Thank you, Volker, for the initial proposal, and Todd for clarifying it. Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. Just an initial thought; reserving comment on the remainder of points raised both by Volker and Todd for Tuesday's call. Look forward to hearing everyone's ideas on the proposal. Val, Jim and David Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org [gnso-ppsai-pdp-wg-bounces@icann.org] on behalf of Williams, Todd [Todd.Williams@turner.com] Sent: Friday, August 15, 2014 2:39 PM To: Volker Greimann; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thank you for this proposal Volker – very useful for moving the discussion ahead, as you noted. There’s quite a bit to unpack here, so let me take one specific part of it while reserving comment/judgment on the rest; specifically, this sentence: “Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications.” Of course, saying that a Service Provider may refuse to forward certain enumerated categories of communications implies that the Service Provider may not refuse to forward a communication that does not fall into one of those enumerated categories. So as I read it (and correct me if this is wrong), that seems consistent with Option #1 from the attached. In fact, it simply seems to be a further elucidation of the term “abusive communications” from Option 1; if it was a redline, it would read: “A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam, and other forms of abusive communications. duplicate messages, purchase or business inquiries, harassing communications, anonymous communications and/or unwanted communications.” Assuming that reading is correct, then I think what we’d be left to debate as a working group would be: what enumerated exceptions (to the general default rule of relay) do we think are appropriate? My main thought is only that notices that include a legal claim should not be included among those enumerated exceptions. But beyond that, here are some initial thoughts on each of the exceptions that you’ve proposed (again, all subject to further discussion): · Spam: I think we all agree on that. · Duplicate messages: my only question on this is how is it defined? A certain number of messages from the same sender within a defined timeframe (e.g., 24 hours)? · Purchase or business inquiries: I confess that I don’t quite understand this one. What is the rationale for this exception? Wouldn’t the Beneficial Owner want to receive these? · Harassing communications: again, my question would be how is “harassing” defined? · Anonymous communications: I don’t necessarily have a problem with this. · Unwanted communications: I think this one is the most problematic exception proposed, and is a non-starter, for several reasons, at least one of which is that it would seem to include notices that include a legal claim (because who really “wants” to receive those?). Those are my initial thoughts at least; I look forward to hearing what everybody else thinks. Todd. From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Wednesday, August 13, 2014 5:28 AM To: gnso-ppsai-pdp-wg@icann.org Subject: [Gnso-ppsai-pdp-wg] Proposal contactability As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant. As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate. Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion: "Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider<mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name<mailto:string@domain.name> or domain.name@service.provider<mailto:domain.name@service.provider>) ... ... Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received. Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication." All subject to further discussion, ofc. I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker

By definition, the jurisdiction of the registrant (p/p service customer) is generally unknown to the third party at the time the relay request for the legal claim is made. A registrant is definitely better off knowing about a "foreign" legal claim. That is a separate question from whether a foreign court can claim jurisdiction over the registrant for that claim - which is often a very complicated question that is by no means limited to where the registrant is physically present. Finally, please, no one is "required to read" anything that is relayed to them. I think that is common ground that was established much earlier in our discussion. From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Monday, August 18, 2014 1:15 PM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, just as a counterpoint, I do not believe it should be "any jurisdiction". I would accept jurisdiction of the registrant, the service provider and (if affiliated) the registrar, but thats where it stops. Why should a registrant based in Dubai be required to be bothered by a US legal instrument that is not legally binding on him? Why should a US registrant be required to read a Saudi legal complaint? Best, Volker Am 18.08.2014 19:03, schrieb Valeriya Sherman: Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Our job is to recommend accreditation standards for today's world, not for what may be the case if/when EWG recommendations are implemented. The "harm" inflicted by having something appear in one's mailbox needs to be kept in context. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, August 18, 2014 2:16 PM To: Metalitz, Steven; Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Steve, this is currently the case, but I believe one of the suggestions of the EWG was that the country of the registrants residency be a field that is always published. An I maybe misphrased the "required to read". I meant it to mean "to have appear in his mailbox". Volker Am 18.08.2014 20:05, schrieb Metalitz, Steven: By definition, the jurisdiction of the registrant (p/p service customer) is generally unknown to the third party at the time the relay request for the legal claim is made. A registrant is definitely better off knowing about a "foreign" legal claim. That is a separate question from whether a foreign court can claim jurisdiction over the registrant for that claim - which is often a very complicated question that is by no means limited to where the registrant is physically present. Finally, please, no one is "required to read" anything that is relayed to them. I think that is common ground that was established much earlier in our discussion. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Monday, August 18, 2014 1:15 PM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, just as a counterpoint, I do not believe it should be "any jurisdiction". I would accept jurisdiction of the registrant, the service provider and (if affiliated) the registrar, but thats where it stops. Why should a registrant based in Dubai be required to be bothered by a US legal instrument that is not legally binding on him? Why should a US registrant be required to read a Saudi legal complaint? Best, Volker Am 18.08.2014 19:03, schrieb Valeriya Sherman: Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

I should have read everything in the thread before responding. I see your point, Volker. However, I would be more inclined to agree if we were looking at something that it’s reasonable to expect will happen. Not to insult any of our dual PPSAI/EWG members, but I don’t think that can be said about any of the EWG recommendations now. It’s too early in its review process. As I said before, our work is complicated enough as it is. I suggest dealing with the world we have now allowing for reasonably certain new developments. Don’t ask me what they might be. Don From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 18, 2014 at 2:28 PM To: Steven Metalitz <met@msk.com<mailto:met@msk.com>>, Valeriya Sherman <VSherman@sgbdc.com<mailto:VSherman@sgbdc.com>>, "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Steven, I disagree, because I am a strong believer in "building for the future". I would hope that we can come up with policy recommendations that will not be made obsolete in a few years time but rather form a basis for future considerations. Therefore suggesting policy that would work with already proposed future regimes is not only helpful, but rather strongly advisable. I also see a very concrete harm in being required to receive unsolicited communications that are like spam to me. Having to claer out spam and unsolicited communications ot of my personal work mailbox takes at least ten minutes out of each workday and that is after the spam-filters have worked their magic. I therefore understand anyone who desired that unwanted communications should be kept to a minimum. Best, Volker Am 18.08.2014 20:21, schrieb Metalitz, Steven: Our job is to recommend accreditation standards for today’s world, not for what may be the case if/when EWG recommendations are implemented. The “harm” inflicted by having something appear in one’s mailbox needs to be kept in context. From: Volker Greimann [mailto:vgreimann@key-systems.net] Sent: Monday, August 18, 2014 2:16 PM To: Metalitz, Steven; Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Steve, this is currently the case, but I believe one of the suggestions of the EWG was that the country of the registrants residency be a field that is always published. An I maybe misphrased the "required to read". I meant it to mean "to have appear in his mailbox". Volker Am 18.08.2014 20:05, schrieb Metalitz, Steven: By definition, the jurisdiction of the registrant (p/p service customer) is generally unknown to the third party at the time the relay request for the legal claim is made. A registrant is definitely better off knowing about a “foreign” legal claim. That is a separate question from whether a foreign court can claim jurisdiction over the registrant for that claim – which is often a very complicated question that is by no means limited to where the registrant is physically present. Finally, please, no one is “required to read” anything that is relayed to them. I think that is common ground that was established much earlier in our discussion. From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Monday, August 18, 2014 1:15 PM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, just as a counterpoint, I do not believe it should be "any jurisdiction". I would accept jurisdiction of the registrant, the service provider and (if affiliated) the registrar, but thats where it stops. Why should a registrant based in Dubai be required to be bothered by a US legal instrument that is not legally binding on him? Why should a US registrant be required to read a Saudi legal complaint? Best, Volker Am 18.08.2014 19:03, schrieb Valeriya Sherman: Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

We already get wrapped around enough axles. Let me suggest that we work on the basis of what we have now and what might happen in a couple of years. Don From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 18, 2014 at 2:16 PM To: Steven Metalitz <met@msk.com<mailto:met@msk.com>>, Valeriya Sherman <VSherman@sgbdc.com<mailto:VSherman@sgbdc.com>>, "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Steve, this is currently the case, but I believe one of the suggestions of the EWG was that the country of the registrants residency be a field that is always published. An I maybe misphrased the "required to read". I meant it to mean "to have appear in his mailbox". Volker Am 18.08.2014 20:05, schrieb Metalitz, Steven: By definition, the jurisdiction of the registrant (p/p service customer) is generally unknown to the third party at the time the relay request for the legal claim is made. A registrant is definitely better off knowing about a “foreign” legal claim. That is a separate question from whether a foreign court can claim jurisdiction over the registrant for that claim – which is often a very complicated question that is by no means limited to where the registrant is physically present. Finally, please, no one is “required to read” anything that is relayed to them. I think that is common ground that was established much earlier in our discussion. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Volker Greimann Sent: Monday, August 18, 2014 1:15 PM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, just as a counterpoint, I do not believe it should be "any jurisdiction". I would accept jurisdiction of the registrant, the service provider and (if affiliated) the registrar, but thats where it stops. Why should a registrant based in Dubai be required to be bothered by a US legal instrument that is not legally binding on him? Why should a US registrant be required to read a Saudi legal complaint? Best, Volker Am 18.08.2014 19:03, schrieb Valeriya Sherman: Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

"A 'legal communication' is certainly something we would have to carefully define as a group” prompsed this reminder to keep what’s policy vs implementation in mind. Details can be useful in deciding if a policy is viable but we’re limited in the level of what should be in any policy recommendation. Don From: Valeriya Sherman <VSherman@sgbdc.com<mailto:VSherman@sgbdc.com>> Date: Monday, August 18, 2014 at 1:03 PM To: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>, PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Volker, A "legal communication" is certainly something we would have to carefully define as a group, but as a starting point, I would define it as any communication by an individual or entity that asserts a problem connected to the ownership or use of a domain name by the beneficial registrant based on and citing the laws of any jurisdiction. The communication need not threaten a lawsuit, or be made by a law firm to constitute a "legal communication." The communication would be submitted via the accepted, to-be-determined means of communication. Best, Val Valeriya Sherman Silverberg, Goldman & Bikoff, L.L.P. 1101 30th Street, N.W. Suite 120 Washington, D.C. 20007 Tel 202.944.3300 Cell 303.589.7477 vsherman@sgbdc.com<mailto:vsherman@law.gwu.edu> ________________________________ From: Volker Greimann [vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>] Sent: Monday, August 18, 2014 10:08 AM To: Valeriya Sherman; Williams, Todd; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Valeriya, Another narrower approach would be to ensure that all communications that contain legal complaints are relayed without exception. To be clear, under this approach, there would be no content evaluation, other than to determine that any given communication is or contains a legal complaint. What is a legal communication though? Does it have to include a threat of a law suit? Does it have to include formal legal representation by a law firm? Also, this should be limited to the means of communication offered by the service provider, i.e. if postal relay is not offered, legal communications by postal mail would face the same fate as spam, i.e. the bin... Best, volker

Hi James, starting the discussion was my main intent, as we were losing ourselves in potentialities and small-small...

Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others. No worries ;-)

First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay —all—reports. This treats the P/P email point of contact as an email “alias” for the beneficial user’s real address, and completely defeats the purpose of the service (most of our P/P customers engage the service to avoid being spammed). I agree in as much as there should not be a requirement to attempt to filter by content, however it should be an option for a value-added service. So for example while a basic service might forward everything but obvious spam, a premium service might screen all communications. I would suggest that content filtering should be an allowed option, but not an obligation. I favor an approach that is modeled after ICANN’s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting – an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system. I like this, although this would require that all services cooperate in maintaining such a list or would have to relegate this to a third party such as ICANN. If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts. In many ways, RDS as proposed would make privacy services less needed anyway as data could be hidden as a basic setting.

Best, Volker

Dear all, To aid in further discussions on the points several WG members have raised in response to Volker¹s proposal, the WG Chairs have requested that staff circulate an updated Category E summary document, containing the fundamental questions currently being discussed on this list and the WG calls on Relay/Reveal. Essentially the attached is an update of the summary document previously circulated on E-1. Attached also are the most recent E-1 and E-2 templates. In light of the ongoing list discussion, the proposed agenda for the meeting on Tuesday 19 August is therefore: 1. Roll Call/Updates to SOIs 2. Finalize discussions on Category E 3. Next steps We will have all the attached documents and Volker¹s proposal on hand in the Adobe Connect room for the meeting. Please continue to circulate your suggestions, questions and comments on any of these to the list prior to the call! Cheers Mary From: <Williams>, Todd <Todd.Williams@turner.com> Date: Monday, August 18, 2014 at 11:19 AM To: "James M. Bladel" <jbladel@godaddy.com>, Volker Greimann <vgreimann@key-systems.net>, "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed ­ why is that objective/purpose not sufficiently protected by a standard that says ³A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam.²?

By asking the question I don¹t necessarily mean to make a judgment on your ³access whitelist² idea. I¹m just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in.

Thanks.

TW.

From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of James M. Bladel Sent: Sunday, August 17, 2014 6:23 PM To: Volker Greimann; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others.

First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay ‹all‹reports. This treats the P/P email point of contact as an email ³alias² for the beneficial user¹s real address, and completely defeats the purpose of the service (most of our P/P customers engage the service to avoid being spammed).

I favor an approach that is modeled after ICANN¹s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting ­ an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system.

If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts.

Look forward to continuing our discussions on this point on Tuesday.

Thanks‹

J.

From: Volker Greimann <vgreimann@key-systems.net> Date: Wednesday, August 13, 2014 at 4:27 To: "gnso-ppsai-pdp-wg@icann.org" <gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposal contactability

As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant.

As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate.

Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion:

"Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name or domain.name@service.provider) ... ...

Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received.

Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication."

All subject to further discussion, ofc.

I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> / www.BrandShelter.com <http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net <http://www.key-systems.net> / www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> / www.BrandShelter.com <http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

All, Regarding our discussion toward the end of today's call concerning differentiating between a limited disclosure or reveal of registrant identity to a particular third party versus revealing or publishing the registrant identity in the Whois: I was looking back at some early drafts of our Work Plan, and we had proposed making "Reveal" and "Publication" distinct and separate categories (in our draft, they would have been Category F, Reveal, and Category G, Publication; see the attached draft from back in January). For whatever reason, this proposal was not adopted into our final Work Plan, which only contains the single "Reveal" category (Category F) (re-attaching the final version here for ease of reference). The footnote in the Work Plan (Footnote 8) points to the definition of "Reveal" as it is defined in the "GNSO’s Terms of Reference for Whois studies," which I am having trouble locating. Can someone locate this particular definition and share with the group? It may help us establish the terms we will use moving forward to refer to the disclosure of registrant identity to a particular third party (which in my mind is a "Reveal") versus the placement of the registrant identity/contact info in the Whois, thereby replacing the Privacy/Proxy information (which in my mind is a "Publication"). I agree that distinguishing between these types of actions is critical. Hope this is helpful. Thanks, Griffin Griffin M. Barnett Silverberg, Goldman & Bikoff, LLP 1101 30th Street NW Suite 120 Washington, DC 20007 (202) 944-3307 gbarnett@sgbdc.com ________________________________ From: gnso-ppsai-pdp-wg-bounces@icann.org [gnso-ppsai-pdp-wg-bounces@icann.org] on behalf of Don Blumenthal [dblumenthal@pir.org] Sent: Monday, August 18, 2014 12:28 PM To: Mary Wong; gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks, Mary. These documents are for reference for now. We will start the call around on the thread related to Volker’s proposal since it covers so many of the issues. The initial focus will be on email relay questions. Thanks to Volker for raising a concrete framework for discussion and to those who carried the conversation forward since last Tuesday. Email discussion and mid-week drafting are critical if we plan to stay close to our schedule. Talk to you tomorrow. Don From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Monday, August 18, 2014 at 12:10 PM To: PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Dear all, To aid in further discussions on the points several WG members have raised in response to Volker’s proposal, the WG Chairs have requested that staff circulate an updated Category E summary document, containing the fundamental questions currently being discussed on this list and the WG calls on Relay/Reveal. Essentially the attached is an update of the summary document previously circulated on E-1. Attached also are the most recent E-1 and E-2 templates. In light of the ongoing list discussion, the proposed agenda for the meeting on Tuesday 19 August is therefore: 1. Roll Call/Updates to SOIs 2. Finalize discussions on Category E 3. Next steps We will have all the attached documents and Volker’s proposal on hand in the Adobe Connect room for the meeting. Please continue to circulate your suggestions, questions and comments on any of these to the list prior to the call! Cheers Mary From: <Williams>, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 11:19 AM To: "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed – why is that objective/purpose not sufficiently protected by a standard that says “A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam.”? By asking the question I don’t necessarily mean to make a judgment on your “access whitelist” idea. I’m just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in. Thanks. TW. From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of James M. Bladel Sent: Sunday, August 17, 2014 6:23 PM To: Volker Greimann; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others. First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay —all—reports. This treats the P/P email point of contact as an email “alias” for the beneficial user’s real address, and completely defeats the purpose of the service (most of our P/P customers engage the service to avoid being spammed). I favor an approach that is modeled after ICANN’s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting – an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system. If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts. Look forward to continuing our discussions on this point on Tuesday. Thanks— J. From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Wednesday, August 13, 2014 at 4:27 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] Proposal contactability As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant. As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate. Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion: "Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider<mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name<mailto:string@domain.name> or domain.name@service.provider<mailto:domain.name@service.provider>) ... ... Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received. Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication." All subject to further discussion, ofc. I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

As an alternative possibility so we don’t have issues with the general topic of reveal during our discussions, publish/disclose? From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Tuesday, August 19, 2014 at 4:29 PM To: PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hello Griffin and everyone, The terms used to describe “Reveal” in prior GNSO work on Whois and referred to in the document Griffin mentions were as follows: THE GNSO’S TERMS OF REFERENCE FOR PROPOSED PRIVACY/PROXY RELAY/REVEAL STUDY (SEPTEMBER 2010: http://gnso.icann.org/issues/whois/whois-proxy-privacy-relay-reveal-studies-...) * For many domains (including those registered via Privacy services), the Registered Name Holder's identity is published directly in WHOIS. However, for domains registered via Proxy services, the name of the licensee is not published in WHOIS; third party licensees can typically only be identified by asking the Proxy to reveal the licensee's identity, given reasonable evidence of actionable harm THE RELAY & REVEAL PRE-FEASIBILITY SURVEY REPORT (INTERISLE CONSULTING; AUGUST 2012:http://gnso.icann.org/en/issues/whois/whois-pp-survey-final-report-22aug12-e...) * For Reveal Handling - For many domains (including those registered via Privacy services), the Registered Name Holder’s identity is published directly in WHOIS. However, for domains registered via Proxy services, the name of the licensee is not published in WHOIS; third party licensees can typically be identified only by asking the Proxy to reveal the licensee’s identity. Note that these are not “definitions” as the word is commonly understood. The Whois Review Team referred to the GNSO’s Whois studies in its Final Report but did not define it further. As Griffin also highlights, this WG did discuss the terminology surrounding “Reveal” in its early discussions about grouping the Charter questions. Having reviewed the transcripts for some of those meetings, I can confirm that the WG discussed the distinction between the “publication” of contact details/identity in Whois and the “disclosure” of those contact details/identity to another person. In relation to the proposed Publication category for the final grouping of Charter questions, some WG member were of the opinion that instead of creating a separate category that risked the WG further expanding its scope of work, the topic could generally be covered by discussions related to Reveal, including the consequences of terminating a proxy customer’s service As such, this WG might wish to develop working definitions for certain terms associated with the various acts that have hitherto been generally described as a Reveal – for instance, “publication” could mean the disclosure of a person’s (I.e. the licensee or beneficial owner) identity/contact details in the Whois system, whereas “reveal” could mean the disclosure of that person’s identity/contact details to a third party requestor. I hope this is helpful. Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4892 Email: mary.wong@icann.org<mailto:mary.wong@icann.org> From: "GBarnett@sgbdc.com<mailto:GBarnett@sgbdc.com>" <GBarnett@sgbdc.com<mailto:GBarnett@sgbdc.com>> Date: Tuesday, August 19, 2014 at 11:30 AM To: Don Blumenthal <dblumenthal@pir.org<mailto:dblumenthal@pir.org>>, Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: RE: [Gnso-ppsai-pdp-wg] Proposal contactability All, Regarding our discussion toward the end of today's call concerning differentiating between a limited disclosure or reveal of registrant identity to a particular third party versus revealing or publishing the registrant identity in the Whois: I was looking back at some early drafts of our Work Plan, and we had proposed making "Reveal" and "Publication" distinct and separate categories (in our draft, they would have been Category F, Reveal, and Category G, Publication; see the attached draft from back in January). For whatever reason, this proposal was not adopted into our final Work Plan, which only contains the single "Reveal" category (Category F) (re-attaching the final version here for ease of reference). The footnote in the Work Plan (Footnote 8) points to the definition of "Reveal" as it is defined in the "GNSO’s Terms of Reference for Whois studies," which I am having trouble locating. Can someone locate this particular definition and share with the group? It may help us establish the terms we will use moving forward to refer to the disclosure of registrant identity to a particular third party (which in my mind is a "Reveal") versus the placement of the registrant identity/contact info in the Whois, thereby replacing the Privacy/Proxy information (which in my mind is a "Publication"). I agree that distinguishing between these types of actions is critical. Hope this is helpful. Thanks, Griffin Griffin M. Barnett Silverberg, Goldman & Bikoff, LLP 1101 30th Street NW Suite 120 Washington, DC 20007 (202) 944-3307 gbarnett@sgbdc.com ________________________________ From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org>] on behalf of Don Blumenthal [dblumenthal@pir.org<mailto:dblumenthal@pir.org>] Sent: Monday, August 18, 2014 12:28 PM To: Mary Wong; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks, Mary. These documents are for reference for now. We will start the call around on the thread related to Volker’s proposal since it covers so many of the issues. The initial focus will be on email relay questions. Thanks to Volker for raising a concrete framework for discussion and to those who carried the conversation forward since last Tuesday. Email discussion and mid-week drafting are critical if we plan to stay close to our schedule. Talk to you tomorrow. Don From: Mary Wong <mary.wong@icann.org<mailto:mary.wong@icann.org>> Date: Monday, August 18, 2014 at 12:10 PM To: PPSAI <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Dear all, To aid in further discussions on the points several WG members have raised in response to Volker’s proposal, the WG Chairs have requested that staff circulate an updated Category E summary document, containing the fundamental questions currently being discussed on this list and the WG calls on Relay/Reveal. Essentially the attached is an update of the summary document previously circulated on E-1. Attached also are the most recent E-1 and E-2 templates. In light of the ongoing list discussion, the proposed agenda for the meeting on Tuesday 19 August is therefore: 1. Roll Call/Updates to SOIs 2. Finalize discussions on Category E 3. Next steps We will have all the attached documents and Volker’s proposal on hand in the Adobe Connect room for the meeting. Please continue to circulate your suggestions, questions and comments on any of these to the list prior to the call! Cheers Mary From: <Williams>, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 11:19 AM To: "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed – why is that objective/purpose not sufficiently protected by a standard that says “A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam.”? By asking the question I don’t necessarily mean to make a judgment on your “access whitelist” idea. I’m just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in. Thanks. TW. From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of James M. Bladel Sent: Sunday, August 17, 2014 6:23 PM To: Volker Greimann; gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others. First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay —all—reports. This treats the P/P email point of contact as an email “alias” for the beneficial user’s real address, and completely defeats the purpose of the service (most of our P/P customers engage the service to avoid being spammed). I favor an approach that is modeled after ICANN’s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting – an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system. If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts. Look forward to continuing our discussions on this point on Tuesday. Thanks— J. From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Wednesday, August 13, 2014 at 4:27 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] Proposal contactability As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant. As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate. Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion: "Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider<mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name<mailto:string@domain.name> or domain.name@service.provider<mailto:domain.name@service.provider>) ... ... Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received. Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication." All subject to further discussion, ofc. I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net>www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Hi Susan, I do not see it as necessarily as a different treatment. The registrant is still required to provide accurate and reliable contact details, these details are just not published. Just in the same way I can have a functioning email address but route undesired mails to the trashcan automatically prior to retrieving the mails, so can other automated or manual means be employed to filter undesired communications. A privacy service is just another of those means. Can the data the registrant be provided be relied upon? Of course, since the service provider needs to be able to contact them. In case of a full or partial reveal, the data will be revealed as reliable. Accurate and reliable date does not suddenly become unreliable data by the mere fact that it is hidden. The data is just as reliable or unreliable whether it is public or hidden. If I as a registrant wanted to build my details in a way that any mail sent to me would be met with an automated responder that instructs the sender to fill in a webform, that would be perfectly fine. Sure, I cannot be reached through that address, but I can be contacted. Why should privacy services be different? Best, Volker Am 18.08.2014 18:24, schrieb Susan Kawaguchi:

What I do not understand is why a proxy registration should be treated so differently than the other 75% of gTld domain name registrations?

In the 2013 RAA section 3.7.7.1 it states the following:

3.7.7.1 The Registered Name Holder shall provide to Registraraccurate and reliable contact details and correct and update them within seven (7) days of any change during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

Creating a new method of contacting the registered name holder and underlying licensee or not relaying communications via email or to the postal address does not appear to fulfill the requirement of “accurate and reliable contact details”

A proxy registration information may be accurate but currently the information fails as reliable contact details.

Requiring a webform be filled out and submitted to contact the Registered name holder and underlying licensee when the other 75% of gTld domain name registrations are required to have a reliable email address and postal address sets the proxy registrations apart. The webform is not listed as a requirement in section 3. 7.7.1. Why would we afford this special treatment to the proxy registrations?

I realize the service has developed in this manner but it is also the reason we are continuing to discuss this issue.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

Phone - 650 485-6064

From: <Williams>, Todd <Todd.Williams@turner.com <mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 8:19 AM To: "James M. Bladel" <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed – why is that objective/purpose not sufficiently protected by a standard that says “A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam.”?

By asking the question I don’t necessarily mean to make a judgment on your “access whitelist” idea. I’m just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in.

Thanks

TW.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *James M. Bladel *Sent:* Sunday, August 17, 2014 6:23 PM *To:* Volker Greimann; gnso <mailto:gnso-ppsai-pdp-wg@icann.org>(most of our P/P customers engage the service to avoid being spammed).

*Subject:* Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others.

First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay —all—reports. This treats the P/P email point of contact as an email “alias” for the beneficial user’s real address, and completely defeats the purpose of the service

I favor an approach that is modeled after ICANN’s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting – an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system.

If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts.

Look forward to continuing our discussions on this point on Tuesday.

Thanks—

J.

*From: *Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> *Date: *Wednesday, August 13, 2014 at 4:27 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *[Gnso-ppsai-pdp-wg] Proposal contactability

As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant.

As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate.

Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion:

/"Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider <mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name <mailto:string@domain.name> or domain.name@service.provider <mailto:domain.name@service.provider>) ... ...

Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received.

Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication."/

All subject to further discussion, ofc.

I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

First off, this has been an excellent discussion. Thanks again to Volker for giving us something to focus on. A couple of my own thoughts below: - In regards to the accurate and reliable below, I believe what Volker is saying is that under the 2013 RAA we know that either phone or email for a registrant is going to be verified. As such the service provider will have some record that either is reliable. This doesn't necessarily mean (at least, until we've settled this discussion) that it's accessible to 3rd parties. - I'm interested in James' idea of the reporters having to identify themselves when submitting a request. It gives the service provider greater insight into the system, allows for the mitigation of abuse, and could provide the submitter with information on when their requests were submitted, possibly including successful delivery. Submitters in any relay scenario are not anonymous, as even full and automatic email relay could log sending email address, ip etc. This seems like it might increase accountability on both sides. - Lastly, I think it's worth pointing out that legal claims have been, and continue to be used (and abused) as a method of curtailing free speech. There are numerous cases of the DMCA being used as such, which is why organizations like chillingeffects.org exist. I know of hosting providers receiving hundreds of thousands of spurious, generated complaints. We need to be able to deal with such scenarios. Thanks Graeme On 8/18/2014 2:29 PM, Susan Kawaguchi wrote:

Hi Volker,

Please see my comments in red.

I do appreciate the discussion.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

Phone - 650 485-6064

From: Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> Date: Monday, August 18, 2014 at 10:27 AM To: Susan Kawaguchi <susank@fb.com <mailto:susank@fb.com>>, "Williams, Todd" <Todd.Williams@turner.com <mailto:Todd.Williams@turner.com>>, "James M. Bladel" <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>, "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Hi Susan,

I do not see it as necessarily as a different treatment. The registrant is still required to provide accurate and reliable contact details, these details are just not published. Just in the same way I can have a functioning email address but route undesired mails to the trashcan automatically prior to retrieving the mails, so can other automated or manual means be employed to filter undesired communications. A privacy service is just another of those means.

If a proxy service provides an email address in the WHOIS record but nothing is relayed or only emails that hit a very narrow criteria beyond the spam filters that would not equate to reliable contact details in my opinion.

Can the data the registrant be provided be relied upon? Of course, since the service provider needs to be able to contact them. In case of a full or partial reveal, the data will be revealed as reliable. Accurate and reliable date does not suddenly become unreliable data by the mere fact that it is hidden. The data is just as reliable or unreliable whether it is public or hidden. Actually this is not my experience at all that the data provided by the underlying registrant is reliable. The information is often times inaccurate I would guess at the same inaccuracy rates of regular domain name registrations. This may have changed recently with the validation process and people becoming more aware of the need to have accurate data but I do not think we could assume the information is accurate. I do find the proxy service information to be accurate. If I as a registrant wanted to build my details in a way that any mail sent to me would be met with an automated responder that instructs the sender to fill in a webform, that would be perfectly fine. Sure, I cannot be reached through that address, but I can be contacted. Why should privacy services be different?

At least if you sent an email to admin email address and received an auto response that may act as confirmation of the email being received. A proxy vendor refusing to accept email as required by the RAA and requiring a web form be filled out is changing the purposes imposed by the RAA.

Best,

Volker

Am 18.08.2014 18:24, schrieb Susan Kawaguchi:

...

What I do not understand is why a proxy registration should be treated so differently than the other 75% of gTld domain name registrations?

In the 2013 RAA section 3.7.7.1 it states the following:

3.7.7.1 The Registered Name Holder shall provide to Registraraccurate and reliable contact details and correct and update them within seven (7) days of any change during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

Creating a new method of contacting the registered name holder and underlying licensee or not relaying communications via email or to the postal address does not appear to fulfill the requirement of "accurate and reliable contact details"

A proxy registration information may be accurate but currently the information fails as reliable contact details.

Requiring a webform be filled out and submitted to contact the Registered name holder and underlying licensee when the other 75% of gTld domain name registrations are required to have a reliable email address and postal address sets the proxy registrations apart. The webform is not listed as a requirement in section 3. 7.7.1. Why would we afford this special treatment to the proxy registrations?

I realize the service has developed in this manner but it is also the reason we are continuing to discuss this issue.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

Phone - 650 485-6064

From: <Williams>, Todd <Todd.Williams@turner.com <mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 8:19 AM To: "James M. Bladel" <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed -- why is that objective/purpose not sufficiently protected by a standard that says "A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam."?

By asking the question I don't necessarily mean to make a judgment on your "access whitelist" idea. I'm just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in.

Thanks

TW.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *James M. Bladel *Sent:* Sunday, August 17, 2014 6:23 PM *To:* Volker Greimann; gnso <mailto:gnso-ppsai-pdp-wg@icann.org>(most of our P/P customers engage the service to avoid being spammed).

*Subject:* Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others.

First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay ---all---reports. This treats the P/P email point of contact as an email "alias" for the beneficial user's real address, and completely defeats the purpose of the service

I favor an approach that is modeled after ICANN's Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting -- an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system.

If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts.

Look forward to continuing our discussions on this point on Tuesday.

Thanks---

J.

*From: *Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> *Date: *Wednesday, August 13, 2014 at 4:27 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *[Gnso-ppsai-pdp-wg] Proposal contactability

As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant.

As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate.

Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion:

/"Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider <mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name <mailto:string@domain.name> or domain.name@service.provider <mailto:domain.name@service.provider>) ... ...

Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received.

Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication."/

All subject to further discussion, ofc.

I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.netwww.domaindiscount24.com /www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystemswww.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.netwww.domaindiscount24.com /www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystemswww.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- _________________________ Graeme Bunton Information Specialist Tucows Inc. PH: 416 535 0123 ext 1634

+1 We get sent LOTS of DMCA takedowns .. They're now using them to demand link removal! ie. for SEO -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.co/ http://blog.blacknight.com/ http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Christian Dawson Sent: Tuesday, August 19, 2014 2:29 PM To: Graeme Bunton Cc: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability - Lastly, I think it's worth pointing out that legal claims have been, and continue to be used (and abused) as a method of curtailing free speech. There are numerous cases of the DMCA being used as such, which is why organizations like chillingeffects.org<http://chillingeffects.org> exist. I know of hosting providers receiving hundreds of thousands of spurious, generated complaints. We need to be able to deal with such scenarios. Just seconding this very important point. Graeme is right about DMCA being used as a tool to curtail free speech. It is just as often used as an anticompetitive tool to shut down rivals. I see this in action on a regular basis as a hosting provider. Christian Dawson Chief Operating Officer, ServInt 12001 Sunrise Valley Dr., Suite 350 | Reston, VA 20191 703.288.3530 | 800.5.SERVINT (800.573.7846) On Aug 18, 2014, at 10:19 PM, Graeme Bunton <gbunton@tucows.com<mailto:gbunton@tucows.com>> wrote: First off, this has been an excellent discussion. Thanks again to Volker for giving us something to focus on. A couple of my own thoughts below: - In regards to the accurate and reliable below, I believe what Volker is saying is that under the 2013 RAA we know that either phone or email for a registrant is going to be verified. As such the service provider will have some record that either is reliable. This doesn't necessarily mean (at least, until we've settled this discussion) that it's accessible to 3rd parties. - I'm interested in James' idea of the reporters having to identify themselves when submitting a request. It gives the service provider greater insight into the system, allows for the mitigation of abuse, and could provide the submitter with information on when their requests were submitted, possibly including successful delivery. Submitters in any relay scenario are not anonymous, as even full and automatic email relay could log sending email address, ip etc. This seems like it might increase accountability on both sides. - Lastly, I think it's worth pointing out that legal claims have been, and continue to be used (and abused) as a method of curtailing free speech. There are numerous cases of the DMCA being used as such, which is why organizations like chillingeffects.org<http://chillingeffects.org> exist. I know of hosting providers receiving hundreds of thousands of spurious, generated complaints. We need to be able to deal with such scenarios. Thanks Graeme On 8/18/2014 2:29 PM, Susan Kawaguchi wrote: Hi Volker, Please see my comments in red. I do appreciate the discussion. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. Phone - 650 485-6064 From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 18, 2014 at 10:27 AM To: Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>, "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Susan, I do not see it as necessarily as a different treatment. The registrant is still required to provide accurate and reliable contact details, these details are just not published. Just in the same way I can have a functioning email address but route undesired mails to the trashcan automatically prior to retrieving the mails, so can other automated or manual means be employed to filter undesired communications. A privacy service is just another of those means. If a proxy service provides an email address in the WHOIS record but nothing is relayed or only emails that hit a very narrow criteria beyond the spam filters that would not equate to reliable contact details in my opinion. Can the data the registrant be provided be relied upon? Of course, since the service provider needs to be able to contact them. In case of a full or partial reveal, the data will be revealed as reliable. Accurate and reliable date does not suddenly become unreliable data by the mere fact that it is hidden. The data is just as reliable or unreliable whether it is public or hidden. Actually this is not my experience at all that the data provided by the underlying registrant is reliable. The information is often times inaccurate I would guess at the same inaccuracy rates of regular domain name registrations. This may have changed recently with the validation process and people becoming more aware of the need to have accurate data but I do not think we could assume the information is accurate. I do find the proxy service information to be accurate. If I as a registrant wanted to build my details in a way that any mail sent to me would be met with an automated responder that instructs the sender to fill in a webform, that would be perfectly fine. Sure, I cannot be reached through that address, but I can be contacted. Why should privacy services be different? At least if you sent an email to admin email address and received an auto response that may act as confirmation of the email being received. A proxy vendor refusing to accept email as required by the RAA and requiring a web form be filled out is changing the purposes imposed by the RAA. Best, Volker Am 18.08.2014 18:24, schrieb Susan Kawaguchi: What I do not understand is why a proxy registration should be treated so differently than the other 75% of gTld domain name registrations? In the 2013 RAA section 3.7.7.1 it states the following: 3.7.7.1 The Registered Name Holder shall provide to Registraraccurate and reliable contact details and correct and update them within seven (7) days of any change during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8. Creating a new method of contacting the registered name holder and underlying licensee or not relaying communications via email or to the postal address does not appear to fulfill the requirement of “accurate and reliable contact details” A proxy registration information may be accurate but currently the information fails as reliable contact details. Requiring a webform be filled out and submitted to contact the Registered name holder and underlying licensee when the other 75% of gTld domain name registrations are required to have a reliable email address and postal address sets the proxy registrations apart. The webform is not listed as a requirement in section 3. 7.7.1. Why would we afford this special treatment to the proxy registrations? I realize the service has developed in this manner but it is also the reason we are continuing to discuss this issue. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. Phone - 650 485-6064 From: <Williams>, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 8:19 AM To: "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed – why is that objective/purpose not sufficiently protected by a standard that says “A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam.”? By asking the question I don’t necessarily mean to make a judgment on your “access whitelist” idea. I’m just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in. Thanks TW. From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of James M. Bladel Sent: Sunday, August 17, 2014 6:23 PM To: Volker Greimann; gnso<mailto:gnso-ppsai-pdp-wg@icann.org>(most of our P/P customers engage the service to avoid being spammed). Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others. First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay —all—reports. This treats the P/P email point of contact as an email “alias” for the beneficial user’s real address, and completely defeats the purpose of the service I favor an approach that is modeled after ICANN’s Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting – an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system. If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts. Look forward to continuing our discussions on this point on Tuesday. Thanks— J. From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Wednesday, August 13, 2014 at 4:27 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] Proposal contactability As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant. As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate. Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion: "Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider<mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name<mailto:string@domain.name> or domain.name@service.provider<mailto:domain.name@service.provider>) ... ... Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received. Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication." All subject to further discussion, ofc. I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=467ef77b19e86ea983963!%205601853bb74d4fc3%0Ac295fa9d207090fbae89c45c15a> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=f553929a498d60da6ca0d20730fca68ec4cd4b34da81d7f164a6eaae314073e5> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=467ef77b19e86ea983963!%205601853bb74d4fc3%0Ac295fa9d207090fbae89c45c15a> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=f553929a498d60da6ca0d20730fca68ec4cd4b34da81d7f164a6eaae314073e5> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=8352699c2bc91fb33eb654e83c025da311d36d76d2b54d8b76b19bed0900bbea>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77Pw!%20yDkW0%2Fur%2BvTcFdUg%3D%0A&s=e8d4ec608389c17b99e07c4e0d0aa7c5adc19aa1d8cea39ae155b7624fd1bbf6> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=57accdd26500a0aa084874e7002afdf095b65310d0c6ec11a3b36778b0f1360b> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=8352699c2bc91fb33eb654e83c025da311d36d76d2b54d8b76b19bed0900bbea>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77Pw!%20yDkW0%2Fur%2BvTcFdUg%3D%0A&s=e8d4ec608389c17b99e07c4e0d0aa7c5adc19aa1d8cea39ae155b7624fd1bbf6> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=57accdd26500a0aa084874e7002afdf095b65310d0c6ec11a3b36778b0f1360b> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- _________________________ Graeme Bunton Information Specialist Tucows Inc. PH: 416 535 0123 ext 1634 _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

To Graeme's last point below: We can stipulate that all available processes can and will be abused. I think the extent of abuse under the DMCA is often exaggerated, but certainly it exists. Before jumping to the DMCA analogy, let's consider the consequences of abuse in the two situations: Consequence if a spurious legal claim is submitted via DMCA notice (and the affected party does not submit a counter-notice): material is taken down from a website, or access to it is blocked. Consequence if an e-mail containing a spurious legal claim is relayed by a p/p service provider to its customer: Nothing is taken down. Nothing is blocked. Customer does not need to invoke another procedure (like counter-notice) to avoid adverse consequences. Customer receives an e-mail containing a spurious legal claim at the e-mail address it has provided to the p/p service in the its inbox; customer is not obligated to respond to, read or even open the e-mail. For this reason I don't think the DMCA analogy is particularly illuminating for our assignment. Steve From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Graeme Bunton Sent: Monday, August 18, 2014 10:20 PM To: gnso-ppsai-pdp-wg@icann.org Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability First off, this has been an excellent discussion. Thanks again to Volker for giving us something to focus on. A couple of my own thoughts below: - In regards to the accurate and reliable below, I believe what Volker is saying is that under the 2013 RAA we know that either phone or email for a registrant is going to be verified. As such the service provider will have some record that either is reliable. This doesn't necessarily mean (at least, until we've settled this discussion) that it's accessible to 3rd parties. - I'm interested in James' idea of the reporters having to identify themselves when submitting a request. It gives the service provider greater insight into the system, allows for the mitigation of abuse, and could provide the submitter with information on when their requests were submitted, possibly including successful delivery. Submitters in any relay scenario are not anonymous, as even full and automatic email relay could log sending email address, ip etc. This seems like it might increase accountability on both sides. - Lastly, I think it's worth pointing out that legal claims have been, and continue to be used (and abused) as a method of curtailing free speech. There are numerous cases of the DMCA being used as such, which is why organizations like chillingeffects.org exist. I know of hosting providers receiving hundreds of thousands of spurious, generated complaints. We need to be able to deal with such scenarios. Thanks Graeme On 8/18/2014 2:29 PM, Susan Kawaguchi wrote: Hi Volker, Please see my comments in red. I do appreciate the discussion. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. Phone - 650 485-6064 From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Monday, August 18, 2014 at 10:27 AM To: Susan Kawaguchi <susank@fb.com<mailto:susank@fb.com>>, "Williams, Todd" <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>, "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Hi Susan, I do not see it as necessarily as a different treatment. The registrant is still required to provide accurate and reliable contact details, these details are just not published. Just in the same way I can have a functioning email address but route undesired mails to the trashcan automatically prior to retrieving the mails, so can other automated or manual means be employed to filter undesired communications. A privacy service is just another of those means. If a proxy service provides an email address in the WHOIS record but nothing is relayed or only emails that hit a very narrow criteria beyond the spam filters that would not equate to reliable contact details in my opinion. Can the data the registrant be provided be relied upon? Of course, since the service provider needs to be able to contact them. In case of a full or partial reveal, the data will be revealed as reliable. Accurate and reliable date does not suddenly become unreliable data by the mere fact that it is hidden. The data is just as reliable or unreliable whether it is public or hidden. Actually this is not my experience at all that the data provided by the underlying registrant is reliable. The information is often times inaccurate I would guess at the same inaccuracy rates of regular domain name registrations. This may have changed recently with the validation process and people becoming more aware of the need to have accurate data but I do not think we could assume the information is accurate. I do find the proxy service information to be accurate. If I as a registrant wanted to build my details in a way that any mail sent to me would be met with an automated responder that instructs the sender to fill in a webform, that would be perfectly fine. Sure, I cannot be reached through that address, but I can be contacted. Why should privacy services be different? At least if you sent an email to admin email address and received an auto response that may act as confirmation of the email being received. A proxy vendor refusing to accept email as required by the RAA and requiring a web form be filled out is changing the purposes imposed by the RAA. Best, Volker Am 18.08.2014 18:24, schrieb Susan Kawaguchi: What I do not understand is why a proxy registration should be treated so differently than the other 75% of gTld domain name registrations? In the 2013 RAA section 3.7.7.1 it states the following: 3.7.7.1 The Registered Name Holder shall provide to Registraraccurate and reliable contact details and correct and update them within seven (7) days of any change during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8. Creating a new method of contacting the registered name holder and underlying licensee or not relaying communications via email or to the postal address does not appear to fulfill the requirement of "accurate and reliable contact details" A proxy registration information may be accurate but currently the information fails as reliable contact details. Requiring a webform be filled out and submitted to contact the Registered name holder and underlying licensee when the other 75% of gTld domain name registrations are required to have a reliable email address and postal address sets the proxy registrations apart. The webform is not listed as a requirement in section 3. 7.7.1. Why would we afford this special treatment to the proxy registrations? I realize the service has developed in this manner but it is also the reason we are continuing to discuss this issue. Susan Kawaguchi Domain Name Manager Facebook Legal Dept. Phone - 650 485-6064 From: <Williams>, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 8:19 AM To: "James M. Bladel" <jbladel@godaddy.com<mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed - why is that objective/purpose not sufficiently protected by a standard that says "A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam."? By asking the question I don't necessarily mean to make a judgment on your "access whitelist" idea. I'm just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in. Thanks TW. From:gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of James M. Bladel Sent: Sunday, August 17, 2014 6:23 PM To: Volker Greimann; gnso<mailto:gnso-ppsai-pdp-wg@icann.org>(most of our P/P customers engage the service to avoid being spammed). Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others. First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay -all-reports. This treats the P/P email point of contact as an email "alias" for the beneficial user's real address, and completely defeats the purpose of the service I favor an approach that is modeled after ICANN's Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting - an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system. If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts. Look forward to continuing our discussions on this point on Tuesday. Thanks- J. From: Volker Greimann <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> Date: Wednesday, August 13, 2014 at 4:27 To: "gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: [Gnso-ppsai-pdp-wg] Proposal contactability As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant. As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate. Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion: "Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider<mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name<mailto:string@domain.name> or domain.name@service.provider<mailto:domain.name@service.provider>) ... ... Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received. Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication." All subject to further discussion, ofc. I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=467ef77b19e86ea983963!%205601853bb74d4fc3%0Ac295fa9d207090fbae89c45c15a> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=f553929a498d60da6ca0d20730fca68ec4cd4b34da81d7f164a6eaae314073e5> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=467ef77b19e86ea983963!%205601853bb74d4fc3%0Ac295fa9d207090fbae89c45c15a> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=f553929a498d60da6ca0d20730fca68ec4cd4b34da81d7f164a6eaae314073e5> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=8352699c2bc91fb33eb654e83c025da311d36d76d2b54d8b76b19bed0900bbea>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77Pw!%20yDkW0%2Fur%2BvTcFdUg%3D%0A&s=e8d4ec608389c17b99e07c4e0d0aa7c5adc19aa1d8cea39ae155b7624fd1bbf6> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=57accdd26500a0aa084874e7002afdf095b65310d0c6ec11a3b36778b0f1360b> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> / www.RRPproxy.net<https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=8352699c2bc91fb33eb654e83c025da311d36d76d2b54d8b76b19bed0900bbea>www.domaindiscount24.com<https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77Pw!%20yDkW0%2Fur%2BvTcFdUg%3D%0A&s=e8d4ec608389c17b99e07c4e0d0aa7c5adc19aa1d8cea39ae155b7624fd1bbf6> / www.BrandShelter.com<https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems>www.twitter.com/key_systems<https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_systems&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=irWKKupqbA8cE9%2FFBluniHq77PwyDkW0%2Fur%2BvTcFdUg%3D%0A&s=57accdd26500a0aa084874e7002afdf095b65310d0c6ec11a3b36778b0f1360b> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- _________________________ Graeme Bunton Information Specialist Tucows Inc. PH: 416 535 0123 ext 1634

Wow, you (our WG) don't make it easy for a person to catch-up from vacation :-) I just wanted to send my apologies for missing last week's meeting (there was not much connectivity in my tent) and I look forward to the discussion today. Best, Kathy

Hi Susan,

thank you for your feedback. i think it is good to clarify the differences so we may work towards the commonalities.

...

If a proxy service provides an email address in the WHOIS record but nothing is relayed or only emails that hit a very narrow criteria beyond the spam filters that would not equate to reliable contact details in my opinion.

We seem to be differing mainly on the semantics of the word reliable, it seems. I see the underlying data, especially if verified, as highly reliable. The fact that it is hidden does not make it less reliable. OTOH, you seem to refer to the word as having the added meaning of usability for the purpose of anyone contacting the domain owner.

...

Can the data the registrant be provided be relied upon? Of course, since the service provider needs to be able to contact them. In case of a full or partial reveal, the data will be revealed as reliable. Accurate and reliable date does not suddenly become unreliable data by the mere fact that it is hidden. The data is just as reliable or unreliable whether it is public or hidden. Actually this is not my experience at all that the data provided by the underlying registrant is reliable. The information is often times inaccurate I would guess at the same inaccuracy rates of regular domain name registrations. This may have changed recently with the validation process and people becoming more aware of the need to have accurate data but I do not think we could assume the information is accurate. I do find the proxy service information to be accurate.

One part of the accreditation regime that I assumed to be a given was that the underlying email address would have to be verified at some point. This could take the form of the provider performing the verification on its own or of relying of the confirmation of the registrar that the verification has been performed already. This would greatly increase the reliability of the data of any domain names newly entering the service.

...

If I as a registrant wanted to build my details in a way that any mail sent to me would be met with an automated responder that instructs the sender to fill in a webform, that would be perfectly fine. Sure, I cannot be reached through that address, but I can be contacted. Why should privacy services be different?

At least if you sent an email to admin email address and received an auto response that may act as confirmation of the email being received. A proxy vendor refusing to accept email as required by the RAA and requiring a web form be filled out is changing the purposes imposed by the RAA.

I think you misunderstood my intent here. I was describing a service that would automatically trash the incoming mail but not before sending out an automated response that re-directs the sender to a web-page where he could submit the complaint. I believe this to be in full compliance with the RAA as: a) there is a working email address on display b) sending a message to that email address allows the sender to communicate with the registrant, provided he follows the further instructions. No spammer would do such a thing, but a valid complainant would. It mainly prevents automated messages from reaching the complainant, but I am sure you'd agree that any complaint would have to be vetted by a living being before being sent to ensure quality and avoid erroneous complaints.

Similarly, a privacy service might update the email address on display regularly to foil address harvesters without violating the letter or spirit of the RAA.

I think what we need to focus on is less of the small parts but rather the big picture:

a) Should there be some form of means to contact the registrant with legitimate communications? - Yes b) Should there be a means to contact the provider? - Definitely c) Can a provider chose the (reasonable) means by which the above may be accomplished, and exclude certain forms of communication? - Yes again, but that should be made clear somehow. d) Should the registrant be allowed to refuse any communication? - Probably, however in the case of refusal to accept any communication, this should be made clear to the third party.

...

Best,

Volker

Am 18.08.2014 18:24, schrieb Susan Kawaguchi:

...

What I do not understand is why a proxy registration should be treated so differently than the other 75% of gTld domain name registrations?

In the 2013 RAA section 3.7.7.1 it states the following:

3.7.7.1 The Registered Name Holder shall provide to Registraraccurate and reliable contact details and correct and update them within seven (7) days of any change during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.

Creating a new method of contacting the registered name holder and underlying licensee or not relaying communications via email or to the postal address does not appear to fulfill the requirement of "accurate and reliable contact details"

A proxy registration information may be accurate but currently the information fails as reliable contact details.

Requiring a webform be filled out and submitted to contact the Registered name holder and underlying licensee when the other 75% of gTld domain name registrations are required to have a reliable email address and postal address sets the proxy registrations apart. The webform is not listed as a requirement in section 3. 7.7.1. Why would we afford this special treatment to the proxy registrations?

I realize the service has developed in this manner but it is also the reason we are continuing to discuss this issue.

Susan Kawaguchi

Domain Name Manager

Facebook Legal Dept.

Phone - 650 485-6064

From: <Williams>, Todd <Todd.Williams@turner.com <mailto:Todd.Williams@turner.com>> Date: Monday, August 18, 2014 at 8:19 AM To: "James M. Bladel" <jbladel@godaddy.com <mailto:jbladel@godaddy.com>>, Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>>, "gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> Subject: Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks James. Quick question: if, as you note, most of your P/P customers engage the service to avoid being spammed -- why is that objective/purpose not sufficiently protected by a standard that says "A provider must relay all electronic requests received (including emails and via web forms), but may implement commercially reasonable safeguards (including CAPTCHA) to filter out spam."?

By asking the question I don't necessarily mean to make a judgment on your "access whitelist" idea. I'm just not sure I understand its utility on this specific question (relay), where a means to address the problem that it is trying to solve (i.e., spam) appears to have already been baked in.

Thanks

TW.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *James M. Bladel *Sent:* Sunday, August 17, 2014 6:23 PM *To:* Volker Greimann; gnso <mailto:gnso-ppsai-pdp-wg@icann.org>(most of our P/P customers engage the service to avoid being spammed).

*Subject:* Re: [Gnso-ppsai-pdp-wg] Proposal contactability

Thanks to Volker for getting this conversation started. I also share the belief that we should define a system that assures reporters their claims will be relayed by P/P services. However, I disagree on some key points raised by Volker and others.

First, I do not believe there should be any attempt to filter submitted reports based on content. That approach does not scale, and simply results in an arms race where would-be spammers attempt to circumvent the filters. Also, I do not believe P/P services should relay ---all---reports. This treats the P/P email point of contact as an email "alias" for the beneficial user's real address, and completely defeats the purpose of the service

I favor an approach that is modeled after ICANN's Invalid WHOIS Reporting System, and one that many Registrars have implemented to guard against WHOIS harvesting -- an access whitelist. Speaking generally, such a system would require reporters to identify themselves when submitting a claim for relay. Is reporter should also have to designate the email address from which relay claims will originate, and the service provider agrees to honor relay request from that Address without discriminating on its content. The P/P service provider can then monitor the use of the relay system by each reporter, and suspend or terminate access for any reporter that is found to be abusing the system.

If this sounds familiar, it is blatantly copied from the EWG's proposed RDS concept. I think this idea has merit, and regardless of what happens to the rest of the EWG's recommendations, we should consider opportunities to implement this proposal in existing contexts.

Look forward to continuing our discussions on this point on Tuesday.

Thanks---

J.

*From: *Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> *Date: *Wednesday, August 13, 2014 at 4:27 *To: *"gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>" <gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>> *Subject: *[Gnso-ppsai-pdp-wg] Proposal contactability

As Susan and Steve have repeatedly asked what my proposal would be to ensure contactability of the beneficial owner/registrant.

As a basis, a spec derivative of the WAP spec to the RAA would have to be developed. I took the liberty of modifying the WAP for this purpose as a basis for discussion. This would bring the obligation of the privacy service provider to validate and verify the contact details to the same level of that of the registrar, thus ensuring the Service Provider has either accurate details or a duty to verify and validate.

Now, I would agree that some level of a contactibility guarantee is warranted. This could be something to this tune, as a basis for discussion:

/"Service Provider are required provide a means for third parties to directly or indirectly communicate with the Beneficial Owner. Such means may include any of the following: a) providing a postal mail forwarding address b) providing a collective email point of contact for all domain names under the Service (such as abuse@service.provider <mailto:abuse@service.provider>) c) providing an individual email point of contact for each domain name under the Service (such as string@domain.name <mailto:string@domain.name> or domain.name@service.provider <mailto:domain.name@service.provider>) ... ...

Service Provider must inform potential complainants about the accepted means of communication on its website. Service provider may refuse to forward, process or even accept communications sent by a non-accepted means of communication. In case forwarding of postal communications is offered, Service Provider may charge complainant reasonable handling fees and costs for the forwarding service and defer the forwarding of communications until payment is received.

Service Provider may refuse to forward spam, duplicate messages, purchase or business inquiries, harrassing communications, anonymous communications and/or unwanted communications. Service Provider is authorized to update or modify the means of communication from time to time. Service Provider is authorized to blacklist complainants with a history of abusing the provided means of communication."/

All subject to further discussion, ofc.

I realize this draft goes into detail more than we should in this WG, but having been asked for a proposal, I felt it necessary in order to move the discussion ahead. Terms: Service Provider - Privacy/Proxy Service Provider Beneficial Owner - Replaces "Registrant" filter - not deliver to Beneficial owner Service - the privacy/proxy services

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <https://urldefense.proofpoint.com/v1/url?u=http://www.key-systems.net&k=ZVNj...> /www.RRPproxy.net <https://urldefense.proofpoint.com/v1/url?u=http://www.RRPproxy.net&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=cjstkpAuvAi4gqeqX5O18A%3D%3D%0A&m=rsFCYyZQt%2BsXOx2xX91EkpDm0Bf86Akjt0kI7PeOKQc%3D%0A&s=9f6208e6e8f1dac0b3f5ee9154870f7a5e52ad42b0bd13ae5241fab95f59dec7>www.domaindiscount24.com <https://urldefense.proofpoint.com/v1/url?u=http://www.domaindiscount24.com&k...> /www.BrandShelter.com <https://urldefense.proofpoint.com/v1/url?u=http://www.BrandShelter.com&k=ZVN...>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems>www.twitter.com/key_systems <https://urldefense.proofpoint.com/v1/url?u=http://www.twitter.com/key_system...>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <https://urldefense.proofpoint.com/v1/url?u=http://www.keydrive.lu&k=ZVNjlDMF...>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.netwww.domaindiscount24.com /www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystemswww.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.netwww.domaindiscount24.com /www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystemswww.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.net www.domaindiscount24.com /www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net

Web:www.key-systems.net /www.RRPproxy.net www.domaindiscount24.com /www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg