Hello everyone, in an attempt to facilitate further dialogue and, hopefully, consensus on a way forward on this issue, I¹ve taken the liberty of amending Kathy¹s document to take into account Holly¹s comments as well as to attempt to place certain comments (e.g. the ICA¹s, EasyDNS¹) more specifically within a particular category. I attach both a redlined and clean copy of this latest updated version (with the clean copy including yellow highlighted portions where the most significant language changes are suggested). I have not yet broken the comments down further into the registrant/provider distinction that Todd noted, but can of course do so if this is viewed as useful. Please note that this is not a staff position that is being suggested, but merely an attempt to document where the Sub Team¹s discussion seems to be at the moment. I hope this is helpful. Cheers Mary Mary Wong Senior Policy Director Internet Corporation for Assigned Names & Numbers (ICANN) Telephone: +1 603 574 4889 Email: mary.wong@icann.org From: <gnso-ppsai3-bounces@icann.org> on behalf of "Williams, Todd" <Todd.Williams@turner.com> Date: Friday, August 28, 2015 at 22:40 To: Kathy Kleiman <kathy@kathykleiman.com>, "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Thanks Kathy. I both agree and disagree with what you¹ve said below.
I strongly agree that ³the key is the quotes that have come out of the comments.² I¹ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that ³the key is the quotes² is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say not on what we want them to say. That¹s why I felt so strongly that ³verifiable evidence² should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached).
And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the ³court order² comments into one monolithic group. I¹ve given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the ³court order² comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that ³Everyone deserves the right to privacy² and that ³No one¹s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.² And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it.
But note that the registrar/provider comments in the ³court order² group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word ³require² in the Blacknight comment. See also the Key Systems comment: ³Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.² And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others):
· Blacknight: https://www.blacknight.com/acceptable-usage.html.
· Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm.
· EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy.
· 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static.
· Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service.
· DomainIt, Inc.: https://www.domainit.com/terms.html.
· Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement.
So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant¹s privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) that such an accreditation requirement would have such a ³severe impact² on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I¹m an individual registrant concerned about my privacy and due process, then I could care less about the ³economic realities² of providers.
My point is only that we can¹t gloss over that important distinction (and others) by lumping all of the ³court order² comments together as if they were coming from the same place and advocating for the same thing. They¹re not.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently.
What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week.
Best, Kathy :
Thanks Kathy.
· When you say that ³in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one² what are you basing that on? Can you point to any transcripts or emails? I certainly don¹t remember being part of those discussions.
· Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for ³some exceptions for cases of abuse² is another important distinction that the broader WG ought to know about. I¹m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.
· I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (³not indisputably wronged parties²), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don¹t think that you or I should necessarily be the ones to decide this argument. Why can¹t we just say that we weren¹t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.
· I think you¹re missing my point on Blacknight. My point is that the key word is ³require.² As I mentioned below, nothing in Annex E ³requires² Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don¹t see anything in their comment that is inconsistent with Annex E.
· On the APC comment: I don¹t disagree with you that the comment has important value for the WG. But that¹s not the same thing as saying that it advocates for disclosure only following a court order. It doesn¹t.
From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com> <mailto:Todd.Williams@turner.com> ; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?
With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.
So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.
The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.
Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.
Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.
As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!
Best, Kathy :
Thanks Kathy. One minor formatting suggestion:
I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we¹ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:
· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.
· The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.
Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren¹t in our initial summary and don¹t specifically mention Annex E. My thoughts on each:
· Here¹s the full ISPCPC quote, from a section titled ³Regarding LEA definitions & differentiations²: ³While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.² To be honest, I¹m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I¹m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of ³an independent adjudicator should determine the merits of their claim²?
· I also don¹t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that ³any policy that would require us to divulge our client¹s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.² But Annex E as currently drafted doesn¹t require Blacknight to divulge its client¹s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.
· I don¹t understand why we¹d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd f), which we analyze in the previous section that supports the premise of Annex E.
From:gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview
Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.
I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."
Best, Kathy
:
Hi, all!
In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I¹ve done. I hope you find that I present a clear and accurate overview.
I also made some minor revisions to Section V (³Comments that did not fit neatly into any of the above categories²) that I realized after submitting my original draft of that section made a bit more sense. Again, I¹ve redlined the changes so you can easily see what changed.
Please let me know if there are any questions.
Thanks,
Darcy
_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3