Thanks Kathy.  I both agree and disagree with what you’ve said below.

I strongly agree that “the key is the quotes that have come out of the comments.”  I’ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible.  To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so.  Moreover, part of the reason why I feel so strongly that “the key is the quotes” is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say – not on what we want them to say.  That’s why I felt so strongly that “verifiable evidence” should not be reinterpreted to mean a court order.  It is also what animated my email exchange with Stephanie in the larger WG (attached).

And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the “court order” comments into one monolithic group.  I’ve given some examples of substantive differences below.  But let me give another one: if we look at what they actually say, the “court order” comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider.  Which of course makes sense: a registrant will tend to look at these issues very differently than a provider.  Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that “Everyone deserves the right to privacy” and that “No one’s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.”  And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it.

But note that the registrar/provider comments in the “court order” group do NOT say the same thing.  Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order.  Hence my point about the word “require” in the Blacknight comment.  See also the Key Systems comment: “Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.”  And others.  So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish.  And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise).  See below (among many others):

·        Blacknight: https://www.blacknight.com/acceptable-usage.html.

·        Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm.

·        EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy.

·        1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static.

·        Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service.

·        DomainIt, Inc.: https://www.domainit.com/terms.html.

·        Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement.

So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant’s privacy service (and to rewrite their Terms of Service accordingly).  In fact, Volker has already admitted – both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) – that such an accreditation requirement would have such a “severe impact” on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement.  But of course, if I’m an individual registrant concerned about my privacy and due process, then I could care less about the “economic realities” of providers.

My point is only that we can’t gloss over that important distinction (and others) by lumping all of the “court order” comments together as if they were coming from the same place and advocating for the same thing.  They’re not.    

Thanks Kathy.

 

·       When you say that “in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one” – what are you basing that on?  Can you point to any transcripts or emails?  I certainly don’t remember being part of those discussions.

·       Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like.  For example, a UDRP panel is not a court.  I think that is an important distinction between Categories 2 and 3.  And the fact that the ICA and EasyDNS comments would allow for “some exceptions for cases of abuse” is another important distinction that the broader WG ought to know about.  I’m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do).  But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.

·       I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (“not indisputably wronged parties”), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims.  Annex E as currently drafted provides for that.  But I also don’t think that you or I should necessarily be the ones to decide this argument.  Why can’t we just say that we weren’t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.

·       I think you’re missing my point on Blacknight.  My point is that the key word is “require.”  As I mentioned below, nothing in Annex E “requires” Blacknight to disclose (merely to give reasons if they refuse to disclose).  So I don’t see anything in their comment that is inconsistent with Annex E.

·       On the APC comment: I don’t disagree with you that the comment has important value for the WG.  But that’s not the same thing as saying that it advocates for disclosure only following a court order.  It doesn’t.     

 

From: Kathy Kleiman [mailto:kathy@kathykleiman.com]
Sent: Wednesday, August 26, 2015 10:59 PM
To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org
Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

 

Hi Todd,
Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?

With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.

So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.

The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.

Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us."  The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.

Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid?  Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.

As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind.   If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!

Best,
Kathy
:

Thanks Kathy.  One minor formatting suggestion:

 

I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing.  Yet the quotes that we’ve added from the comments are all included under Category 2, which is somewhat confusing.  I would suggest that we move:

 

·       The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.

·       The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.

 

Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren’t in our initial summary and don’t specifically mention Annex E.  My thoughts on each:

 

·       Here’s the full ISPCPC quote, from a section titled “Regarding LEA definitions & differentiations”: “While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.”  To be honest, I’m not really sure what to make of that (especially given that it is included under a heading about LEA definitions).  But I’m not sure that we can assume that it means disclosure only following a court order.  Why would Annex E as currently drafted not satisfy the standard of “an independent adjudicator should determine the merits of their claim”?

·       I also don’t understand why we would think that the Blacknight quote is incompatible with Annex E.  All it says is that “any policy that would require us to divulge our client’s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.”  But Annex E as currently drafted doesn’t require Blacknight to divulge its client’s information.  Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.

·       I don’t understand why we’d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see:  http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pdf), which we analyze in the previous section that supports the premise of Annex E.

 

From:gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman
Sent: Wednesday, August 26, 2015 5:17 PM
To: gnso-ppsai3@icann.org
Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

 

Hi All,
Tx to Darcy for the Overview work.  I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.

I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."

Best,
Kathy

:

Hi, all!

In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning.  I redlined my changes so you can clearly see what I’ve done.  I hope you find that I present a clear and accurate overview.

 

I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section made a bit more sense.  Again, I’ve redlined the changes so you can easily see what changed.

 

Please let me know if there are any questions.

 

Thanks,

Darcy

_______________________________________________

Gnso-ppsai3 mailing list

Gnso-ppsai3@icann.org

https://mm.icann.org/mailman/listinfo/gnso-ppsai3