Dear Volker, Your comments have prompted me to step in your conversation with John Horton. By sternly refusing to respond to foreign law enforcement authorities´ requests, p/p services blatantly disregard the fact that their services are used by foreign individuals, organizations and companies, not the least because they promote their services abroad. In its self-regulation industry represented at ICANN must pay heed to this conspicuous fact and react to it. Simply denying any legitimacy to foreign authorities is not acceptable. As for other Internet services, I invite you to have a look at the Transparency Report Google releases every six months. It´s an example of an Internet service provider who voluntarily attends to requests issued worldwide. Many hosting providers also respond our requests when we ask them to provide contact data of their customers. Once, I advised the group to visit www.internetjurisdiction.net/<http://www.internetjurisdiction.net/>. They are trying to work out avenues to solve jurisdiction problems through soft law. Efforts like this should be supported and tested, for instance, as regards p/p services. Best regards, Gema Campillos Glez De: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Volker Greimann Enviado el: miércoles, 08 de enero de 2014 13:23 Para: gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] FW: Draft Grouping of Charter Questions - some edits Hi all, to respond to John's comments: * When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime. When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary. * Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from. No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator. * The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same. John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous. Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability. Best, Volker Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits Hi Marika, could you post this to our working group? -------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted). Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties). For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show). Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy : I will miss the first 30 minutes due to another obligation, but will join as soon as I can. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting Dear All, Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC). Best regards, Marika Proposed Agenda - PPSAI PDP WG Meeting - 7 January 2013 1. Roll Call / SOI 2. Review & finalise SG/C Template (see revised version attached) 3. Review & finalise SO/AC Outreach Letter (see revised version attached) 4. Input to EWG Survey (see attached) 5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX) 6. Review proposed charter question groupings (see latest version attached) 7. Next steps & confirm next meeting _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Hi Gema, I am not saying providers should refuse to respond to such requests, but they should rather treat them as any other third-party request without legal authority, since that is what they are. I am sorry if that was unclear from my earlier statement. But yes, foreign law enforcement has no legal authority abroad. None whatsoever... For proper handling, law enforcement has options however, such as cooperating with or working through local law enforcement and we as registrar regularly receive such inquiries from our local law enforcement where they are helping foreign agencies. As registrar, we always advise foreign law enforcement to work through the proper channels instead of trying to overreach their authority. Finally, where does one draw the line? Are providers expected to listen to US law enforcement even if not based in the US? How about Saudi LEAs? Or Syrian, Iranian, etc? Simply extending legal authority to foreign authorities without a legal basis is not acceptable either. There is a reason why there are national boundaries for law enforcement. Sovereign nations have jointly decided this is the way to go and unless they develop international treaties that change that, we should not try to develop new super-national authority for foreign law enforcement agencies. Volker

Dear Volker,

Your comments have prompted me to step in your conversation with John Horton.

By sternly refusing to respond to foreign law enforcement authorities´ requests, p/p services blatantly disregard the fact that their services are used by foreign individuals, organizations and companies, not the least because they promote their services abroad. In its self-regulation industry represented at ICANN must pay heed to this conspicuous fact and react to it. Simply denying any legitimacy to foreign authorities is not acceptable.

As for other Internet services, I invite you to have a look at the Transparency Report Google releases every six months. It´s an example of an Internet service provider who voluntarily attends to requests issued worldwide. Many hosting providers also respond our requests when we ask them to provide contact data of their customers. Once, I advised the group to visit www.internetjurisdiction.net/ <http://www.internetjurisdiction.net/>. They are trying to work out avenues to solve jurisdiction problems through soft law. Efforts like this should be supported and tested, for instance, as regards p/p services.

Best regards,

Gema Campillos Glez

*De:*gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *En nombre de *Volker Greimann *Enviado el:* miércoles, 08 de enero de 2014 13:23 *Para:* gnso-ppsai-pdp-wg@icann.org *Asunto:* Re: [Gnso-ppsai-pdp-wg] FW: Draft Grouping of Charter Questions - some edits

Hi all,

to respond to John's comments:

* When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime.

When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary.

* Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk.

Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from.

No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator.

* The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes.

Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service.

Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same.

John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous.

Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability.

Best,

Volker

Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined.

John Horton President, LegitScript

*Follow****Legit**Script*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | _Blog <http://blog.legitscript.com>_ |Google+ <https://plus.google.com/112436813474708014933/posts>

On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> wrote:

*From: *Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> *Date: *Tuesday 7 January 2014 16:38 *To: *Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> *Subject: *Fwd: Draft Grouping of Charter Questions - some edits

Hi Marika, could you post this to our working group?

-------- Original Message --------

*Subject: *

Draft Grouping of Charter Questions - some edits

*Date: *

Tue, 07 Jan 2014 10:35:02 -0500

*From: *

Kathy Kleiman <kathy@kathykleiman.com> <mailto:kathy@kathykleiman.com>

*To: *

gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>

Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted).

Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties).

For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show).

Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy

:

I will miss the first 30 minutes due to another obligation, but will join as soon as I can.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Marika Konings *Sent:* Monday, January 06, 2014 4:30 AM *To:* gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org> *Subject:* [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting

Dear All,

Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC).

Best regards,

Marika

*Proposed Agenda -- PPSAI PDP WG Meeting -- 7 January 2013*

1.Roll Call / SOI

2.Review & finalise SG/C Template (see revised version attached)

3.Review & finalise SO/AC Outreach Letter (see revised version attached)

4.Input to EWG Survey (see attached)

5.Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX)

6.Review proposed charter question groupings (see latest version attached)

7.Next steps & confirm next meeting

_______________________________________________

Gnso-ppsai-pdp-wg mailing list

Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation. Tim On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi all, to respond to John's comments: * When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime. When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary. * Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from. No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator. * The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same. John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous. Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability. Best, Volker Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits Hi Marika, could you post this to our working group? -------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted). Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties). For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show). Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy : I will miss the first 30 minutes due to another obligation, but will join as soon as I can. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting Dear All, Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC). Best regards, Marika Proposed Agenda – PPSAI PDP WG Meeting – 7 January 2013 1. Roll Call / SOI 2. Review & finalise SG/C Template (see revised version attached) 3. Review & finalise SO/AC Outreach Letter (see revised version attached) 4. Input to EWG Survey (see attached) 5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX) 6. Review proposed charter question groupings (see latest version attached) 7. Next steps & confirm next meeting _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Thanks John. That's the kind of info that I believe is very helpful. I especially appreciate the Visa/bank example and I agree, it is a very good analogy and something we can/should use. Tim On Jan 8, 2014, at 9:59 AM, "John Horton" <john.horton@legitscript.com<mailto:john.horton@legitscript.com>> wrote: Hi all, Thanks for the comments. Volker, thanks for your comments, and I should also note that LegitScript has been appreciative of Volker's company's (Key-Systems) approach to anti-abuse issues in the area we deal with. (And, Tim, we think GoDaddy's anti-abuse team is great and work with them closely.) That said, let me respond on a few points. First, I'll respond to Tim's question, and Volker's statement about banks. It's simply inaccurate that banks only take action based on legal requirements, law enforcement requests or court orders. LegitScript works closely with Visa and other credit card networks and through them with acquiring banks, so I feel comfortable stating that we know this area pretty well. The very firm position of the credit card networks is that acquirers are bound to ensure that the merchant's activity is legal in the cardholder's network as well as the merchant's network. No credit card network would put up with a bank insisting that they need a court order or law enforcement request. Generally, when that illegal activity is shown, the bank cancels not only the credit card account but the entire account. Without, I again emphasize, a court order or law enforcement request. (I should note here that I'm not talking specifically about disclosure of the merchant's identity but about providing or canceling services in general.) I think that this is a useful analogy because, like in the ICANN sphere, it's a matter of contract. And it is required (not voluntary on the part of the bank.) Like in the ICANN sphere, we also see a common dynamic where -- I'll use illegal pharma as an example, again because I know it -- an illegal drug seller living in, say, Thailand targeting customers in Germany chooses a bank in the US (where German law enforcement has no jurisdiction), ships the drugs from China, and so forth. If the bank were to argue to Visa, "Well, we're in the US and US laws aren't being broken. Get me a court order from the US." that argument would be immediately rejected and Visa would fine the bank. The reason is that the credit card network sphere is largely governed by contract, because -- just like we see in the ICANN world -- once companies start insisting on local court orders, it gives criminals an opportunity to pick safe havens. As to search engines (responding to Tim's question about what other industries do, and whether it's voluntary or required), using Google as an example, their voluntary and I think very committed efforts (disclosure: we work closely with them as well as Bing/Yahoo) to stop rogue pharma from using their paid ad services also occurred pursuant to a half a billion (USD) fine and non-prosecution agreement. Microsoft and Yahoo quickly adopted the same standards after seeing what happened. Voluntary? Well, I think required is the better word: it's very clear in the search engine space that if you're running an ad program, it's your responsibility to make sure that the advertiser (again, in my area, rogue pharma) is operating legally both in the country where they are operating and where they are marketing drugs to. Otherwise, you can be held responsible for turning a blind eye to criminal activity and profiting from it. That said, Volker and others raise entirely valid points -- but the point I'd make is, I think this group needs to achieve balance on all of these considerations, not discount those Gema and I have raised. For example, Volker (and separately Kathy) have both raised the point that a complainant could be anti-competitive or falsely claiming to be a victim. That's absolutely true. We see that too, and have to deal with it. I just dealt with a situation a few weeks ago where someone claiming to be a victim was, in fact, a rogue Internet pharmacy competitor. (But, we figured it out.) That doesn't take away from the fact that some complainants are, indeed, victims. These are not mutually exclusive, and we need to recognize that both dynamics exist -- not assume that all complainants are victims or are fraudulent. Coming back to the task at hand, I'd encourage the group to consider those questions. They are just questions, which are, of course, designed to solicit better information and responses. If they can be improved and rewritten, I'm all for it. And don't assume from this that I am suggesting that a complainant (seeming to be a victim) should be immediately told the registrant's identity -- that sounds like a horrible policy. We're only proposing questions here to elicit better information. I hope that information about credit card networks, banks and search engines is helpful. Please do not hesitate to let me know if I can clarify anything. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Wed, Jan 8, 2014 at 6:03 AM, Tim Ruiz <tim@godaddy.com<mailto:tim@godaddy.com>> wrote: I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation. Tim On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi all, to respond to John's comments: * When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime. When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary. * Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from. No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator. * The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same. John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous. Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability. Best, Volker Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits Hi Marika, could you post this to our working group? -------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted). Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties). For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show). Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy : I will miss the first 30 minutes due to another obligation, but will join as soon as I can. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting Dear All, Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC). Best regards, Marika Proposed Agenda - PPSAI PDP WG Meeting - 7 January 2013 1. Roll Call / SOI 2. Review & finalise SG/C Template (see revised version attached) 3. Review & finalise SO/AC Outreach Letter (see revised version attached) 4. Input to EWG Survey (see attached) 5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX) 6. Review proposed charter question groupings (see latest version attached) 7. Next steps & confirm next meeting _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verf?gung. Mit freundlichen Gr??en, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Gesch?ftsf?hrer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur f?r den angegebenen Empf?nger bestimmt. Jede Form der Kenntnisgabe, Ver?ffentlichung oder Weitergabe an Dritte durch den Empf?nger ist unzul?ssig. Sollte diese Nachricht nicht f?r Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901<tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.: +49 (0) 6894 - 9396 851<tel:%2B49%20%280%29%206894%20-%209396%20851> Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Dear all, I´ve heard many, many times the same excuses you give in this message, including the reference to Iranian, Saudi, etc. authorities. They are so hackneyed. The Internet has grown as a borderless space for e-commerce, exchange of information... but Internet service providers stick to their physical borders when it comes to cooperate with law enforcement authorities. The risk of liability can be avoided if cooperation with law enforcement (even from third countries) is foreseen in agreements with customers. My reference to voluntary cooperation was intended to cover all sorts of obligations other than those arising by law, what includes contractual obligations, codes of conduct, etc. The lack of resources, lack of expertise or lack of competence some of you have mentioned as reasons not to fulfil foreign LEA orders can be sorted out with goodwill, effort and cooperation. I think this PDP provides an excellent opportunity to brainstorm and discuss possible ways to solve this common interest problems. But, you must put yourselves in the shoes of "victims" of a p/p service client who turns out to be a fraudster and understand the hardship of LEA trying to protect them. Volker says "There are sufficiently advanced legal instruments already in place." Yes, there are, and they are also pre-Internet age. If an individual decides to battle by himself and go to courts, it may take him a year or more time to have a sentence ready to be executed in another country. By the time the order reaches the p/p service or the registrar, the website may have deceived many others and may have vanished. If he or she decides to seek relief with his or her country authorities, their LEA don´t need to go to a court (otherwise, they wouldn´t be LEAs) to exercise their duties. It may not have jurisdiction over foreign sites, in which case, it would need to address other national authorities for cooperation, but it may have if national laws confer it to them (for instance, where, regardless of the physical location of the provider, it targets their residents). In this case, it has legal authority, but that will be ignored by the p/p provider, as you have vowed. The LEA would then be forced to fine or apply coercive measures against that provider. Alternatively, it may ask ISPs to block access to the fraudster´s website, an undesirable action which is often criticized as fragmenting the Internet. For the sake of argument, let´s assume that LEA have no legal authority outside their frontiers. How can we, governments, know what are the appropriate LEA to address to in the p/p service jurisdiction? Chris Pelling say their give the telephone numbers of LEA in UK. Maybe, they don´t receive any feedback since officials are not confident enough in their English language abilities or are in a different time zone. They should display name, telephone and fax numbers, e-mail addresses and websites of all LEA competent in their country. Besides, they should cooperate with the foreign LEA acting as a go-between with the registrant, where the authority requests this specifically. They could contact the representative of that country in the GAC to find out if the request comes from a real and competent LEA in that country. These are some ideas that come now to my mind, but I´m sure if we all set to think about it, we can produce a lot more. One last question for Mary: if the Charter is not yet definitive, why should we rush to send out the letters to AC and SO? Shouldn´t we finish our Charter and rewrite the letters as appropriate before dispatching them? Best regards, Gema Campillos Glez De: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] En nombre de Volker Greimann Enviado el: miércoles, 08 de enero de 2014 16:27 Para: John Horton; Tim Ruiz CC: gnso-ppsai-pdp-wg@icann.org Asunto: Re: [Gnso-ppsai-pdp-wg] FW: Draft Grouping of Charter Questions - some edits Hi John, thank you for your comments, and yes, we do our best to deal with obvious illegal activities reported to us because we think it is right, but not because there is a legal obligation to do so. First, I think Tim raised a very valuable point, which is that there needs to be a differentiation between what providers are doing voluntarily and what they are doing because it is required (be it by contract, law or other). Registrars (and p/p service providers even more so) do not share the same resources that banks do, nor do we have access to the same wealth of information about our customers. Therefore, we cannot be expected to investigate or make a determination of whether a service is illegal under our own jurisdiction unless it is obvious that it is. There are simply no ressources available for such investigations. If we have to "figure it out", we are basically moving away from the obvious violations and moving into the territory of the courts and LEAs. Second, your illegal drugs analogy is flawed since if a certain service were legal in the jurisdiction of the provider, but is being provided in a country where it is not, there simply is no requirement to take action, since no laws are being broken in his jurisdiction. If you are in the US and US laws are not being broken by publishing for example Nazi hatepages and propaganda, denying the holocaust or similar actions which are highly illegal in Germany but not in the US because the US has a different definition of free speech, then as much as I hate it there is no court in the US that would require the provider to take action. Similarly, if copyright laws are different in other countries, for example with regard to the date a creation enters the public domain, then a provider in a country where Mickey Mouse is already in the public domain should not be required to take action against a site that publishes Mickey Mouse cartoons just because the copyright protection period is longer in the US. As a German provider, I will adamantly refuse to enforce laws of a different country unless these laws match the laws of Germany. While it could be argued there may be a moral obligation in certain cases, there certainly is no legal obligation and we stop trying to construct super-national law that trumps national law. That is ultimately the job of national governments coming together and agreeing to international treaties. There also is no need to get a German court order, all you need is for a German court to confirm that a court order in a different court should be enforceable in Germany as well. There are sufficiently advanced legal instruments already in place. Volker Hi all, Thanks for the comments. Volker, thanks for your comments, and I should also note that LegitScript has been appreciative of Volker's company's (Key-Systems) approach to anti-abuse issues in the area we deal with. (And, Tim, we think GoDaddy's anti-abuse team is great and work with them closely.) That said, let me respond on a few points. First, I'll respond to Tim's question, and Volker's statement about banks. It's simply inaccurate that banks only take action based on legal requirements, law enforcement requests or court orders. LegitScript works closely with Visa and other credit card networks and through them with acquiring banks, so I feel comfortable stating that we know this area pretty well. The very firm position of the credit card networks is that acquirers are bound to ensure that the merchant's activity is legal in the cardholder's network as well as the merchant's network. No credit card network would put up with a bank insisting that they need a court order or law enforcement request. Generally, when that illegal activity is shown, the bank cancels not only the credit card account but the entire account. Without, I again emphasize, a court order or law enforcement request. (I should note here that I'm not talking specifically about disclosure of the merchant's identity but about providing or canceling services in general.) I think that this is a useful analogy because, like in the ICANN sphere, it's a matter of contract. And it is required (not voluntary on the part of the bank.) Like in the ICANN sphere, we also see a common dynamic where -- I'll use illegal pharma as an example, again because I know it -- an illegal drug seller living in, say, Thailand targeting customers in Germany chooses a bank in the US (where German law enforcement has no jurisdiction), ships the drugs from China, and so forth. If the bank were to argue to Visa, "Well, we're in the US and US laws aren't being broken. Get me a court order from the US." that argument would be immediately rejected and Visa would fine the bank. The reason is that the credit card network sphere is largely governed by contract, because -- just like we see in the ICANN world -- once companies start insisting on local court orders, it gives criminals an opportunity to pick safe havens. As to search engines (responding to Tim's question about what other industries do, and whether it's voluntary or required), using Google as an example, their voluntary and I think very committed efforts (disclosure: we work closely with them as well as Bing/Yahoo) to stop rogue pharma from using their paid ad services also occurred pursuant to a half a billion (USD) fine and non-prosecution agreement. Microsoft and Yahoo quickly adopted the same standards after seeing what happened. Voluntary? Well, I think required is the better word: it's very clear in the search engine space that if you're running an ad program, it's your responsibility to make sure that the advertiser (again, in my area, rogue pharma) is operating legally both in the country where they are operating and where they are marketing drugs to. Otherwise, you can be held responsible for turning a blind eye to criminal activity and profiting from it. That said, Volker and others raise entirely valid points -- but the point I'd make is, I think this group needs to achieve balance on all of these considerations, not discount those Gema and I have raised. For example, Volker (and separately Kathy) have both raised the point that a complainant could be anti-competitive or falsely claiming to be a victim. That's absolutely true. We see that too, and have to deal with it. I just dealt with a situation a few weeks ago where someone claiming to be a victim was, in fact, a rogue Internet pharmacy competitor. (But, we figured it out.) That doesn't take away from the fact that some complainants are, indeed, victims. These are not mutually exclusive, and we need to recognize that both dynamics exist -- not assume that all complainants are victims or are fraudulent. Coming back to the task at hand, I'd encourage the group to consider those questions. They are just questions, which are, of course, designed to solicit better information and responses. If they can be improved and rewritten, I'm all for it. And don't assume from this that I am suggesting that a complainant (seeming to be a victim) should be immediately told the registrant's identity -- that sounds like a horrible policy. We're only proposing questions here to elicit better information. I hope that information about credit card networks, banks and search engines is helpful. Please do not hesitate to let me know if I can clarify anything. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Wed, Jan 8, 2014 at 6:03 AM, Tim Ruiz <tim@godaddy.com<mailto:tim@godaddy.com>> wrote: I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation. Tim On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Hi all, to respond to John's comments: * When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime. When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary. * Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from. No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator. * The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same. John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous. Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability. Best, Volker Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits Hi Marika, could you post this to our working group? -------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted). Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties). For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show). Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy : I will miss the first 30 minutes due to another obligation, but will join as soon as I can. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting Dear All, Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC). Best regards, Marika Proposed Agenda - PPSAI PDP WG Meeting - 7 January 2013 1. Roll Call / SOI 2. Review & finalise SG/C Template (see revised version attached) 3. Review & finalise SO/AC Outreach Letter (see revised version attached) 4. Input to EWG Survey (see attached) 5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX) 6. Review proposed charter question groupings (see latest version attached) 7. Next steps & confirm next meeting _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

1. First, this is a very interesting discussion, in which I find myself strenuously agreeing with Volker. 2. In Canada, providers of credit card services (especially type 1 banks) are heavily regulated, making this analogy not quite so relevant. I am no expert in bank regulation (goes with the I-am-not-a-lawyer caveat) but part of the issue here is that in processing credit card payments for suspected criminal activity, banks would be participating in handling the proceeds of crime….and profiting by it. Registrars and proxy service providers, on the other hand, could not be construed as doing this. All they are doing is providing a domain name, not even a website. Since ICANN has not defined what a domain name actually is, (please point me to it if indeed they have) then provision of the domain name is pretty attenuated in the chain of control. 3. Banks are covered by banking privacy regulation even if they are not covered by data protection law, in most jurisdictions. When they are covered by data protection law, it is worth noting that a lot of complaints are generated about precisely this problem…when another individual seeks the personal information of a bank client, without a right to get it, using either bullying or social engineering techniques. Bank employees are held to account in these instances, sometimes in my opinion somewhat unfairly. 4. With all due respect to the employees of registrars who have to look into allegations of fraud or criminal activity or whatever, or deal with these requests for information, they are not trained investigators, subject to the rule of law that governs criminal investigation. Access to redress for the registrant would have to be through civil litigation (some of it probably aimed at ICANN for requiring this activity, if indeed this committee decides to require this). I don't believe that establishing this kind of quasi legal regime is within ICANN's remit. I understand that you can do all kinds of things through contract law, that does not make it right however, particularly when you are dealing with a human right such as free expression, freedom of association, or privacy, which are all associated with provision of a domain name in my view. 5. The cybercrime treaty (Budapest convention) was aimed at solving some of these inter-jurisdictional problems. They appear to have stalled, possibly over some well known problems. This stuff is difficult. I would suggest that ICANN restrict its forays into this area to developing an instrument that could streamline the process of serving notice of suspected criminal activity, and propose it to GAC folks to bring to that forum. AS experts in domain name registration and management, ICANN is in a position to help define what information is necessary and useful. Possibly it could be served without a formal mutual legal assistance treaty, it would be up to governments to decide that. Not all the countries that you are interested in have signed the convention, naturally, nor would all countries agree to MLATS with every other country. As Volker has pointed out, this is the job of national governments coming together to agree to international treaties, which incidentally in most countries have to be approved and voted by national legislatures. 6. The internet has grown up, it is time to formalize some of these legal mechanisms elsewhere, not require private parties to continue to do work-arounds that expose them to legal risk. This accreditation is looking a lot like a quasi-regulatory function, this committee has to be careful how far it goes. I will come back to the trade and competition issues later. Stephanie (not a lawyer)Perrin On 2014-01-08, at 10:27 AM, Volker Greimann <vgreimann@key-systems.net> wrote:

Hi John,

thank you for your comments, and yes, we do our best to deal with obvious illegal activities reported to us because we think it is right, but not because there is a legal obligation to do so.

First, I think Tim raised a very valuable point, which is that there needs to be a differentiation between what providers are doing voluntarily and what they are doing because it is required (be it by contract, law or other).

Registrars (and p/p service providers even more so) do not share the same resources that banks do, nor do we have access to the same wealth of information about our customers. Therefore, we cannot be expected to investigate or make a determination of whether a service is illegal under our own jurisdiction unless it is obvious that it is. There are simply no ressources available for such investigations. If we have to "figure it out", we are basically moving away from the obvious violations and moving into the territory of the courts and LEAs.

Second, your illegal drugs analogy is flawed since if a certain service were legal in the jurisdiction of the provider, but is being provided in a country where it is not, there simply is no requirement to take action, since no laws are being broken in his jurisdiction. If you are in the US and US laws are not being broken by publishing for example Nazi hatepages and propaganda, denying the holocaust or similar actions which are highly illegal in Germany but not in the US because the US has a different definition of free speech, then as much as I hate it there is no court in the US that would require the provider to take action. Similarly, if copyright laws are different in other countries, for example with regard to the date a creation enters the public domain, then a provider in a country where Mickey Mouse is already in the public domain should not be required to take action against a site that publishes Mickey Mouse cartoons just because the copyright protection period is longer in the US. As a German provider, I will adamantly refuse to enforce laws of a different country unless these laws match the laws of Germany.

While it could be argued there may be a moral obligation in certain cases, there certainly is no legal obligation and we stop trying to construct super-national law that trumps national law. That is ultimately the job of national governments coming together and agreeing to international treaties.

There also is no need to get a German court order, all you need is for a German court to confirm that a court order in a different court should be enforceable in Germany as well. There are sufficiently advanced legal instruments already in place.

Volker

...

Hi all,

Thanks for the comments. Volker, thanks for your comments, and I should also note that LegitScript has been appreciative of Volker's company's (Key-Systems) approach to anti-abuse issues in the area we deal with. (And, Tim, we think GoDaddy's anti-abuse team is great and work with them closely.)

That said, let me respond on a few points.

First, I'll respond to Tim's question, and Volker's statement about banks. It's simply inaccurate that banks only take action based on legal requirements, law enforcement requests or court orders. LegitScript works closely with Visa and other credit card networks and through them with acquiring banks, so I feel comfortable stating that we know this area pretty well. The very firm position of the credit card networks is that acquirers are bound to ensure that the merchant's activity is legal in the cardholder's network as well as the merchant's network. No credit card network would put up with a bank insisting that they need a court order or law enforcement request. Generally, when that illegal activity is shown, the bank cancels not only the credit card account but the entire account. Without, I again emphasize, a court order or law enforcement request. (I should note here that I'm not talking specifically about disclosure of the merchant's identity but about providing or canceling services in general.)

I think that this is a useful analogy because, like in the ICANN sphere, it's a matter of contract. And it is required (not voluntary on the part of the bank.) Like in the ICANN sphere, we also see a common dynamic where -- I'll use illegal pharma as an example, again because I know it -- an illegal drug seller living in, say, Thailand targeting customers in Germany chooses a bank in the US (where German law enforcement has no jurisdiction), ships the drugs from China, and so forth. If the bank were to argue to Visa, "Well, we're in the US and US laws aren't being broken. Get me a court order from the US." that argument would be immediately rejected and Visa would fine the bank. The reason is that the credit card network sphere is largely governed by contract, because -- just like we see in the ICANN world -- once companies start insisting on local court orders, it gives criminals an opportunity to pick safe havens.

As to search engines (responding to Tim's question about what other industries do, and whether it's voluntary or required), using Google as an example, their voluntary and I think very committed efforts (disclosure: we work closely with them as well as Bing/Yahoo) to stop rogue pharma from using their paid ad services also occurred pursuant to a half a billion (USD) fine and non-prosecution agreement. Microsoft and Yahoo quickly adopted the same standards after seeing what happened. Voluntary? Well, I think required is the better word: it's very clear in the search engine space that if you're running an ad program, it's your responsibility to make sure that the advertiser (again, in my area, rogue pharma) is operating legally both in the country where they are operating and where they are marketing drugs to. Otherwise, you can be held responsible for turning a blind eye to criminal activity and profiting from it.

That said, Volker and others raise entirely valid points -- but the point I'd make is, I think this group needs to achieve balance on all of these considerations, not discount those Gema and I have raised. For example, Volker (and separately Kathy) have both raised the point that a complainant could be anti-competitive or falsely claiming to be a victim. That's absolutely true. We see that too, and have to deal with it. I just dealt with a situation a few weeks ago where someone claiming to be a victim was, in fact, a rogue Internet pharmacy competitor. (But, we figured it out.) That doesn't take away from the fact that some complainants are, indeed, victims. These are not mutually exclusive, and we need to recognize that both dynamics exist -- not assume that all complainants are victims or are fraudulent.

Coming back to the task at hand, I'd encourage the group to consider those questions. They are just questions, which are, of course, designed to solicit better information and responses. If they can be improved and rewritten, I'm all for it. And don't assume from this that I am suggesting that a complainant (seeming to be a victim) should be immediately told the registrant's identity -- that sounds like a horrible policy. We're only proposing questions here to elicit better information.

I hope that information about credit card networks, banks and search engines is helpful. Please do not hesitate to let me know if I can clarify anything.

John Horton President, LegitScript

Follow LegitScript: LinkedIn | Facebook | Twitter | YouTube | Blog | Google+

On Wed, Jan 8, 2014 at 6:03 AM, Tim Ruiz <tim@godaddy.com> wrote: I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation.

Tim

On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann@key-systems.net> wrote:

...

Hi all,

to respond to John's comments:

...

When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime.

When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary.

...

Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from.

No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator.

...

The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same.

John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous.

Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability.

Best,

Volker

...

Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined.

John Horton President, LegitScript

Follow LegitScript: LinkedIn | Facebook | Twitter | YouTube | Blog | Google+

On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org> wrote:

From: Kathy Kleiman <kathy@kathykleiman.com> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org> Subject: Fwd: Draft Grouping of Charter Questions - some edits

Hi Marika, could you post this to our working group?

-------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org

Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted).

Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties).

For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show).

Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy

:

...

I will miss the first 30 minutes due to another obligation, but will join as soon as I can.

From: gnso-ppsai-pdp-wg-bounces@icann.org [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting

Dear All,

Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC).

Best regards,

Marika

Proposed Agenda – PPSAI PDP WG Meeting – 7 January 2013

1. Roll Call / SOI

2. Review & finalise SG/C Template (see revised version attached)

3. Review & finalise SO/AC Outreach Letter (see revised version attached)

4. Input to EWG Survey (see attached)

5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX)

6. Review proposed charter question groupings (see latest version attached)

7. Next steps & confirm next meeting

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net

Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

Hi John, I was referring to activities that are illegal in one country, but not in another, not activities that are illegal in both countries, but only conducted in one. Different pair of shoes. as an example of the latter, murder would be illegal in Germany as well, even if it were committed elsewehere, as there is a statute against murder here as well. While you may not be able to persecute an American murder in Germany, the fact is that murder is illegal in Germany as well. As for your concrete example, please contact our abuse dept if you have not already done so as I cannot discuss such issues here and have not reviewed this case. As to the "why" of why they chose us, I would hope that customers chose us because we offer reasonable pricing and good customer service levels togeher with a well-developed customer service platform. Best, Volker

Hi Volker,

Thanks! I think it's important to put all of this in context, by the way: our experience has been that there's a lot of praise that should be given to many registrars for taking voluntary steps to reduce abuse on their platforms. Including, in many cases, Key-Systems.

I'm just getting to a full work day, so I won't respond to all points, except to explain that I think you misunderstand my illegal drugs analogy; my apologies if it wasn't clear. Let's take a real life example of a rogue Internet pharmacy registered with Key-Systems: _180-tramadol.com <http://180-tramadol.com>_. This sells prescription drugs without a valid prescription or valid pharmacy licensure. It is a criminal enterprise. The "dispensing pharmacy" -- which was not appropriately licensed as such -- was raided by the DEA, and the supply shifted to coming from Vanuatu, making the drugs illegal to import into the target market because the drugs are unregulated. There are known deaths and overdoses associated with the larger network, which has gone by multiple names over the years: RxPayouts, Brick and Click, and more.

But: _this website does not violate German law_. (At least, the drug safety and pharmacy licensure laws that we are familiar with.) It's very important to understand why: _they are only shipping to the US._ You cannot, no matter how hard you try, get the drugs shipped to Germany. Try it. In this case, it is not that the activity is legal under German laws. (Obviously, a prescription is required for prescription drugs in Germany, drugs cannot be fake, and so forth.) Rather, it is simply a nullity: it is neither legal nor illegal; rather, German laws simply aren't implicated at all because try as you might, the network will not ship drugs to Germany, precisely in the hope that you will insist on a court order. And so, the rogue pharma network targeting only the US thrives.

So, let me ask you this: knowing that, why do you think that this rogue online pharma network only targeting the US -- they have many websites with your company -- is choosing a registrar in Germany, outside of US jurisdiction?

Here is a suggestion: require these websites to transfer to a registrar in the US, since they are _only_ selling drugs to customers in the US.

John Horton President, LegitScript

*FollowLegitScript*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | _Blog <http://blog.legitscript.com>_ |Google+ <https://plus.google.com/112436813474708014933/posts>

On Wed, Jan 8, 2014 at 7:27 AM, Volker Greimann <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> wrote:

Hi John,

thank you for your comments, and yes, we do our best to deal with obvious illegal activities reported to us because we think it is right, but not because there is a legal obligation to do so.

First, I think Tim raised a very valuable point, which is that there needs to be a differentiation between what providers are doing voluntarily and what they are doing because it is required (be it by contract, law or other).

Registrars (and p/p service providers even more so) do not share the same resources that banks do, nor do we have access to the same wealth of information about our customers. Therefore, we cannot be expected to investigate or make a determination of whether a service is illegal under our own jurisdiction unless it is obvious that it is. There are simply no ressources available for such investigations. If we have to "figure it out", we are basically moving away from the obvious violations and moving into the territory of the courts and LEAs.

Second, your illegal drugs analogy is flawed since if a certain service were legal in the jurisdiction of the provider, but is being provided in a country where it is not, there simply is no requirement to take action, since no laws are being broken in his jurisdiction. If you are in the US and US laws are not being broken by publishing for example Nazi hatepages and propaganda, denying the holocaust or similar actions which are highly illegal in Germany but not in the US because the US has a different definition of free speech, then as much as I hate it there is no court in the US that would require the provider to take action. Similarly, if copyright laws are different in other countries, for example with regard to the date a creation enters the public domain, then a provider in a country where Mickey Mouse is already in the public domain should not be required to take action against a site that publishes Mickey Mouse cartoons just because the copyright protection period is longer in the US. As a German provider, I will adamantly refuse to enforce laws of a different country unless these laws match the laws of Germany.

While it could be argued there may be a moral obligation in certain cases, there certainly is no legal obligation and we stop trying to construct super-national law that trumps national law. That is ultimately the job of national governments coming together and agreeing to international treaties.

There also is no need to get a German court order, all you need is for a German court to confirm that a court order in a different court should be enforceable in Germany as well. There are sufficiently advanced legal instruments already in place.

Volker

...

Hi all,

Thanks for the comments. Volker, thanks for your comments, and I should also note that LegitScript has been appreciative of Volker's company's (Key-Systems) approach to anti-abuse issues in the area we deal with. (And, Tim, we think GoDaddy's anti-abuse team is great and work with them closely.)

That said, let me respond on a few points.

First, I'll respond to Tim's question, and Volker's statement about banks. It's simply inaccurate that banks only take action based on legal requirements, law enforcement requests or court orders. LegitScript works closely with Visa and other credit card networks and through them with acquiring banks, so I feel comfortable stating that we know this area pretty well. The very firm position of the credit card networks is that acquirers are bound to ensure that the merchant's activity is legal in the cardholder's network as well as the merchant's network. No credit card network would put up with a bank insisting that they need a court order or law enforcement request. Generally, when that illegal activity is shown, the bank cancels not only the credit card account but the entire account. Without, I again emphasize, a court order or law enforcement request. (I should note here that I'm not talking specifically about disclosure of the merchant's identity but about providing or canceling services in general.)

I think that this is a useful analogy because, like in the ICANN sphere, it's a matter of contract. And it is required (not voluntary on the part of the bank.) Like in the ICANN sphere, we also see a common dynamic where -- I'll use illegal pharma as an example, again because I know it -- an illegal drug seller living in, say, Thailand targeting customers in Germany chooses a bank in the US (where German law enforcement has no jurisdiction), ships the drugs from China, and so forth. If the bank were to argue to Visa, "Well, we're in the US and US laws aren't being broken. Get me a court order from the US." that argument would be immediately rejected and Visa would fine the bank. The reason is that the credit card network sphere is largely governed by contract, because -- just like we see in the ICANN world -- once companies start insisting on local court orders, it gives criminals an opportunity to pick safe havens.

As to search engines (responding to Tim's question about what other industries do, and whether it's voluntary or required), using Google as an example, their voluntary and I think very committed efforts (disclosure: we work closely with them as well as Bing/Yahoo) to stop rogue pharma from using their paid ad services also occurred pursuant to a half a billion (USD) fine and non-prosecution agreement. Microsoft and Yahoo quickly adopted the same standards after seeing what happened. Voluntary? Well, I think required is the better word: it's very clear in the search engine space that if you're running an ad program, it's your responsibility to make sure that the advertiser (again, in my area, rogue pharma) is operating legally both in the country where they are operating and where they are marketing drugs to. Otherwise, you can be held responsible for turning a blind eye to criminal activity and profiting from it.

That said, Volker and others raise entirely valid points -- but the point I'd make is, I think this group needs to achieve balance on all of these considerations, not discount those Gema and I have raised. For example, Volker (and separately Kathy) have both raised the point that a complainant could be anti-competitive or falsely claiming to be a victim. That's absolutely true. We see that too, and have to deal with it. I just dealt with a situation a few weeks ago where someone claiming to be a victim was, in fact, a rogue Internet pharmacy competitor. (But, we figured it out.) That doesn't take away from the fact that some complainants are, indeed, victims. These are not mutually exclusive, and we need to recognize that both dynamics exist -- not assume that all complainants are victims or are fraudulent.

Coming back to the task at hand, I'd encourage the group to consider those questions. They are just questions, which are, of course, designed to solicit better information and responses. If they can be improved and rewritten, I'm all for it. And don't assume from this that I am suggesting that a complainant (seeming to be a victim) should be immediately told the registrant's identity -- that sounds like a horrible policy. We're only proposing questions here to elicit better information.

I hope that information about credit card networks, banks and search engines is helpful. Please do not hesitate to let me know if I can clarify anything.

John Horton President, LegitScript

*FollowLegitScript*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | _Blog <http://blog.legitscript.com>_ |Google+ <https://plus.google.com/112436813474708014933/posts>

On Wed, Jan 8, 2014 at 6:03 AM, Tim Ruiz <tim@godaddy.com <mailto:tim@godaddy.com>> wrote:

I agree with Volker. That said, I would be very interested in understanding how banks, credit card companies, and search engines actually deal with multi-jurisdictional issues. We may be able to glean some concepts that could be applied to p/p accreditation.

Tim

On Jan 8, 2014, at 7:21 AM, "Volker Greimann" <vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>> wrote:

...

Hi all,

to respond to John's comments:

...

* When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime.

When an allegation of illegal activity is submitted, it is important to understand that it may be coming from someone who merely claims to vbe a victim of a crime, but is in fact not. The purposes for which someone may want to see the underlying registrant data are multifold and many of them are with the intent to later harass the privacy service user, or worse. We must remember in such cases that there may be a very good reason why the registrant has opted for whois privacy. It may therefore be essential for the registrant to know who has inquired to have messages relayed or to have the private data revealed to be able to help the p/p service provider better understand the situation. While I understand there may be cases where a complainant may also have an interest in keeping his identity hidden, he can avail himself of a multitude of methods to ensure this prior to launching the complaint. I do not see this question as actually necessary.

...

* Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk.

Agreed, but not all law enforcement is created equal. Basically, I would hold that the p/p operator is unable to determine if an investigation is legitimate or not. Therefore, the only law enforcement that should receive special priviledges should be the law enforcement of the country where the p/p service is based or operates from.

No such privileges should be extended to private organizations, no matter how well intentioned unless they are specially authorized be the laws of the country of the p/p operator.

...

* The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes.

Under an accreditation scheme, if actual collusion can be proven, that should probably be a reason to pull the accreditation of the service.

...

Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same.

John, please note that registrars are not (and are nothing like) banks or credit card networks, which are highly regulated by national laws. And even banks take action only based upon legal requirements, law enforcement requests or court orders. To demand any more for less regulated private companies is frankly ridiculous.

Your new questions as to related to asking them about applicability of foreign law enforcement requests sound like an unrealistic wish list at best. Providers bowing to every whim of foreign law enforcement or organizations without actual legal authority would expose themsemselves to severe legal liability.

Best,

Volker

...

Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined.

John Horton President, LegitScript

*FollowLegitScript*: LinkedIn <http://www.linkedin.com/company/legitscript-com> | Facebook <https://www.facebook.com/LegitScript> | Twitter <https://twitter.com/legitscript> | YouTube <https://www.youtube.com/user/LegitScript> | _Blog <http://blog.legitscript.com>_ |Google+ <https://plus.google.com/112436813474708014933/posts>

On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> wrote:

From: Kathy Kleiman <kathy@kathykleiman.com <mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org <mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits

Hi Marika, could you post this to our working group?

-------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com> <mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org>

Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted).

Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties).

For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show).

Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy

:

...

I will miss the first 30 minutes due to another obligation, but will join as soon as I can.

*From:*gnso-ppsai-pdp-wg-bounces@icann.org <mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] *On Behalf Of *Marika Konings *Sent:* Monday, January 06, 2014 4:30 AM *To:* gnso-ppsai-pdp-wg@icann.org <mailto:gnso-ppsai-pdp-wg@icann.org> *Subject:* [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting

Dear All,

Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC).

Best regards,

Marika

*Proposed Agenda – PPSAI PDP WG Meeting – 7 January 2013*

1.Roll Call / SOI

2.Review & finalise SG/C Template (see revised version attached)

3.Review & finalise SO/AC Outreach Letter (see revised version attached)

4.Input to EWG Survey (see attached)

5.Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX)

6.Review proposed charter question groupings (see latest version attached)

7.Next steps & confirm next meeting

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851> Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851> Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

_______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org <mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen,

Volker A. Greimann - Rechtsabteilung -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851> Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.

--------------------------------------------

Should you have any further questions, please do not hesitate to contact us.

Best regards,

Volker A. Greimann - legal department -

Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.:+49 (0) 6894 - 9396 901 <tel:%2B49%20%280%29%206894%20-%209396%20901> Fax.:+49 (0) 6894 - 9396 851 <tel:%2B49%20%280%29%206894%20-%209396%20851> Email:vgreimann@key-systems.net <mailto:vgreimann@key-systems.net>

Web:www.key-systems.net <http://www.key-systems.net> /www.RRPproxy.net <http://www.RRPproxy.net> www.domaindiscount24.com <http://www.domaindiscount24.com> /www.BrandShelter.com <http://www.BrandShelter.com>

Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems <http://www.facebook.com/KeySystems> www.twitter.com/key_systems <http://www.twitter.com/key_systems>

CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534

Member of the KEYDRIVE GROUP www.keydrive.lu <http://www.keydrive.lu>

This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

-- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.

Good point. I think we should consider a combination of what you suggest (something similar to the failed registrar process) and beneficial user notification to allow them a certain amount of time to voluntarily move, cancel the service, or cancel the domain name. Tim On Jan 8, 2014, at 7:24 AM, "Volker Greimann" <vgreimann@key-systems.net<mailto:vgreimann@key-systems.net>> wrote: Beyond my earlier comments, I noticed that the current set of questions also leaves a glaring hole with regard to the consequences of the termination of a p/p service for the service itself, but more seriously for its customers: - Should they be transitioned to a new service provider, similar to the way currently handled for registrar terminations? - What happens when their registrar(s) are not integrated with the new provider? - Where does the new provider get the underlying data? - Should the underlying data be immediately revealed? - etc... This is an important issue that should also be part of the questions asked here. Volker Hello all, As promised, I wanted to follow up on Don's and Kathy's proposed edits with some additional proposed edits to the input template; these edits are in part based on the background I provided earlier. (The letter from Don to the SO/AC chair can, perhaps, be edited based on whether there is consensus around our proposed edits.) My edits are to Kathy's version which is based on Don's edits -- Don, Marika, Kathy, let me know if there's a better way I should have done that! I wanted to briefly explain the rationale for some of these proposed edits. * When an allegation of illegal activity is submitted to the p/p service provider, it is important to understand that it may be coming from a victim of the crime. We regularly receive and process complaints of illegal pharma activity from victims (or familiar members, if a victim ends up dead or in the hospital). We must remember that in this case, the registrant has the victim's personal information -- where they live, their phone number, their payment details, and so forth. It is not unheard of that a rogue pharma operator -- just to use an example in my area of knowledge -- seeks to retailiate or make threats. Accordingly, we have added suggested questions to the portion asking for input as to whether the p/p service provider should be required to relay the allegation to the registrant, since standard practices should make allowances for the fact that the allegation may come from a victim seeking redress or additional information. I would argue that the relay/disclosure process should appropriately consider how to protect both registrants and alleged victims. * Similarly, I proposed an additional question regarding whether, if disclosure to the registrant is not required, it should be permitted even if law enforcement explains that it will jeopardize an investigation. The rationale for this is simply that in many cases -- in the offline world, as the online world -- disclosing this information puts a legitimate investigation at risk. * The proposed questions pertaining to jurisdiction are based on the problem I identified (and Gema did, as well) in our earlier emails. I do feel that the way I've written the questions can be clarified and improved, so I welcome anyone who would like to give that a shot. * Similarly, we propose a question that relates to the other business interests controlled by or affiliated with the p/p service. To explain this, we have sometimes seen that the criminal organization "is" the privacy/proxy service. (Currently, of course, there is no accreditation scheme, but the fact remains that is what we see, and I am happy to provide examples if need be.) To be very specific, we know of circumstances where a rogue Internet pharmacy network operates its own "proxy" service, or alternatively, the proxy service -- that is, the individuals who operate it -- also operates as affiliate marketers for rogue networks, using their own privacy/proxy service primarily for their own illegal purposes. Finally, although I unfortunately had to miss the call this morning, I believe that some of the comments may have argued that registrars (or, ICANN) should not have to address criminal jurisdictional issues (that is, multi-jurisdictional complexities). I'd note that banks, credit card networks and search engine ad programs regularly have to address precisely the same multi-jurisdictional questions relating to criminal activity on their platform and do not simply leave it to law enforcement. I would argue that there is no reason to consider registrars a special case that are for some reason exempt from having to address the same issues that companies in the financial and advertising sectors have had to address, and have by and large done so quite competently. I am confident that the registrar community can competently do the same. Thank you for the opportunity to provide this input, and I welcome any suggestions as to how our suggestions can be improved or refined. John Horton President, LegitScript [https://static.legitscript.com/assets/logo-smaller-cdb8a6f307ce2c6172e72257d...] Follow LegitScript: LinkedIn<http://www.linkedin.com/company/legitscript-com> | Facebook<https://www.facebook.com/LegitScript> | Twitter<https://twitter.com/legitscript> | YouTube<https://www.youtube.com/user/LegitScript> | Blog<http://blog.legitscript.com> | Google+<https://plus.google.com/112436813474708014933/posts> On Tue, Jan 7, 2014 at 7:44 AM, Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> wrote: From: Kathy Kleiman <kathy@kathykleiman.com<mailto:kathy@kathykleiman.com>> Date: Tuesday 7 January 2014 16:38 To: Marika Konings <marika.konings@icann.org<mailto:marika.konings@icann.org>> Subject: Fwd: Draft Grouping of Charter Questions - some edits Hi Marika, could you post this to our working group? -------- Original Message -------- Subject: Draft Grouping of Charter Questions - some edits Date: Tue, 07 Jan 2014 10:35:02 -0500 From: Kathy Kleiman <kathy@kathykleiman.com><mailto:kathy@kathykleiman.com> To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Hi All, Hopefully you have seen the proposed edits I just to the SG-C Input Template (I haven't seen them posted). Attached here are some inputs to the Draft Grouping of Charter Questions - with an organizational-type perspective being added. The world is really not just commercial/individual, but truly one of commercial, noncommercial and individual (as ICANN has organized its non-contracted parties). For a religious group, political group, hobby group, dissident group may be organized as a limited liability company to protect the members in case someone falls in the building, but that does not nullify the fact that the group is engaged primarily and fully in noncommercial speech (as the wide array of members of NCSG show). Again edits highlighted and hopefully visible. I would like to see much more discussion on this issue in our next meeting and over the list. Best, Kathy : I will miss the first 30 minutes due to another obligation, but will join as soon as I can. From: gnso-ppsai-pdp-wg-bounces@icann.org<mailto:gnso-ppsai-pdp-wg-bounces@icann.org> [mailto:gnso-ppsai-pdp-wg-bounces@icann.org] On Behalf Of Marika Konings Sent: Monday, January 06, 2014 4:30 AM To: gnso-ppsai-pdp-wg@icann.org<mailto:gnso-ppsai-pdp-wg@icann.org> Subject: [Gnso-ppsai-pdp-wg] Proposed Agenda - PPSAI PDP WG Meeting Dear All, Please find below the proposed agenda for the next PPSAI PDP WG meeting (Tuesday 7 January at 15.00 UTC). Best regards, Marika Proposed Agenda – PPSAI PDP WG Meeting – 7 January 2013 1. Roll Call / SOI 2. Review & finalise SG/C Template (see revised version attached) 3. Review & finalise SO/AC Outreach Letter (see revised version attached) 4. Input to EWG Survey (see attached) 5. Update on WG members survey (to participate, please go to https://www.surveymonkey.com/s/86N33WX) 6. Review proposed charter question groupings (see latest version attached) 7. Next steps & confirm next meeting _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org>https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg -- Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung. Mit freundlichen Grüßen, Volker A. Greimann - Rechtsabteilung - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> Geschäftsführer: Alexander Siffrin Handelsregister Nr.: HR B 18835 - Saarbruecken Umsatzsteuer ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen. -------------------------------------------- Should you have any further questions, please do not hesitate to contact us. Best regards, Volker A. Greimann - legal department - Key-Systems GmbH Im Oberen Werk 1 66386 St. Ingbert Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann@key-systems.net<mailto:vgreimann@key-systems.net> Web: www.key-systems.net<http://www.key-systems.net> / www.RRPproxy.net<http://www.RRPproxy.net> www.domaindiscount24.com<http://www.domaindiscount24.com> / www.BrandShelter.com<http://www.BrandShelter.com> Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems<http://www.facebook.com/KeySystems> www.twitter.com/key_systems<http://www.twitter.com/key_systems> CEO: Alexander Siffrin Registration No.: HR B 18835 - Saarbruecken V.A.T. ID.: DE211006534 Member of the KEYDRIVE GROUP www.keydrive.lu<http://www.keydrive.lu> This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone. _______________________________________________ Gnso-ppsai-pdp-wg mailing list Gnso-ppsai-pdp-wg@icann.org<mailto:Gnso-ppsai-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg