Well, I guess our sub-team will just find out on the 10:00 call with the rest of the WG…...
Thanks Kathy. Can I ask what edits to III(C) you’re concerned about?
Hi All,
Here are my response to the template as it was reviewed on Friday by Sara. Sara's comments are in red, my comments are in green (at least according to my screen). I will now dive into Todd's comments, but I am very, very concerned about Section III, as revised,
and I am very certain that NCSG and many other commenters (some following NCSG) would ever have supported Annex E in this revised form. Huge issue to discuss - and looking forward to doing so.
Best,
Kathy
------------------------------------------------------------
Sara's comments in Red
Kathy's comments in Green
From:
<gnso-ppsai3-bounces@icann.org> on behalf of Mary Wong
Date: Thursday, September 24, 2015 at 9:34 AM
To: "gnso-ppsai3@icann.org"
Subject: Re: [Gnso-ppsai3] PROPOSAL: Sub Team 3 call this Friday? (Re: Follow up from WG call yesterday)
Hello everyone,
As it looks like several Sub Team members will not be available for a Friday call, staff would like to ask if the Sub Team would prefer the following alternative approach:
Sub Team members to circulate to this email list their comments/suggestions on the notes and questions from the WG call last week by
Friday 25 September, 1900 UTC. Staff will send out a draft updated Annex E based on the Sub Team’s input as received as of that time. Should the Sub Team wish to further discuss the updated draft on Monday, the GNSO Secretariat can assist with setting
one up at a convenient time for most – unfortunately, I can only be available between 1400-1500 UTC on Monday, so if there is a call that results in further updates, I hope one of the Sub Team will not mind taking on that task and circulating the further revised
draft to the WG before the Tuesday call.
Alternatively, we could still aim for a Friday call as proposed, to discuss any input that may come in from Sub Team members up to that point.
For your convenience, the notes and questions from the WG call last week are reproduced again here:
Section I.B.(iii):
- Need to discuss retaining it in some form; costs are real for providers
I support this being retained. I do too. We received comments about the costs of the P/P services, and a real concern in keeping these services accessible and affordable. Reasonable costs of requests, many feel should be borne by Requesters.
Section II:
- Should there be provision for indemnification to provider against misuse of data? (NOTE: unlikely to gain support, so possibly no need to add) I agree that a provision should
be added and the main WG can determine if they will support it. +1
- A(6)(b)(ii): can a requester under the new wording keep/use the data to assocate with other information about the registrant e.g. for future or other requests? Does reverse apply
to registrar/provider i.e. do they keep data that’s sent to them? Seems we need to clarify “objectives”.
Limited to original request? Commenters shared their concern that a) data can be misused by the Requester, including publication (e.g., via blog) and harvesting (e.g., compilation of data bases).
According to comments received, we should
a) tightly restrict use of data by Requester by contract [already agreed to, but language should be tightened in light of comments],
b) create a jurisdiction for challenging the Requester if they violate the terms [now part of Annex 1, but perhaps should be moved here]
c) create a way of communicating with ICANN and other Providers if the Requester violates the terms,
d) create a penalty sufficiently severe to deter violations (perhaps a bond).
The above are only a first set of ideas, but clearly we want to ensure that the rules we adopt are binding and with real consequences for violation.
Section III:
- III.B: Secure communications may not be as easily or readily done as might be desired (so revision is well-intended but maybe not entirely practical) I would not discount this
one at all. There are very safe, effective and cheap ways of transferring confidential data over the Internet. This is actually critically important; sending personal or sensitive information over open Internet could subject Providers to liability.
- 5 calendar days rather than 3 is more reasonable from providers’ perspective Agree.
- saying “encouraged" but not mandating action would nullify need for this section B (NOTE: many people on the call agree with this, one objected)
Agree Sorry, but I don’t see how using the word encouraged nullifies Section B.
- **I don’t agree with the edits to III.C at all. The Provider is not a court of law and should not rendering a legal opinion. The original language was a much more accurate representation of the most of the comments that we received; and the new language operates
against many of the “due process” protections that thousands of commenters sought to protect.**
- III.C.: use some other word than “surrender”, and one that makes clear this does not mean a transfer; in any event, clarify that it's a deletion at the option of a customer (NOTE: there was some discussion over whether providers must be required to offer
this option; reminder that previous WG discussions had led to agreement to NOT make it mandatory due to varying provider practices)
Agree; I actually think the word “surrender” is a pretty good and accurate one; I would keep it. I think it does need to be clarified that a surrender is absolutely not a transfer.
- III.C.(v) & (vi): do they overlap? Should they be merged? Leave separate. Let’s discuss the wording of vi. It’s getting close, but needs to be tweaked.
Annex I:
- Keep both options to clarify they are two possible ways of dealing with the issues? Yes. I think the edits as noted make sense – deletion of Option 1 and editing of Option
2 (now just Annex I)
Please let me know what you think of these two suggestions as soon as you can. Thank you!
Cheers
Mary
Mary Wong
Senior Policy Director
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Email:
mary.wong@icann.org
On 9/25/2015 10:04 PM, Mary Wong wrote:
Hello Todd and everyone, thank you so much for the comments and suggestions. I apologize I was not able to respond earlier as I have been traveling back to the US from Asia.
What staff will do is update the document in accordance with the comments provided by Sub Team members, with (where possible) notes indicating the transcript as noted by Todd and
other specific pointers to reasons/justifications/further dicussions. – perhaps, with that updated document and the approach as outlined by Todd below, the Sub Team can frame the specific points that merit further WG discussion on the Tuesday call. It will
certainly be helpful to get some concrete indication from the WG as to how they might wish to proceed on a number of these points.
Mary
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Thanks Mary and thanks Sara. My thoughts on where we are as a WG after going back through the transcript of the 9-15 call:
· I(B)(iii): we didn’t really substantively discuss this on the 9-15 call. Rather, I noted as I was summarizing the document that it had been removed because more commenters had opposed it than supported it. Transcript at
pg. 5. And then James Bladel noted at the end of the call that he wanted to put a marker down for further discussion on it. Transcript at 27. So I would just propose that we have that as one agenda item for the call this coming Tuesday: as a WG, do we want
to keep I(B)(iii)? And why or why not?
· II(A)(6)(b) (note that these same points also apply to II(B)(7)(c) and II(C)(6)(b)): I would slightly reframe these as part of a bigger discussion that the WG should revisit on Tuesday. Specifically: we’ve got the new language
in the draft per the comments from Cyberinvasion/NCSG. And several people on the call expressed concerns over whether that new language was administratively feasible and/or enforceable. Transcript at 8-16. So indemnification was floated as one potential
alternative that might address the points of both the Cyberinvasion/NCSG comments AND the feasibility concerns. Transcript at 11. So I think the options on the table for the WG are: 1) keep the current language as is; 2) replace the current language with
some sort of indemnification language; or 3) replace the current language with something else. I definitely think that a discussion of the pros/cons of each of those three options should be another specific agenda item for the call on Tuesday. But I don’t
think that we as a sub-team have enough guidance/discussion from the WG yet to choose among the three options ourselves.
· III(B):
§ 5 calendar days: agree. See Transcript at 18.
§ Remove reference to secure communications as not administratively feasible: agree. See Transcript at 18-19.
§ “Shall” over “encouraged but not required to”: agree. See Transcript at 20-21.
§ I would add one additional point not included in your email below. I think the agreement on the 9-15 call was that we need to go back to the original formulation “the contact information it has for Customer that would ordinarily
appear in the publicly accessible Whois for non-proxy/privacy registration” instead of the new proposed formulation “name, mailing address, and contact information for service of process that it has for Customer.” See Transcript at 19.
· III(C)(iv): the issue here is whether this action (giving up the domain name in lieu of disclosure) should be optional (as the original language contemplated) or mandatory (as the new language proposed, per the comments from
Cyberinvasion/NCSG). And in the discussion on the 9-15 call we heard from James Bladel that making it mandatory may be difficult b/c not all P/P Providers are also going to be Registrars. Transcript at 24. I think that’s a good point, and on the 9-15 call
James Gannon seemed to express agreement that going back to optional (vs. mandatory) was fine. Transcript at 24. So based on that, it looks like the WG as a whole is more in support of “optional” vs. “mandatory” for III(C)(iv), and thus that we should go
back to the old language. But frankly I personally don’t have an opinion one way or the other, and am happy to discuss further if the WG wants.
· III(C)(vi): the question was raised on the 9-15 call how the new III(C)(vi) differs in any way or adds anything to III(C)(v). Transcript at 23. We got no answer to that question from the proponents of the new III(C)(vi),
and in fact James Gannon seemed to suggest that upon reflection it would be fine to merge the new III(C)(vi) into III(C)(v). Transcript at 24. So again, it seems like the WG as a whole is more in support of either folding the new III(C)(vi) into III(C)(v)
somehow, or deleting it altogether. But again, I personally don’t have an opinion yet, and if the proponents of the new III(C)(vi) want to take time on the call on Tuesday to answer the question that is on the table (how does it add anything to III(C)(v)?),
or to otherwise advocate for it, that’s fine.
· Annex One keep both options: agree. See Transcript at 26-27.
Everyone – it will be great if you can provide your feedback as well, perhaps in a similar format as Sara did if that’s the easiest for you. Staff will try to pull a revised document
together as best we can with whatever input we receive.
I should add that I am very sorry, but due to a flight rerouting I can no longer make a call on Friday 1900 UTC. Since we haven’t heard from many Sub Team members that they can
do a Friday call, I’m going to suggest that staff attempt to revise the document (in the manner noted above, in light of comments received by 1900 UTC on Friday). We can then circulate the document to the WG on Monday, noting – as we did this past week
for the updated proposed language for Section 1.3.2 (Sub Team 1) that it Is not language that has been discussed, much less fully supported, by the Sub Team.
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
I’ve provided feedback in
red below.
As it looks like several Sub Team members will not be available for a Friday call, staff would like to ask if the Sub Team would prefer the following alternative approach:
Sub Team members to circulate to this email list their comments/suggestions on the notes and questions from the WG call last week by
Friday 25 September, 1900 UTC. Staff will send out a draft updated Annex E based on the Sub Team’s input as received as of that time. Should the Sub Team wish to further discuss the updated draft on Monday, the GNSO Secretariat can assist with setting
one up at a convenient time for most – unfortunately, I can only be available between 1400-1500 UTC on Monday, so if there is a call that results in further updates, I hope one of the Sub Team will not mind taking on that task and circulating the further revised
draft to the WG before the Tuesday call.
Alternatively, we could still aim for a Friday call as proposed, to discuss any input that may come in from Sub Team members up to that point.
For your convenience, the notes and questions from the WG call last week are reproduced again here:
- Need to discuss retaining it in some form; costs are real for providers
I support this being retained.
- Should there be provision for indemnification to provider against misuse of data? (NOTE: unlikely to gain support, so possibly no need to add) I agree that a provision should
be added and the main WG can determine if they will support it.
- A(6)(b)(ii): can a requester under the new wording keep/use the data to assocate with other information about the registrant e.g. for future or other requests? Does reverse apply
to registrar/provider i.e. do they keep data that’s sent to them? Seems we need to clarify “objectives”. Limited to original request?
- III.B: Secure communications may not be as easily or readily done as might be desired (so revision is well-intended but maybe not entirely practical)
- 5 calendar days rather than 3 is more reasonable from providers’ perspective Agree.
- saying “encouraged" but not mandating action would nullify need for this section B (NOTE: many people on the call agree with this, one objected)
Agree
- III.C.: use some other word than “surrender”, and one that makes clear this does not mean a transfer; in any event, clarify that it's a deletion at the option of a customer (NOTE:
there was some discussion over whether providers must be required to offer this option; reminder that previous WG discussions had led to agreement to NOT make it mandatory due to varying provider practices)
Agree
- III.C.(v) & (vi): do they overlap? Should they be merged? Leave separate.
- Keep both options to clarify they are two possible ways of dealing with the issues? Yes.
Please let me know what you think of these two suggestions as soon as you can. Thank you!
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Hi Holly,
Were you able to attend this call? I am sorry, but I cannot see your text in the email below :-(.
As for me, I am very unlikely to be able to attend a call at this time tomorrow. Can we try for Monday?
Best,
Kathy
On 9/23/2015 9:58 PM, Holly Raiche wrote:
Works for me. Thanks Mary.
Hello everyone – can we do a call this Friday 25 September at 1900 UTC?
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Thanks very much, Todd! Everyone – can we ask that you let us know your availability for a Sub Team call at any of the times indicated by Todd, below? Thank you all!
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Thank you Mary. I think a call is a good idea. Friday at or after 1900 UTC is better for me. Though if we want to do tomorrow, I could do 1400-1500 UTC or 1600-1800 UTC.
Following a discussion with the WG co-chairs yesterday, we would like to suggest that the Sub Team consider doing a call this week to review the notes from the last WG call (see
below), with the goal of presenting recommendations and/or alternative proposals to the full WG for discussion next week (i.e. Tuesday 29 September).
If you are able to do a call this week, would either Wednesday (at or after 1400 UTC) or Friday (at or after 1900 UTC) work for you?
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Here are the notes I captured from the WG discussion yesterday; we should have the full transcript and MP3 recording uploaded by tomorrow at the latest but I thought these notes
might be helpful, at least as an initial framework for the next Sub Team discussion:
- Need to discuss retaining it in some form; costs are real for providers
- Should there be provision for indemnification to provider against misuse of data? (NOTE: unlikely to gain support, so possibly no need to add)
- A(6)(b)(ii): can a requester under the new wording keep/use the data to assocate with other information about the registrant e.g. for future or other requests? Does reverse apply
to registrar/provider ie do they keep data that's sent to them?
- III.B: Secure communications may not be as easily or readily done as might be desired (so revision is well-intended but maybe not entirely practical)
- 5 calendar days rather than 3 is more reasonable from providers' perspective
- saying "encouraged" but not mandating action would nullify need for this section B (NOTE: many people on the call agree with this, one objected)
- III.C.: use some other word than “surrender”, and one that makes clear this does not mean a transfer; in any event, clarify that it's a deletion at the option of a customer (NOTE:
there was some discussion over whether providers must be required to offer this option; reminder that previous WG discussions had led to agreement to NOT make it mandatory due to varying provider practices)
- III.C.(v) & (vi): do they overlap? Should they be merged?
- Keep both options to clarify they are two possible ways of dealing with the issues?
Would you like to do a Sub Team call to walk through these suggestions, or should we continue to discuss first by email? I will check with the WG co-chairs when they would like
a revised, more finalized, set of recommendations to be presented to the WG (if possible).
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Thanks Holly. As I mentioned when I circulated the draft (see attached email):
“for Sara, Kathy, and the others on our sub-team who have argued that “verifiable evidence” means something higher – let us know how you would further edit Sections II(A), (B),
and (C) to meet whatever “higher” standard you have in mind.”
Yes, it does help - particularly since I recognise my words in the extract. What it suggests, however, is acceptance that the elements a requested gives to a provider amounts
to the standard of evidence that is ‘verifiable’ - as described below. My question to the group, therefore, is whether the addition of those words has been agreed upon by the group. If not, the words should not be there; their mere presence suggests agreement,
and puts the onus on those of us who don’t agree to argue for the removal of words that were not agreed to.
Sorry to be pedantic, folks, but the presence of those words suggests a level of agreement that I am not aware of.
As Todd noted in his report to the full WG last week on behalf of the Sub Team, the document doesn’t represent the finished consensus product of the Sub Team but rather is being
presented as a tool for further WG discussion. The document includes certain revisions that were added to more fully reflect the comments that were received, and as such could be one form of a revised Annex E – however, as Todd mentioned, it isn’t the agreed
result of the Sub Team’s substantive analysis.
Similarly, in the summary document that was also sent out in tandem, here is how the Sub Team’s discussion on the question of “verifiable evidence” was presented:
"Further, the Save Domain Privacy petition, which had 10,042 signatories and also included [x] number of additional statements, argued that “privacy providers should not be forced
to reveal my private information without verifiable evidence of wrongdoing.” We as a sub-team could not agree on how to interpret “verifiable evidence,” and will leave that discussion to the larger WG. Some on the sub-team viewed these comments as supporting
Annex E because the requirements in Annex E as currently formulated can be interpreted as constituting verifiable evidence, while others on the sub-team interpret ‘verifiable evidence’ as requiring a court order and therefore not in support of Annex E. However,
some also noted that the word “verifiable” does not imply that the evidence has been tested through a legal process; rather, it simply points toward requiring that evidence provided must be credible/provable enough so that, in a legal proceeding, it would
withstand legal scrutiny, but does not necessarily imply that there must have been a court process in all cases."
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
I apologise for not participating over the past week - I’ve been away.
My question is, next to the headings on request for templates, the words after requester provides to the service provider, the words ‘verifiable evidence of wrong doing, including’….
What that implies is that the following text lists what would constitute ‘verifiable evidence’ and indeed, the word ‘including’ suggests that other elements can also constitute
‘verifiable evidence’. Has the group agreed on this?
My impression was that we had not yet agreed what the term meant, but that it must be evidence of a very high standard - impliedly something that could be used in court processes.
I am not convinced that the elements listed under Heading II meet that test.
So Mary, others, was this agreed?
From: "Williams, Todd"
Date: Monday, September 14, 2015 at 1:18 PM
To: Sara Bockey, Mary Wong, "gnso-ppsai3@icann.org"
Subject: RE: [Gnso-ppsai3] Additional Comments for Sub Team Consideration
Thanks Sara. I’m still confused. In order:
· I still don’t see any mention in the CDT comment re: removal of alleged infringing materials in lieu of disclosure. I do see
support for the additional language that the attached draft adds to III(C)(vii) about “specific information, facts and/or circumstances showing that disclosure to the Requester will endanger the safety of the Customer” (in fact, that language was added specifically to
capture the point of the paragraph from the CDT comment that you’ve quoted below). But that is completely different from what you’ve added, for which I cannot find any support in any of the public comments. I also don’t understand your claim that “rights
and actions available to the registrant are sorely lacking in Annex E” – given that Annex E explicitly contemplates notice to the registrant and contemplates input from the registrant in Sections III(A), III(C)(ii), III(C)(iii), III(C)(iv), III(C)(vi), and
III(C)(vii).
· The portion of the NCSG comment that you’ve cited addressed the appeals mechanism of Section III(F), not the reconsideration
mechanism of III(E). In fact, the attached draft removes the appeal mechanism of III(F) precisely because of the language that you quoted below from the NCSG comment
(among others). But that language has nothing to do with III(E).
· I don’t understand what the comments from Key Systems, Ralf Haring, or Adam Creighton have to do with III(E) – which again, is
only talking about a request for reconsideration. Moreover, the Key Systems comment is simply inaccurate: the Disclosure Framework never “assume[d] disclosure if certain process steps are followed regardless of the merits of the complaint” – a point that
the attached revised draft now makes explicit in the preamble (“by not requiring that disclosure automatically follow any given request”).
Just to reiterate: I’ve always viewed our job in the two documents that our sub-team has drafted as being to accurately report to the larger WG what the comments that we’ve reviewed
say. Which means two things: 1) we have to be true to the comments, and not reinterpret them to say something they don’t; and 2) we have to reserve our advocacy for or against certain points from those comments for the larger WG discussion. That’s what I
tried to do in the attached. So if you want to argue against Annex E, that’s fine – do so on the call tomorrow. In fact, I’m planning to argue against several of the proposed changes that are included in the attached. But I still included those proposed
changes in the attached draft, and accurately noted which comments they were based on – because to do otherwise would be misleading to the larger WG.
Please see my comments inline below.
Disclaimer: I do not support Annex E.
From: "Williams, Todd"
Date: Monday, September 14, 2015 at 11:57 AM
To: Sara Bockey, Mary Wong, "gnso-ppsai3@icann.org"
Subject: RE: [Gnso-ppsai3] Additional Comments for Sub Team Consideration
Two quick questions on this as I was getting ready for our call tomorrow:
1) Your addition of a new III(C)(v) stating “the Customer has removed the infringing trademark and/or copyright material in lieu of
disclosure” – what public comment that we reviewed was that change based on?
Based on CDT’s comment re registrant’s ability to respond to allegations – removal of alleged infringing materials in lieu of disclosure would fall into this category. Rights and
actions available to the registrant are sorely lacking in Annex E.
Mere allegation of infringement or illegality is insufficient cause for a provider to disclose a customer’s data to a third party; it is frequently trivially easy for a party abusing
the system to allege frivolous or nonexistent civil claims to justify a demand for personal information. Registrants should have the ability and opportunity to respond to the allegations and to the dangers to which they, their families, and their organizations
might be subjected, and to obtain counsel on these matters.
Revealing a customer’s registration data should only occur when there has been a substantial showing of likelihood of abuse and only after due process.
|
2)Can you show me where in the NCSG comment (here:
) the NCSG argued for the addition of the clause “in instances where Requester has discovered and submitted additional evidence or information which warrants consideration” to III(E)?
You noted that this change was based on the NCSG comment, but I can’t find anything in that comment that mentions III(E) – though admittedly I could have missed it.
Based on NCSG comment re unlimited appeals .
Under no circumstances should Intellectual Property Interests, Law Enforcement or any other Requestors have unlimited appeals to third party dispute resolution providers. It will
be far more than an implementation detail to define this appellate procedure – but a whole new arbitration forum of its own will need to be created and a UDRP process un–discussed and un–planned by this Working Group. All deliberation about appeal mechanisms
should be set aside at this time. Any Intellectual Property owner or group that feels a Provider is routinely denying appropriate requests will have full access to the growing and increasingly responsive ICANN Compliance Team – which will be accessible to
Complainers through the accreditation process now being created.
Key Systems’ comment would also support this addition: We do not support the proposed Disclosure Framework as it assumes disclosure if certain process steps are followed regardless of the merits of the complaint.
As well as Ralf Haring’s comment: [Disagree with proposal that] Providers can be forced to give your private contact details to anyone complaining that your site violates their copyright or trademark. And Adam Creighton’s comment: I think the language is too loose, and opens individuals up to frivolous litigation from IP rights owners and third-party agencies whose contracted relationship is to expand IP
brand presence.
|
As promised, attached is a redline of my input to the proposed changes Todd drafted. Todd was pretty thorough and had included several revisions I had in mind based on the comments
so my edits are limited to a few comments and additions.
As promised on our call, attached is a redline of the Draft Disclosure Framework, with annotations noting the source of each proposed change. Several notes as you review:
· I know that we’ve debated whether “verifiable evidence” means more than what is currently in Sections II(A), (B), and (C). You’ll
see that I’ve added the exact wording from the savedomainprivacy.org petition – “verifiable evidence of
wrongdoing” – to those sections. I think that is a good fit, as of right now. But for Sara, Kathy, and the others on our sub-team who have argued that “verifiable evidence” means something higher – let us know how you would further edit Sections II(A), (B),
and (C) to meet whatever “higher” standard you have in mind.
· You’ll note that I briefly added a reference to the comment from Com Laude (which I think we had omitted from our summary). And
that I did not reference the comment from Aaron Myers (which we’ve referenced in our summary, but which doesn’t really offer any edits to the Disclosure Framework). Otherwise I think I’ve covered everything that we reviewed in terms of edits to the Disclosure
Framework – though let me know if anybody sees anything I’ve missed.
· Just to be clear for the record: the attached is a revised Disclosure Framework that illustrates and attempts to account for all
of the proposed edits that we received from the public comments, for the larger Working Group’s reference. But it is not how I would have edited the
Disclosure Framework. In fact, I’ll reserve the right to argue against some of these proposed edits, once we get into the larger WG discussion. Just
wanted to make that clear so that nobody thinks these edits are mine (since I’m the one who drafted the document).
As you look through the proposed revised summary document (below), you may also wish to consider whether some of the additional comments that were included in Part 4 of the overall
WG Public Comment Review Tool might be useful such that additional notes or recommendations can be made, or existing language amended. For your convenience I’ve extracted ten such comments which, while not sent in as specific responses to the Preliminary Recommendations
and Annex E that this Sub Team is analysing, nonetheless seem relevant generally.
I attach these ten comments in tabular form to this email, and welcome the Sub Team’s discussion and comments on whether any of them ought to be considered as well as your thoughts
on the summary document.
As the Sub Team is due to report back to the full WG next Tuesday, please let me know also if you think a call before then amongst the Sub Team members might be needed.
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I’ve taken the liberty of amending Kathy’s document to take
into account Holly’s comments as well as to attempt to place certain comments (e.g. the ICA’s, EasyDNS’) more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow
highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful.
Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team’s discussion seems to be at the moment. I hope this is
helpful.
Internet Corporation for Assigned Names & Numbers (ICANN)
Telephone: +1 603 574 4889
Thanks Kathy. I both agree and disagree with what you’ve said below.
I strongly agree that “the key is the quotes that have come out of the comments.” I’ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the
comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that “the key is the quotes”
is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say – not on what we want them to say. That’s why I felt so strongly that “verifiable evidence” should not be reinterpreted
to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached).
And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the “court order” comments into one monolithic group. I’ve given some examples
of substantive differences below. But let me give another one: if we look at what they actually say, the “court order” comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course
makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that “Everyone deserves the right to
privacy” and that “No one’s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.” And of course, we can understand why registrants would argue that their
right to privacy is inviolate, and that it should never be abrogated unless a court blesses it.
But note that the registrar/provider comments in the “court order” group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose
or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word “require” in the Blacknight
comment. See also the Key Systems comment: “Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.” And others. So one key distinction b/w the registrant/individual comments and the registrar/provider
comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or
publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process
beforehand (due process or otherwise). See below (among many others):
So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant’s privacy service (and to rewrite
their Terms of Service accordingly). In fact, Volker has already admitted – both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) – that such an accreditation requirement would have such a “severe impact” on the economic
realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I’m an individual registrant concerned about my privacy and due process, then I could care less about the “economic
realities” of providers.
My point is only that we can’t gloss over that important distinction (and others) by lumping all of the “court order” comments together as if they were coming from the same place
and advocating for the same thing. They’re not.
Hi Todd,
The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling,
right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court
order for private requests to p/p providers) - but I can understand if the subteam thinks differently.
What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week.
Best,
Kathy
:
· When you say that “in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary
one” – what are you basing that on? Can you point to any transcripts or emails? I certainly don’t remember being part of those discussions.
· Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together
in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important
distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for “some exceptions for cases of abuse” is another important distinction that the broader WG ought to know about. I’m fine if we want to include some sort
of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.
· I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true
(“not indisputably wronged parties”), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don’t
think that you or I should necessarily be the ones to decide this argument. Why can’t we just say that we weren’t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.
· I think you’re missing my point on Blacknight. My point is that the key word is “require.” As I mentioned below, nothing in
Annex E “requires” Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don’t see anything in their comment that is inconsistent with Annex E.
· On the APC comment: I don’t disagree with you that the comment has important value for the WG. But that’s not the same thing
as saying that it advocates for disclosure only following a court order. It doesn’t.
Hi Todd,
Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or
do they want court order prior to the reveal of the data?
With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders
for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we
are evaluating.
So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.
The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please
let me know.
Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection
agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.
Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are
valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online.
This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.
As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional
issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!
Best,
Kathy
:
Thanks Kathy. One minor formatting suggestion:
I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we’ve added
from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:
· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.
· The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.
Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren’t in our initial summary
and don’t specifically mention Annex E. My thoughts on each:
· Here’s the full ISPCPC quote, from a section titled “Regarding LEA definitions & differentiations”: “While we respect the desire
to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an
independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.” To be honest, I’m not really sure what to make of that (especially given that it is included
under a heading about LEA definitions). But I’m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of “an independent adjudicator should determine the merits
of their claim”?
· I also don’t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that “any policy
that would require us to divulge our client’s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.” But Annex E as currently drafted
doesn’t require Blacknight to divulge its client’s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.
Hi All,
Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of
proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.
I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."
Best,
Kathy
:
In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly
see what I’ve done. I hope you find that I present a clear and accurate overview.
I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section
made a bit more sense. Again, I’ve redlined the changes so you can easily see what changed.
Please let me know if there are any questions.
_______________________________________________
Gnso-ppsai3 mailing list
Gnso-ppsai3@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai3
_______________________________________________
Gnso-ppsai3 mailing list
Gnso-ppsai3@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai3
_______________________________________________
Gnso-ppsai3 mailing list
Gnso-ppsai3@icann.orghttps://mm.icann.org/mailman/listinfo/gnso-ppsai3
_______________________________________________
Gnso-ppsai3 mailing list
Gnso-ppsai3@icann.org
https://mm.icann.org/mailman/listinfo/gnso-ppsai3