overlap, for example), or b) that there are clear defenses on “its face,” e.g., on the website. Thus, an anti-bullying group may post the copyrighted logo of a gang engaging in bullying (or worse) in a local school or neighborhood; is so, the gang’s allegation of copyright infringement could be clearly weighed against the “safe neighborhoods for all” activity taking place on the website. Similarly, an online publication in Europe may have every right to use the logo and trademark of a large multinational it is criticizing, or the image of Mohammed, without having its identity and address revealed without due process. Ditto for a battered women’s shelter posting a copyright logo, motto or design and urging women to watch for it and those bearing it. Due process is not automatic default, but a full and fair review of the website and other reachable information, even if the Customer/Registrant is unable to respond for herself or himself. 3. Option: we might consider Third Party or Independent Review. This is something that Steve and Graeme’s draft have already suggested for rejections of IP Owner Requests. It could serve Customers too by creating a review of default situations – or perhaps an independent forum for Service Providers who choose to outsource this difficult evaluation. iv. Privacy of communication between Customers and their Providers . The rules of Section III(A) seem to bar private communication with your Provider. Everything a Customer/Registrant might write to their Provider must be passed on verbatim (if I read this correctly). But that’s a problem for those with English as a second language (or third) or those without lawyers, and those simply trying to explain in clear and informal language to explain this situation. 0What will happen, I am concerned, is that whatever informal response a Customer provides to its Provider will operate (unintended) as an Admission Against Interest or an unintended Waiver. Further, the Customer/Registrant might inadvertently reveal a bit about their identity or even location – trying to explain their position clearly to the Provider – and this should not be passed on to the Requester automatically either. I am not sure of th answer here as IP Owners should know something about the response, but not necessarily the full communication of the Customer (e.g., he is stalking me). Thanks for reading! Best, Kathy On 3/2/2015 9:54 AM, Metalitz, Steven wrote: PPSAI WG members, Attached please find an updated version of the document Graeme and I circulated prior to last week’s meeting. This updated version includes three or four wording tweaks, intended to reflect the discussion on last week’s call. Looking forward to further discussion on tomorrow’s call. Steve Metalitz From: <Metalitz>, Steven <met@msk.com<mailto:met@msk.com>> Date: Monday, February 23, 2015 at 11:57 To: "'PPSAI (gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>)'" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Category F -- updated status report and text for discussion PPSAI WG members, This follows up on our note of Feb. 3 providing a status report on subgroup discussions among some IP interests and p/p service providers regarding p/p disclosure standards. To reiterate, the group’s work is not meant to obviate or displace the work of the larger PPSAI WG on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. In light of further consideration and of the need to move forward the WG discussion on Category F, we present the attached document that we hope will help provide a framework for discussion of the disclosure issue in the WG. We emphasize that this is not a proposal from IPC, the Registrar Stakeholder Group, or any subset of either, and that we fully anticipate the text to be modified and improved through further discussion at the WG level. (We also acknowledge that the WG may find the proposal wholly unsatisfactory but hope that it will at least help advance debate.) The attached is put forward as a starting point, to use intellectual property infringement complaints as one illustrative example of minimum disclosure standards, in a framework that addresses (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. We look forward to the discussion of this document among WG members. Graeme Bunton Steve Metalitz From: Metalitz, Steven Sent: Tuesday, February 03, 2015 3:57 PM To: PPSAI (gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>) Subject: Category F -- status report Dear WG colleagues, As you know, several PPSAI Working Group members, including representatives of the IPC and privacy and proxy service providers, have endeavored to develop a collaborative proposal on the minimum standards for disclosure (Category F). The group’s work is not meant to obviate or displace the work of the larger group on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. This is an update on this sub-group’s progress. But first, a little background: At the face-to-face meeting of the PPSAI Working Group in Los Angeles on October 10, 2014, one important topic was minimum standards for disclosure of contact information of customers of privacy/proxy services who may or may not be using their private domain name registrations to carry out infringing or other abusive activities. Prior to the face-to-face meeting, IPC participants in the Working Group circulated a proposal on this topic. A responsive redline was circulated to the WG by Volker Greimann. Following extensive discussion of these proposals and of the topic in general at the face-to-face meeting, a sub-group of WG participants have continued this discussion. The sub-group includes participants from the IPC and privacy/proxy service providers. Meeting by teleconference and working over e-mail, the sub-group has sought to develop a text that could be jointly presented to the PPSAI Working Group as a framework for further discussion on the issue of standards for disclosure. Some progress has been made, and the sub-group is continuing its efforts with the goal of producing a document for presentation to the PPSAI Working Group as soon after the Singapore ICANN meeting as feasible. If such a document is completed, it is hoped that it would be a constructive contribution to eventual WG approval of a set of recommendations on “Category F” for inclusion in the Draft Report of the WG. Unlike the documents discussed by the full WG last October, the framework under discussion does not purport to establish a single general policy for when disclosure of contact information in cases of alleged abusive activities would be available. Instead, it seeks to focus more narrowly on intellectual property infringement complaints as one illustrative example of minimum disclosure standards. The framework would describe (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. While considerable progress has been made in the first two areas, a number of critical issues remain to be resolved in the third area, and discussion has not been concluded on any of the areas. The expressed common goal of the discussion group participants is a framework that would give requestors a higher degree of certainty and predictability as to if, when and how they could obtain what level of disclosure; that would preserve for service providers a sufficient degree of flexibility and discretion in acting upon requests for disclosure; and that would include reasonable safeguards and procedures to protect the legitimate interests of customers of accredited proxy/privacy service providers. Of course, balancing these interests is the difficult task before our working group. As stated, participants in the discussion group hope to be able to make a constructive contribution to the WG’s efforts to do so. Graeme Bunton Steve Metalitz _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com> Version: 2015.0.5646 / Virus Database: 4299/9172 - Release Date: 02/24/15 Internal Virus Database is out of date.

Hi Todd and Val, Tx you for the discussion! I appreciate it and am glad to know to know there are ways to address some of the concerns with clarifying language. Val, thanks in particular for your guidance on wording. All, I will sit down tomorrow, "track changes" and pen in hand, and edit a version that hopefully clarifies communications and defaults per our joint understanding! Re: Supoenas, the story seems to be a bit more complicated. I've done some outreach this week to attorneys who spend a lot of time with copyright identity disclosure supoenas. What they say is that, yes, courts in the US rapidly issue a "reveal" subpoena, but that is only the beginning of the story. The Provider who receives the subpoena notifies its Customer. The Providers provide time - generally 30 days or more -- for the the Customer to respond. The Customers can then file on their own behalf in court - a request to quash -- and/or the Provider can file in court to. The following quote comes from Mitch Stoltz, Attorney with the Electronic Frontier Foundation, and he summarizes his thoughts on the "state of play" of copyright and similar subpoenas: ==>There is an emerging consensus among courts around the U.S. that merely accusing one who speaks anonymously on the Internet of some violation of law (be it trademark, libel, or another law) doesn’t strip the speaker of their right to speak anonymously. The right of free expression requires a balancing of interests by an impartial judge before anonymity can be stripped away. Because Internet sites, and their domain names, are the preeminent medium of free expression in the 21st century, the ability to register and maintain a domain name anonymously is an essential part of freedom of expression that must be protected through a similar balancing of interests and a fair, neutral decisionmaking process. An accusation that is legally deficient, vague, pretextual, or harassing should not result in the identification of an anonymous domain registrant, even if the registrant does not respond. Best, Kathy :

Let me add my thanks Kathy for circulating your thoughts, which I thought stimulated a good discussion on Tuesday. As I mentioned on that call, I think most if not all of what you’ve outlined goes to basic drafting revisions/clarifications, rather than to substantive disagreements. So with the goal of moving the process forward in anticipation of next Tuesday’s call, perhaps we as a WG can go through some of your substantive comments (I don’t have an issue with your general comments) point-by-point. I’ll start:

·_Misrepresentations_. Both FN1 and the Annex address possible methods of resolving Provider claims of false statements/misrepresentations. Certainly we as a WG should discuss the various options in the Annex further. But that discussion would presumably relate to the method, not to the actual sanctions. I’m not sure that it’s within our ambit as a WG (or ICANN’s?) to proscribe what the sanctions would be.

·_“Higher bar.”_ In terms of the “much higher bar” – what would you propose? You mentioned using the DMCA § 512(h) as a go-by, but I think that’s actually a lower standard, not a higher one. Not to get too into the weeds of the DMCA (which we’re only really referencing here as a go-by), but my basic understanding is that § 512(h)(4) says that as long as the notice, subpoena, and declaration are in proper form, the clerk “shall expeditiously issue” the subpoena, and that § 512(h)(5) says that the provider must then “expeditiously disclose” the information required by the subpoena. So the whole process is automatic: there’s no discretion or substantive review by either the clerk or by the provider. Conversely, the process outlined in III(B) of the proposal that we’re considering gives the P/P Provider discretion to either: 1) disclose; 2) refuse to disclose (and provide it’s reasons why); or 3) ask for more time.

·_Default_. As I mentioned on the call, I don’t read III(B) as requiring disclosure in cases of default. Rather, if there is a default (“after the time for Customer’s response has passed”), the P/P Provider can */either/*: 1) disclose; 2) refuse to disclose (and provide it’s reasons why); or 3) ask for more time. If the Provider chooses Option (2) and the Requestor doesn’t like the reasons the Provider gives as to why, the Requestor can then request reconsideration under III(F). And if the Provider still refuses, the matter can go to the ICANN-approved dispute resolution process referenced in FN4. But nowhere does Section III contemplate automatic disclosure after default. I think that’s relatively clear from the way that Section III is drafted and structured, but if you want to propose clarifying language to make that point more clear, please do.

·_Third-party independent review_. Section III(F) and FN4 already contemplate this. So I don’t think the question on the table is */whether/* the proposal should allow for this (it does), but under what circumstances. As Michele noted on the call on Tuesday, requiring third-party independent review too often, or otherwise making the process too convoluted, isn’t going to help, because P/P Providers (who, as Michele noted, typically don’t charge very much for the service) are just going to draft their Terms of Service to say “if we get a complaint about X then we’re going to terminate the service” rather than going through the independent review. In light of that, I think the proposal strikes the right balance on the third-party independent review (basically, it’s available, but only for the tough cases in which the Provider has twice refused to disclose). But if you think there is a way to adjust that balance, while still accounting for Michele’s cost concern, let us know.

·_Privacy of communication b/w Providers and Customers_. As I mentioned on the call, I don’t read III(E) as requiring Providers to pass on communications from Customers to Requestors verbatim; it just says that the Requestor must be informed of the reasons for the objection by the Customer. But if you want to add a clause to III(E) to make that more clear, that’s fine. Would this tweak do it: “If refusal to disclose is based on objection to disclosure by the Customer, Provider must inform Requestor of the reasons for objection, though Provider need not do so by relaying Customer’s objection verbatim.”?

Looking forward to the call on Tuesday. Thanks.

Todd.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Phil Corwin *Sent:* Tuesday, March 03, 2015 9:53 AM *To:* Carlton Samuels; Kathy Kleiman *Cc:* PPSAI *Subject:* Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns

Good observations, Kathy. Worthy of discussion.

*Philip S. Corwin, Founding Principal*

*Virtualaw LLC*

*1155 F Street, NW*

*Suite 1050*

*Washington, DC 20004*

*202-559-8597/Direct*

*202-559-8750/Fax*

*202-255-6172/cell*

**

*Twitter: @VlawDC*

*/"Luck is the residue of design" -- Branch Rickey/*

*From:*gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Carlton Samuels *Sent:* Tuesday, March 03, 2015 9:35 AM *To:* Kathy Kleiman *Cc:* PPSAI *Subject:* Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns

Thanks for the heavy lifting here Kathy. I belatedly read the document and I can tell you now your arguments are compelling.

-Carlton

============================== Carlton A Samuels Mobile: 876-818-1799 /Strategy, Planning, Governance, Assessment & Turnaround/ =============================

On Mon, Mar 2, 2015 at 5:59 PM, Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> wrote:

Hi All,

First, thank you, Steve, Graeme and All. I know a lot of people have spent a lot of time in the IP and Registrar Communities working on this draft. Tx you – and appreciate your invitation to comments and concerns!

I have reviewed the Draft carefully and have some initial comments to share. Although I spoke with people in the WG while preparing them, these comments are my own.(If there is problem with the formatting below, please let me know.)

1. General Comments

a. `Let’s make the wording more neutral. Let’s add “alleged” or “claimed” in all references of infringement (e.g., trademarks, copyrights of domain names/websites. Another good term would be “claimed infringement” -- which is the one used in similar sections of the Digital Millennium Copyright Act to the sections we are working on here.

2. More substantive comments

a. Are we missing levels of protections for the Customer/Registrant? In the Digital Millennium Copyright Act (DMCA), there were two levels of protections for the “users.”

i.The first was sanctions for misrepresentation. Basically, any company which knowingly materially misrepresents that material or activity is infringing is liable for damages, including costs and attorney fees caused from injury resulting from the misrepresentation. Don’t we need similar sanctions here?

ii.A much higher bar for revealing the identity of the alleged infringer. The DMCA allows rapid takedown based on statements very similar to the one we proposing, but Reveal is a whole different story. The standard is much higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a subpoena to reveal data:

a.[Section 512] “(h) SUBPOENA TO IDENTIFY INFRINGER-

`(1) REQUEST- A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with this subsection…

Shouldn’t we have a higher standard too? It seems important to balance the rights of both sides, including whether the Allegation of Illegality sufficiently outweighs the Privacy Interests and Rights of the Battered Women’s Shelter, Online Magazine or Bloggers posting unpopular views of corruption.

iii. A deep concern about default. As I read the rules, if you don’t respond, you lose and your data is revealed. But this is a problem because we can think of many reasons why Customers/Registrants would not respond. For example:

a.Request came at the beginning of August,

b.Request disappeared into spam;

c.Registrant/Customer is unable to respond (perhaps language barriers); and/or

d.Registrant/Customer is scared to respond.

2.I would submit that in something as important as revealing identity and physical locations, there should be no automatic default. It is completely possible that a) the allegations are incorrect on their face (no jurisdictional overlap, for example), or b) that there are clear defenses on “its face,” e.g., on the website.

Thus, an anti-bullying group may post the copyrighted logo of a gang engaging in bullying (or worse) in a local school or neighborhood; is so, the gang’s allegation of copyright infringement could be clearly weighed against the “safe neighborhoods for all” activity taking place on the website.

Similarly, an online publication in Europe may have every right to use the logo and trademark of a large multinational it is criticizing, or the image of Mohammed, without having its identity and address revealed without due process.

Ditto for a battered women’s shelter posting a copyright logo, motto or design and urging women to watch for it and those bearing it.

Due process is not automatic default, but a full and fair review of the website and other reachable information, even if the Customer/Registrant is unable to respond for herself or himself.

3. Option: we might consider Third Party or Independent Review. This is something that Steve and Graeme’s draft have already suggested for rejections of IP Owner Requests. It could serve Customers too by creating a review of default situations – or perhaps an independent forum for Service Providers who choose to outsource this difficult evaluation.

iv.Privacy of communication between Customers and their Providers . The rules of Section III(A) seem to bar private communication with your Provider. Everything a Customer/Registrant might write to their Provider must be passed on verbatim (if I read this correctly). But that’s a problem for those with English as a second language (or third) or those without lawyers, and those simply trying to explain in clear and informal language to explain this situation. 0What will happen, I am concerned, is that whatever informal response a Customer provides to its Provider will operate (unintended) as an Admission Against Interest or an unintended Waiver.

Further, the Customer/Registrant might inadvertently reveal a bit about their identity or even location – trying to explain their position clearly to the Provider – and this should not be passed on to the Requester automatically either. I am not sure of th answer here as IP Owners should know something about the response, but not necessarily the full communication of the Customer (e.g., he is stalking me).

Thanks for reading!

Best,

Kathy

On 3/2/2015 9:54 AM, Metalitz, Steven wrote:

PPSAI WG members,

Attached please find an updated version of the document Graeme and I circulated prior to last week’s meeting. This updated version includes three or four wording tweaks, intended to reflect the discussion on last week’s call. Looking forward to further discussion on tomorrow’s call.

Steve Metalitz

*From: *<Metalitz>, Steven <met@msk.com <mailto:met@msk.com>> *Date: *Monday, February 23, 2015 at 11:57 *To: *"'PPSAI (gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>)'" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *Re: [Gnso-ppsai-pdp-wg] Category F -- updated status report and text for discussion

PPSAI WG members,

This follows up on our note of Feb. 3 providing a status report on subgroup discussions among some IP interests and p/p service providers regarding p/p disclosure standards. To reiterate, the group’s work is not meant to obviate or displace the work of the larger PPSAI WG on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration.

In light of further consideration and of the need to move forward the WG discussion on Category F, we present the attached document that we hope will help provide a framework for discussion of the disclosure issue in the WG. We emphasize that this is not a proposal from IPC, the Registrar Stakeholder Group, or any subset of either, and that we fully anticipate the text to be modified and improved through further discussion at the WG level. (We also acknowledge that the WG may find the proposal wholly unsatisfactory but hope that it will at least help advance debate.)

The attached is put forward as a starting point, to use intellectual property infringement complaints as one illustrative example of minimum disclosure standards, in a framework that addresses (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request.

We look forward to the discussion of this document among WG members.

Graeme Bunton

Steve Metalitz

*From:*Metalitz, Steven *Sent:* Tuesday, February 03, 2015 3:57 PM *To:* PPSAI (gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>) *Subject:* Category F -- status report

Dear WG colleagues,

As you know, several PPSAI Working Group members, including representatives of the IPC and privacy and proxy service providers, have endeavored to develop a collaborative proposal on the minimum standards for disclosure (Category F). The group’s work is not meant to obviate or displace the work of the larger group on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. This is an update on this sub-group’s progress.

But first, a little background: At the face-to-face meeting of the PPSAI Working Group in Los Angeles on October 10, 2014, one important topic was minimum standards for disclosure of contact information of customers of privacy/proxy services who may or may not be using their private domain name registrations to carry out infringing or other abusive activities.

Prior to the face-to-face meeting, IPC participants in the Working Group circulated a proposal on this topic. A responsive redline was circulated to the WG by Volker Greimann.

Following extensive discussion of these proposals and of the topic in general at the face-to-face meeting, a sub-group of WG participants have continued this discussion. The sub-group includes participants from the IPC and privacy/proxy service providers. Meeting by teleconference and working over e-mail, the sub-group has sought to develop a text that could be jointly presented to the PPSAI Working Group as a framework for further discussion on the issue of standards for disclosure.

Some progress has been made, and the sub-group is continuing its efforts with the goal of producing a document for presentation to the PPSAI Working Group as soon after the Singapore ICANN meeting as feasible. If such a document is completed, it is hoped that it would be a constructive contribution to eventual WG approval of a set of recommendations on “Category F” for inclusion in the Draft Report of the WG.

Unlike the documents discussed by the full WG last October, the framework under discussion does not purport to establish a single general policy for when disclosure of contact information in cases of alleged abusive activities would be available. Instead, it seeks to focus more narrowly on intellectual property infringement complaints as one illustrative example of minimum disclosure standards. The framework would describe (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. While considerable progress has been made in the first two areas, a number of critical issues remain to be resolved in the third area, and discussion has not been concluded on any of the areas.

The expressed common goal of the discussion group participants is a framework that would give requestors a higher degree of certainty and predictability as to if, when and how they could obtain what level of disclosure; that would preserve for service providers a sufficient degree of flexibility and discretion in acting upon requests for disclosure; and that would include reasonable safeguards and procedures to protect the legitimate interests of customers of accredited proxy/privacy service providers. Of course, balancing these interests is the difficult task before our working group. As stated, participants in the discussion group hope to be able to make a constructive contribution to the WG’s efforts to do so.

Graeme Bunton

Steve Metalitz

_______________________________________________

Gnso-ppsai-pdp-wg mailing list

Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>

https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

------------------------------------------------------------------------

No virus found in this message. Checked by AVG - www.avg.com <http://www.avg.com> Version: 2015.0.5646 / Virus Database: 4299/9172 - Release Date: 02/24/15 Internal Virus Database is out of date.

Thanks Kathy for this further explanation on DMCA subpoenas. But even assuming that what you’ve outlined is accurate, I still think that the point that I was making below – that the process outlined in the proposal that this WG is considering (the “Proposal”) is just as protective of users’ privacy as the DMCA, if not more so – still holds. Let’s use one of your default examples to illustrate. Say that a Provider doesn’t get a response after notifying its Customer that it has received a DMCA subpoena – perhaps because the notice disappeared into the Customer’s spam, or because the Customer was unable to respond because of language barriers, etc. Is the Provider at that point obligated to go to court to move to quash the subpoena? I think the answer is no. Rather, the Provider can choose to either 1) disclose or 2) move to quash. So too with the Proposal here: after a default the P/P Provider can choose to either 1) disclose; 2) refuse to disclose (and provide reasons why); or 3) ask for more time. So at least in that scenario, I don’t see how the DMCA sets the bar higher. In fact, I would argue that the DMCA process is actually less protective of users’ privacy, because it puts the Provider to the choice of either disclosing or having to go to court to move to quash. Conversely, under the Proposal, the P/P Provider simply has to provide its reasons for refusing to disclose to the Requestor. Because that is presumably less burdensome than having to file a motion to quash, I think we can assume that P/P Providers will choose the option of not disclosing more often under the Proposal than they would under the DMCA. Of course, the Proposal does contemplate a third-party review process under III(F). But that’s two steps down the line for P/P Providers who prefer not to disclose under the Proposal. It’s automatic for Providers who prefer not to disclose under the DMCA. Thanks. Todd. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Saturday, March 07, 2015 10:00 AM To: Williams, Todd; Phil Corwin; Carlton Samuels Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns Hi Todd and Val, Tx you for the discussion! I appreciate it and am glad to know to know there are ways to address some of the concerns with clarifying language. Val, thanks in particular for your guidance on wording. All, I will sit down tomorrow, "track changes" and pen in hand, and edit a version that hopefully clarifies communications and defaults per our joint understanding! Re: Supoenas, the story seems to be a bit more complicated. I've done some outreach this week to attorneys who spend a lot of time with copyright identity disclosure supoenas. What they say is that, yes, courts in the US rapidly issue a "reveal" subpoena, but that is only the beginning of the story. The Provider who receives the subpoena notifies its Customer. The Providers provide time - generally 30 days or more -- for the the Customer to respond. The Customers can then file on their own behalf in court - a request to quash -- and/or the Provider can file in court to. The following quote comes from Mitch Stoltz, Attorney with the Electronic Frontier Foundation, and he summarizes his thoughts on the "state of play" of copyright and similar subpoenas: ==>There is an emerging consensus among courts around the U.S. that merely accusing one who speaks anonymously on the Internet of some violation of law (be it trademark, libel, or another law) doesn’t strip the speaker of their right to speak anonymously. The right of free expression requires a balancing of interests by an impartial judge before anonymity can be stripped away. Because Internet sites, and their domain names, are the preeminent medium of free expression in the 21st century, the ability to register and maintain a domain name anonymously is an essential part of freedom of expression that must be protected through a similar balancing of interests and a fair, neutral decisionmaking process. An accusation that is legally deficient, vague, pretextual, or harassing should not result in the identification of an anonymous domain registrant, even if the registrant does not respond. Best, Kathy : Let me add my thanks Kathy for circulating your thoughts, which I thought stimulated a good discussion on Tuesday. As I mentioned on that call, I think most if not all of what you’ve outlined goes to basic drafting revisions/clarifications, rather than to substantive disagreements. So with the goal of moving the process forward in anticipation of next Tuesday’s call, perhaps we as a WG can go through some of your substantive comments (I don’t have an issue with your general comments) point-by-point. I’ll start: · Misrepresentations. Both FN1 and the Annex address possible methods of resolving Provider claims of false statements/misrepresentations. Certainly we as a WG should discuss the various options in the Annex further. But that discussion would presumably relate to the method, not to the actual sanctions. I’m not sure that it’s within our ambit as a WG (or ICANN’s?) to proscribe what the sanctions would be. · “Higher bar.” In terms of the “much higher bar” – what would you propose? You mentioned using the DMCA § 512(h) as a go-by, but I think that’s actually a lower standard, not a higher one. Not to get too into the weeds of the DMCA (which we’re only really referencing here as a go-by), but my basic understanding is that § 512(h)(4) says that as long as the notice, subpoena, and declaration are in proper form, the clerk “shall expeditiously issue” the subpoena, and that § 512(h)(5) says that the provider must then “expeditiously disclose” the information required by the subpoena. So the whole process is automatic: there’s no discretion or substantive review by either the clerk or by the provider. Conversely, the process outlined in III(B) of the proposal that we’re considering gives the P/P Provider discretion to either: 1) disclose; 2) refuse to disclose (and provide it’s reasons why); or 3) ask for more time. · Default. As I mentioned on the call, I don’t read III(B) as requiring disclosure in cases of default. Rather, if there is a default (“after the time for Customer’s response has passed”), the P/P Provider can either: 1) disclose; 2) refuse to disclose (and provide it’s reasons why); or 3) ask for more time. If the Provider chooses Option (2) and the Requestor doesn’t like the reasons the Provider gives as to why, the Requestor can then request reconsideration under III(F). And if the Provider still refuses, the matter can go to the ICANN-approved dispute resolution process referenced in FN4. But nowhere does Section III contemplate automatic disclosure after default. I think that’s relatively clear from the way that Section III is drafted and structured, but if you want to propose clarifying language to make that point more clear, please do. · Third-party independent review. Section III(F) and FN4 already contemplate this. So I don’t think the question on the table is whether the proposal should allow for this (it does), but under what circumstances. As Michele noted on the call on Tuesday, requiring third-party independent review too often, or otherwise making the process too convoluted, isn’t going to help, because P/P Providers (who, as Michele noted, typically don’t charge very much for the service) are just going to draft their Terms of Service to say “if we get a complaint about X then we’re going to terminate the service” rather than going through the independent review. In light of that, I think the proposal strikes the right balance on the third-party independent review (basically, it’s available, but only for the tough cases in which the Provider has twice refused to disclose). But if you think there is a way to adjust that balance, while still accounting for Michele’s cost concern, let us know. · Privacy of communication b/w Providers and Customers. As I mentioned on the call, I don’t read III(E) as requiring Providers to pass on communications from Customers to Requestors verbatim; it just says that the Requestor must be informed of the reasons for the objection by the Customer. But if you want to add a clause to III(E) to make that more clear, that’s fine. Would this tweak do it: “If refusal to disclose is based on objection to disclosure by the Customer, Provider must inform Requestor of the reasons for objection, though Provider need not do so by relaying Customer’s objection verbatim.”? Looking forward to the call on Tuesday. Thanks. Todd. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Phil Corwin Sent: Tuesday, March 03, 2015 9:53 AM To: Carlton Samuels; Kathy Kleiman Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns Good observations, Kathy. Worthy of discussion. Philip S. Corwin, Founding Principal Virtualaw LLC 1155 F Street, NW Suite 1050 Washington, DC 20004 202-559-8597/Direct 202-559-8750/Fax 202-255-6172/cell Twitter: @VlawDC "Luck is the residue of design" -- Branch Rickey From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Carlton Samuels Sent: Tuesday, March 03, 2015 9:35 AM To: Kathy Kleiman Cc: PPSAI Subject: Re: [Gnso-ppsai-pdp-wg] Updated document re disclosure standards - some comments and concerns Thanks for the heavy lifting here Kathy. I belatedly read the document and I can tell you now your arguments are compelling. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= On Mon, Mar 2, 2015 at 5:59 PM, Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> wrote: Hi All, First, thank you, Steve, Graeme and All. I know a lot of people have spent a lot of time in the IP and Registrar Communities working on this draft. Tx you – and appreciate your invitation to comments and concerns! I have reviewed the Draft carefully and have some initial comments to share. Although I spoke with people in the WG while preparing them, these comments are my own.(If there is problem with the formatting below, please let me know.) 1. General Comments a. `Let’s make the wording more neutral. Let’s add “alleged” or “claimed” in all references of infringement (e.g., trademarks, copyrights of domain names/websites. Another good term would be “claimed infringement” -- which is the one used in similar sections of the Digital Millennium Copyright Act to the sections we are working on here. 2. More substantive comments a. Are we missing levels of protections for the Customer/Registrant? In the Digital Millennium Copyright Act (DMCA), there were two levels of protections for the “users.” i. The first was sanctions for misrepresentation. Basically, any company which knowingly materially misrepresents that material or activity is infringing is liable for damages, including costs and attorney fees caused from injury resulting from the misrepresentation. Don’t we need similar sanctions here? ii. A much higher bar for revealing the identity of the alleged infringer. The DMCA allows rapid takedown based on statements very similar to the one we proposing, but Reveal is a whole different story. The standard is much higher and goes through Court. Thus US Copyright Code, Sec 512(h), requires a subpoena to reveal data: a. [Section 512] “(h) SUBPOENA TO IDENTIFY INFRINGER- `(1) REQUEST- A copyright owner or a person authorized to act on the owner's behalf may request the clerk of any United States district court to issue a subpoena to a service provider for identification of an alleged infringer in accordance with this subsection… Shouldn’t we have a higher standard too? It seems important to balance the rights of both sides, including whether the Allegation of Illegality sufficiently outweighs the Privacy Interests and Rights of the Battered Women’s Shelter, Online Magazine or Bloggers posting unpopular views of corruption. iii. A deep concern about default. As I read the rules, if you don’t respond, you lose and your data is revealed. But this is a problem because we can think of many reasons why Customers/Registrants would not respond. For example: a. Request came at the beginning of August, b. Request disappeared into spam; c. Registrant/Customer is unable to respond (perhaps language barriers); and/or d. Registrant/Customer is scared to respond. 2. I would submit that in something as important as revealing identity and physical locations, there should be no automatic default. It is completely possible that a) the allegations are incorrect on their face (no jurisdictional overlap, for example), or b) that there are clear defenses on “its face,” e.g., on the website. Thus, an anti-bullying group may post the copyrighted logo of a gang engaging in bullying (or worse) in a local school or neighborhood; is so, the gang’s allegation of copyright infringement could be clearly weighed against the “safe neighborhoods for all” activity taking place on the website. Similarly, an online publication in Europe may have every right to use the logo and trademark of a large multinational it is criticizing, or the image of Mohammed, without having its identity and address revealed without due process. Ditto for a battered women’s shelter posting a copyright logo, motto or design and urging women to watch for it and those bearing it. Due process is not automatic default, but a full and fair review of the website and other reachable information, even if the Customer/Registrant is unable to respond for herself or himself. 3. Option: we might consider Third Party or Independent Review. This is something that Steve and Graeme’s draft have already suggested for rejections of IP Owner Requests. It could serve Customers too by creating a review of default situations – or perhaps an independent forum for Service Providers who choose to outsource this difficult evaluation. iv. Privacy of communication between Customers and their Providers . The rules of Section III(A) seem to bar private communication with your Provider. Everything a Customer/Registrant might write to their Provider must be passed on verbatim (if I read this correctly). But that’s a problem for those with English as a second language (or third) or those without lawyers, and those simply trying to explain in clear and informal language to explain this situation. 0What will happen, I am concerned, is that whatever informal response a Customer provides to its Provider will operate (unintended) as an Admission Against Interest or an unintended Waiver. Further, the Customer/Registrant might inadvertently reveal a bit about their identity or even location – trying to explain their position clearly to the Provider – and this should not be passed on to the Requester automatically either. I am not sure of th answer here as IP Owners should know something about the response, but not necessarily the full communication of the Customer (e.g., he is stalking me). Thanks for reading! Best, Kathy On 3/2/2015 9:54 AM, Metalitz, Steven wrote: PPSAI WG members, Attached please find an updated version of the document Graeme and I circulated prior to last week’s meeting. This updated version includes three or four wording tweaks, intended to reflect the discussion on last week’s call. Looking forward to further discussion on tomorrow’s call. Steve Metalitz From: <Metalitz>, Steven <met@msk.com<mailto:met@msk.com>> Date: Monday, February 23, 2015 at 11:57 To: "'PPSAI (gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>)'" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Category F -- updated status report and text for discussion PPSAI WG members, This follows up on our note of Feb. 3 providing a status report on subgroup discussions among some IP interests and p/p service providers regarding p/p disclosure standards. To reiterate, the group’s work is not meant to obviate or displace the work of the larger PPSAI WG on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. In light of further consideration and of the need to move forward the WG discussion on Category F, we present the attached document that we hope will help provide a framework for discussion of the disclosure issue in the WG. We emphasize that this is not a proposal from IPC, the Registrar Stakeholder Group, or any subset of either, and that we fully anticipate the text to be modified and improved through further discussion at the WG level. (We also acknowledge that the WG may find the proposal wholly unsatisfactory but hope that it will at least help advance debate.) The attached is put forward as a starting point, to use intellectual property infringement complaints as one illustrative example of minimum disclosure standards, in a framework that addresses (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. We look forward to the discussion of this document among WG members. Graeme Bunton Steve Metalitz From: Metalitz, Steven Sent: Tuesday, February 03, 2015 3:57 PM To: PPSAI (gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>) Subject: Category F -- status report Dear WG colleagues, As you know, several PPSAI Working Group members, including representatives of the IPC and privacy and proxy service providers, have endeavored to develop a collaborative proposal on the minimum standards for disclosure (Category F). The group’s work is not meant to obviate or displace the work of the larger group on this issue – rather, it is meant to constructively contribute to the discussion by producing one proposal on this issue for the larger group’s consideration. This is an update on this sub-group’s progress. But first, a little background: At the face-to-face meeting of the PPSAI Working Group in Los Angeles on October 10, 2014, one important topic was minimum standards for disclosure of contact information of customers of privacy/proxy services who may or may not be using their private domain name registrations to carry out infringing or other abusive activities. Prior to the face-to-face meeting, IPC participants in the Working Group circulated a proposal on this topic. A responsive redline was circulated to the WG by Volker Greimann. Following extensive discussion of these proposals and of the topic in general at the face-to-face meeting, a sub-group of WG participants have continued this discussion. The sub-group includes participants from the IPC and privacy/proxy service providers. Meeting by teleconference and working over e-mail, the sub-group has sought to develop a text that could be jointly presented to the PPSAI Working Group as a framework for further discussion on the issue of standards for disclosure. Some progress has been made, and the sub-group is continuing its efforts with the goal of producing a document for presentation to the PPSAI Working Group as soon after the Singapore ICANN meeting as feasible. If such a document is completed, it is hoped that it would be a constructive contribution to eventual WG approval of a set of recommendations on “Category F” for inclusion in the Draft Report of the WG. Unlike the documents discussed by the full WG last October, the framework under discussion does not purport to establish a single general policy for when disclosure of contact information in cases of alleged abusive activities would be available. Instead, it seeks to focus more narrowly on intellectual property infringement complaints as one illustrative example of minimum disclosure standards. The framework would describe (1) a service provider process for intake of requests; (2) general templates that requests would have to meet in order to trigger service provider action; and (3) principles governing service provider action in response to a conforming request. While considerable progress has been made in the first two areas, a number of critical issues remain to be resolved in the third area, and discussion has not been concluded on any of the areas. The expressed common goal of the discussion group participants is a framework that would give requestors a higher degree of certainty and predictability as to if, when and how they could obtain what level of disclosure; that would preserve for service providers a sufficient degree of flexibility and discretion in acting upon requests for disclosure; and that would include reasonable safeguards and procedures to protect the legitimate interests of customers of accredited proxy/privacy service providers. Of course, balancing these interests is the difficult task before our working group. As stated, participants in the discussion group hope to be able to make a constructive contribution to the WG’s efforts to do so. Graeme Bunton Steve Metalitz _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com> Version: 2015.0.5646 / Virus Database: 4299/9172 - Release Date: 02/24/15 Internal Virus Database is out of date.