Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy :

Thanks Kathy. One minor formatting suggestion:

I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we’ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:

·The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.

·The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.

Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren’t in our initial summary and don’t specifically mention Annex E. My thoughts on each:

·Here’s the full ISPCPC quote, from a section titled “Regarding LEA definitions & differentiations”: “While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.” To be honest, I’m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I’m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of “an independent adjudicator should determine the merits of their claim”?

·I also don’t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that “any policy that would require us to divulge our client’s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.” But Annex E as currently drafted doesn’t require Blacknight to divulge its client’s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.

·I don’t understand why we’d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E.

*From:*gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] *On Behalf Of *Kathy Kleiman *Sent:* Wednesday, August 26, 2015 5:17 PM *To:* gnso-ppsai3@icann.org *Subject:* Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.

I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."

Best, Kathy

:

Hi, all!

In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I’ve done. I hope you find that I present a clear and accurate overview.

I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section made a bit more sense. Again, I’ve redlined the changes so you can easily see what changed.

Please let me know if there are any questions.

Thanks,

Darcy

_______________________________________________

Gnso-ppsai3 mailing list

Gnso-ppsai3@icann.org <mailto:Gnso-ppsai3@icann.org>

https://mm.icann.org/mailman/listinfo/gnso-ppsai3

Folks Again - my two cents worth. If there is a binary one, it would be the view of the ‘no not ever’ comments, and the comments that say no, unless the following. The ‘following’ would be - no unless a court process - no unless a court process and something else - the something else in some cases lists the example of abuse - no unless ‘verifiable evidence’ - and there are legitimate and differing views on what that means - no, unless Annex E (as it is or as amended by the many suggestions) What noone said was a straight out reveal just because someone asked. Holly On 27 Aug 2015, at 11:36 pm, Williams, Todd <Todd.Williams@turner.com> wrote:

Thanks Kathy.

· When you say that “in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one” – what are you basing that on? Can you point to any transcripts or emails? I certainly don’t remember being part of those discussions. · Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for “some exceptions for cases of abuse” is another important distinction that the broader WG ought to know about. I’m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. · I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (“not indisputably wronged parties”), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don’t think that you or I should necessarily be the ones to decide this argument. Why can’t we just say that we weren’t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. · I think you’re missing my point on Blacknight. My point is that the key word is “require.” As I mentioned below, nothing in Annex E “requires” Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don’t see anything in their comment that is inconsistent with Annex E. · On the APC comment: I don’t disagree with you that the comment has important value for the WG. But that’s not the same thing as saying that it advocates for disclosure only following a court order. It doesn’t.

From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?

With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.

So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.

The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.

Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.

Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.

As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!

Best, Kathy : Thanks Kathy. One minor formatting suggestion:

I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we’ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:

· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. · The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.

Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren’t in our initial summary and don’t specifically mention Annex E. My thoughts on each:

· Here’s the full ISPCPC quote, from a section titled “Regarding LEA definitions & differentiations”: “While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.” To be honest, I’m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I’m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of “an independent adjudicator should determine the merits of their claim”? · I also don’t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that “any policy that would require us to divulge our client’s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.” But Annex E as currently drafted doesn’t require Blacknight to divulge its client’s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. · I don’t understand why we’d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E.

From: gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.

I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."

Best, Kathy

: Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I’ve done. I hope you find that I present a clear and accurate overview.

I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section made a bit more sense. Again, I’ve redlined the changes so you can easily see what changed.

Please let me know if there are any questions.

Thanks, Darcy

_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3

_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3

Thanks Kathy. I both agree and disagree with what you've said below. I strongly agree that "the key is the quotes that have come out of the comments." I've said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that "the key is the quotes" is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say - not on what we want them to say. That's why I felt so strongly that "verifiable evidence" should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the "court order" comments into one monolithic group. I've given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the "court order" comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that "Everyone deserves the right to privacy" and that "No one's personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency." And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the "court order" group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word "require" in the Blacknight comment. See also the Key Systems comment: "Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider." And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): * Blacknight: https://www.blacknight.com/acceptable-usage.html. * Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. * EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. * 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. * Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. * DomainIt, Inc.: https://www.domainit.com/terms.html. * Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant's privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted - both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) - that such an accreditation requirement would have such a "severe impact" on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I'm an individual registrant concerned about my privacy and due process, then I could care less about the "economic realities" of providers. My point is only that we can't gloss over that important distinction (and others) by lumping all of the "court order" comments together as if they were coming from the same place and advocating for the same thing. They're not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy : Thanks Kathy. * When you say that "in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one" - what are you basing that on? Can you point to any transcripts or emails? I certainly don't remember being part of those discussions. * Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for "some exceptions for cases of abuse" is another important distinction that the broader WG ought to know about. I'm fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. * I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true ("not indisputably wronged parties"), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don't think that you or I should necessarily be the ones to decide this argument. Why can't we just say that we weren't quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. * I think you're missing my point on Blacknight. My point is that the key word is "require." As I mentioned below, nothing in Annex E "requires" Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don't see anything in their comment that is inconsistent with Annex E. * On the APC comment: I don't disagree with you that the comment has important value for the WG. But that's not the same thing as saying that it advocates for disclosure only following a court order. It doesn't. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com><mailto:Todd.Williams@turner.com>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy : Thanks Kathy. One minor formatting suggestion: I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we've added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move: * The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. * The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4. Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren't in our initial summary and don't specifically mention Annex E. My thoughts on each: * Here's the full ISPCPC quote, from a section titled "Regarding LEA definitions & differentiations": "While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims." To be honest, I'm not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I'm not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of "an independent adjudicator should determine the merits of their claim"? * I also don't understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that "any policy that would require us to divulge our client's information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law." But Annex E as currently drafted doesn't require Blacknight to divulge its client's information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. * I don't understand why we'd include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E. From: gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies. I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes." Best, Kathy : Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I've done. I hope you find that I present a clear and accurate overview. I also made some minor revisions to Section V ("Comments that did not fit neatly into any of the above categories") that I realized after submitting my original draft of that section made a bit more sense. Again, I've redlined the changes so you can easily see what changed. Please let me know if there are any questions. Thanks, Darcy _______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org<mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3

Hi, all! I wanted to follow up with this group since last Tuesday¹s meeting. Are we scheduled to present on Sept. 8? Are we still planning to make some suggested edits to Annex E to better align with the public comments? Thanks, Darcy From: <gnso-ppsai3-bounces@icann.org> on behalf of "Williams, Todd" <Todd.Williams@turner.com> Date: Friday, August 28, 2015 at 7:40 AM To: Kathy Kleiman <kathy@kathykleiman.com>, "gnso-ppsai3@icann.org" <gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Thanks Kathy. I both agree and disagree with what you¹ve said below. I strongly agree that ³the key is the quotes that have come out of the comments.² I¹ve said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that ³the key is the quotes² is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say ­ not on what we want them to say. That¹s why I felt so strongly that ³verifiable evidence² should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the ³court order² comments into one monolithic group. I¹ve given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the ³court order² comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that ³Everyone deserves the right to privacy² and that ³No one¹s personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency.² And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the ³court order² group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word ³require² in the Blacknight comment. See also the Key Systems comment: ³Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider.² And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): · Blacknight: https://www.blacknight.com/acceptable-usage.html. · Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. · EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. · 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. · Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. · DomainIt, Inc.: https://www.domainit.com/terms.html. · Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant¹s privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted ­ both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) ­ that such an accreditation requirement would have such a ³severe impact² on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I¹m an individual registrant concerned about my privacy and due process, then I could care less about the ³economic realities² of providers. My point is only that we can¹t gloss over that important distinction (and others) by lumping all of the ³court order² comments together as if they were coming from the same place and advocating for the same thing. They¹re not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com>; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy :

Thanks Kathy.

· When you say that ³in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one² ­ what are you basing that on? Can you point to any transcripts or emails? I certainly don¹t remember being part of those discussions.

· Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for ³some exceptions for cases of abuse² is another important distinction that the broader WG ought to know about. I¹m fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate.

· I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true (³not indisputably wronged parties²), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don¹t think that you or I should necessarily be the ones to decide this argument. Why can¹t we just say that we weren¹t quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration.

· I think you¹re missing my point on Blacknight. My point is that the key word is ³require.² As I mentioned below, nothing in Annex E ³requires² Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don¹t see anything in their comment that is inconsistent with Annex E.

· On the APC comment: I don¹t disagree with you that the comment has important value for the WG. But that¹s not the same thing as saying that it advocates for disclosure only following a court order. It doesn¹t.

From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com> <mailto:Todd.Williams@turner.com> ; gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data?

With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating.

So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2.

The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know.

Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here.

Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand.

As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it!

Best, Kathy :

...

Thanks Kathy. One minor formatting suggestion:

I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we¹ve added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move:

· The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3.

· The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4.

Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren¹t in our initial summary and don¹t specifically mention Annex E. My thoughts on each:

· Here¹s the full ISPCPC quote, from a section titled ³Regarding LEA definitions & differentiations²: ³While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims.² To be honest, I¹m not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I¹m not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of ³an independent adjudicator should determine the merits of their claim²?

· I also don¹t understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that ³any policy that would require us to divulge our client¹s information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law.² But Annex E as currently drafted doesn¹t require Blacknight to divulge its client¹s information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse.

· I don¹t understand why we¹d include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd... ), which we analyze in the previous section that supports the premise of Annex E.

From:gnso-ppsai3-bounces@icann.org [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview

Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.

I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."

Best, Kathy

:

...

Hi, all!

In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I¹ve done. I hope you find that I present a clear and accurate overview.

I also made some minor revisions to Section V (³Comments that did not fit neatly into any of the above categories²) that I realized after submitting my original draft of that section made a bit more sense. Again, I¹ve redlined the changes so you can easily see what changed.

Please let me know if there are any questions.

Thanks,

Darcy

_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3

_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3

I thought the discussion on our call today supported what I was outlining below. Michele doesn't even want to provide 24-hour notice before publication. Much less get a court order. Grouping the comments from Blacknight (and Key-Systems, and others) in the same bucket as the 11,000+ Protect Our Privacy comments, which argued for no disclosure absent a court order (much less publication), misses that distinction. From: Williams, Todd Sent: Friday, August 28, 2015 10:40 AM To: 'Kathy Kleiman' <kathy@kathykleiman.com>; gnso-ppsai3@icann.org Subject: RE: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Thanks Kathy. I both agree and disagree with what you've said below. I strongly agree that "the key is the quotes that have come out of the comments." I've said repeatedly that our job as a sub-team is not to advocate, but to simply present the comments to the WG in as accurate and objective a way as possible. To the extent that we then want to advocate for our own positions as part of the larger WG, we can do so. Moreover, part of the reason why I feel so strongly that "the key is the quotes" is that I think we have to take the comments at face value, and then debate as WG whether we can reach consensus on what they actually say - not on what we want them to say. That's why I felt so strongly that "verifiable evidence" should not be reinterpreted to mean a court order. It is also what animated my email exchange with Stephanie in the larger WG (attached). And if we are in fact faithful to what the comments actually say, then it is a mistake to lump all of the "court order" comments into one monolithic group. I've given some examples of substantive differences below. But let me give another one: if we look at what they actually say, the "court order" comments are very much divided based on whether the comment came from an individual registrant or from a registrar/provider. Which of course makes sense: a registrant will tend to look at these issues very differently than a provider. Specifically, as you correctly note in our draft, the vast majority of comments (11,000+) from individuals/registrants said that "Everyone deserves the right to privacy" and that "No one's personal information should be revealed without a court order, regardless of whether the request comes from a private individual or law enforcement agency." And of course, we can understand why registrants would argue that their right to privacy is inviolate, and that it should never be abrogated unless a court blesses it. But note that the registrar/provider comments in the "court order" group do NOT say the same thing. Rather, they are focused on retaining their discretion as to when to disclose or publish, and do not want an accreditation standard that requires them to do so absent a court order. Hence my point about the word "require" in the Blacknight comment. See also the Key Systems comment: "Disclosure or publication should never be the automatic result of a process, but rather remain an option of the provider." And others. So one key distinction b/w the registrant/individual comments and the registrar/provider comments is that the registrant comments do not want disclosure or publication EVER unless following a court order, while the provider comments want a court order first if SOMEBODY ELSE wants them to disclose or publish, but not if THEY want to disclose or publish. And we can understand why, given how many provider Terms of Service include language that gives them discretion to basically turn off a P/P Service whenever they want (for example, if the registrant stops paying them), without any kind of process beforehand (due process or otherwise). See below (among many others): * Blacknight: https://www.blacknight.com/acceptable-usage.html. * Whoisprivacy.com, Ltd.: http://www.whoisprivacyservices.com.au/terms.htm. * EuroDNS S.A.: https://www.eurodns.com/terms-and-conditions/whois-privacy. * 1&1 Internet, Inc.: http://www.1and1.com/TcPdr?__lf=Static. * Domain.com, LLC: http://www.domain.com/legal/legal_domain.bml#domain-privacy-service. * DomainIt, Inc.: https://www.domainit.com/terms.html. * Moniker Privacy Services, LLC: http://www.moniker.com/legal/registration-agreement. So we can understand why providers would not want an accreditation regime that requires them to get a court order before they turn off a registrant's privacy service (and to rewrite their Terms of Service accordingly). In fact, Volker has already admitted - both on the email list (see attached) and on our weekly calls (see transcript of 8-11-15 call) - that such an accreditation requirement would have such a "severe impact" on the economic realities of providers (in other words, would cost them so much money), that they could never agree to such a requirement. But of course, if I'm an individual registrant concerned about my privacy and due process, then I could care less about the "economic realities" of providers. My point is only that we can't gloss over that important distinction (and others) by lumping all of the "court order" comments together as if they were coming from the same place and advocating for the same thing. They're not. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Friday, August 28, 2015 8:44 AM To: Williams, Todd <Todd.Williams@turner.com<mailto:Todd.Williams@turner.com>>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, The entire WG is now looking to our comments to show what supports Annex E (deemed generally to be a lower standard than court order) and Court Order (deemed to be a much higher standard than Annex E). What we are talking about is the floor, not the ceiling, right, for accreditation? Namely, what is the minimum requirement for disclosure of proxied data? I see it as really quite binary - up or down (Annex E or court order for private requests to p/p providers) - but I can understand if the subteam thinks differently. What I think is key is the quotes that have come out of the comments. Provided we keep the quotes, I'm good.I can rework, but not until end of weekend or early next week. Best, Kathy : Thanks Kathy. * When you say that "in the weeks since the original draft, I think the discussion has evolved from a multipart one . . . to a binary one" - what are you basing that on? Can you point to any transcripts or emails? I certainly don't remember being part of those discussions. * Moreover, had I been involved in those discussions, I would have objected, because I think that lumping the comments together in the way that you have, and ignoring the categories that our sub-team had already agreed upon, does a disservice to the nuance of the comments from Google, ICA, EasyDNS, and the like. For example, a UDRP panel is not a court. I think that is an important distinction between Categories 2 and 3. And the fact that the ICA and EasyDNS comments would allow for "some exceptions for cases of abuse" is another important distinction that the broader WG ought to know about. I'm fine if we want to include some sort of introductory sentence saying that __ comments opposed the basic premise of Annex E (which we do). But to then argue that those comments are monolithic, or that they all oppose the premise of Annex E in the same way, is not accurate. * I simply understood the ISPCP comment to mean that allegations of infringement should not always be automatically taken as true ("not indisputably wronged parties"), and that some independent adjudicator (meaning, somebody other than the IP owner who is making the allegation) should evaluate the merits of those claims. Annex E as currently drafted provides for that. But I also don't think that you or I should necessarily be the ones to decide this argument. Why can't we just say that we weren't quite sure what to do with this one (as was true with some others), and take it to the larger WG for their consideration. * I think you're missing my point on Blacknight. My point is that the key word is "require." As I mentioned below, nothing in Annex E "requires" Blacknight to disclose (merely to give reasons if they refuse to disclose). So I don't see anything in their comment that is inconsistent with Annex E. * On the APC comment: I don't disagree with you that the comment has important value for the WG. But that's not the same thing as saying that it advocates for disclosure only following a court order. It doesn't. From: Kathy Kleiman [mailto:kathy@kathykleiman.com] Sent: Wednesday, August 26, 2015 10:59 PM To: Williams, Todd <Todd.Williams@turner.com><mailto:Todd.Williams@turner.com>; gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi Todd, Tx you for the close read. In the weeks since the original draft, I think the discussion has evolved from a multipart one - such as the 5 categories originally created in Section III -- to a more binary one: do commenters support a system such as Annex E or do they want court order prior to the reveal of the data? With apologies, I don't understand the differentiation into Categories 2, 3 and 4 in Section III. Some parties may have mentioned UDRP, and others not, but that does not take away from the totality of the commenters who want court orders -- or want court orders for certain categories of requests such as privacy requests to p/p providers from third parties, such as intellectual property requests. To divide up these comments really dilutes the argument, I think, as these commenters favor court order for the key issue we are evaluating. So I would recommend keeping Google, Endurance, Wheelhouse, ICA and Easy DNS together in Category 2. The ISPCP Constituency Comments call for an "independent adjudicator" to "determine the merits of their ("intellectual property rights holders") claims. I thought that was pretty clear reference to a judge or magistrate, but if you see it differently, please let me know. Re Blacknight, on the issue of Annex E or court order, the comments appear to come down squarely for court orders. For LEA, it recommends a different approach, but there is no reference to Annex E, only "a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us." The intellectual property requests falls into the final category -- court order -- and as such, this comment would be properly listed here. Re: APC, Alliance for Progressive Communications, you are right that I missed a step in putting this comment forward. The question this quote addresses, and it is a valuable one, is court orders and jurisdiction -- from which jurisdiction are court orders are valid? Here APC provides us with unique insight, very worth passing onto the WG: that release of domain name data in some countries has and will continue to result in arrest, prosecution, conviction, etc. of "domain owners" who are "exercising activism" online. This is a very tough issue that we discussed in the WG, and APC is on the ground in Africa and near the Middle East to see abuses first hand. As the WG explores the issue of court orders, the next question is: from what jurisdiction should/must p/p provider accept a court order? The APC comment reminds us that what is clearly legal in one country is punishable in another -- and that jurisdictional issues for court orders are a key part of what we (the WG) have to keep in mind. If you would like to create a introductory paragraph, or new section, for this type of discussion, I would certainly welcome it! Best, Kathy : Thanks Kathy. One minor formatting suggestion: I think the spectrum that we outline on page 5 (Categories 1-4) is useful, because not all of these comments are advocating for the same thing. Yet the quotes that we've added from the comments are all included under Category 2, which is somewhat confusing. I would suggest that we move: * The quotes from the comments from Google, Endurance International Group, and Jeff Wheelhouse to the paragraph on Category 3. * The quotes from the comments from ICA and Easy DNS to the paragraph on Category 4. Also, I saw that you added quotes from the comments from ISPCPC, Blacknight, and the Association for Progressive Communications, even though those weren't in our initial summary and don't specifically mention Annex E. My thoughts on each: * Here's the full ISPCPC quote, from a section titled "Regarding LEA definitions & differentiations": "While we respect the desire to utilize the official ICANN definition of Law Enforcement Agent (LEA), we acknowledge that intellectual property rights holders and private anti abuse organizations should be treated as complainants and not indisputably wronged parties, and accordingly an independent adjudicator should determine the merits of their claim before rights that users would otherwise have are abrogated by reason of those lawyers' claims." To be honest, I'm not really sure what to make of that (especially given that it is included under a heading about LEA definitions). But I'm not sure that we can assume that it means disclosure only following a court order. Why would Annex E as currently drafted not satisfy the standard of "an independent adjudicator should determine the merits of their claim"? * I also don't understand why we would think that the Blacknight quote is incompatible with Annex E. All it says is that "any policy that would require us to divulge our client's information in the absence of either a request from law enforcement, Irish consumer protection agencies or a court order with jurisdiction over us is incompatible with Irish law." But Annex E as currently drafted doesn't require Blacknight to divulge its client's information. Rather, it gives Blacknight the discretion to make that decision; all it requires is that Blacknight provide the complainant with its reasoning if it chooses to refuse. * I don't understand why we'd include a quote from the APC comment in this section, given that it does not mention Annex E, and that it expressly endorsed the NCSG comment (see: http://forum.icann.org/lists/comments-ppsai-initial-05may15/pdfwOfjgYV0i9.pd...), which we analyze in the previous section that supports the premise of Annex E. From: gnso-ppsai3-bounces@icann.org<mailto:gnso-ppsai3-bounces@icann.org> [mailto:gnso-ppsai3-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, August 26, 2015 5:17 PM To: gnso-ppsai3@icann.org<mailto:gnso-ppsai3@icann.org> Subject: Re: [Gnso-ppsai3] Revised Subteam 3 Summary with Overview Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies. I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes." Best, Kathy : Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I've done. I hope you find that I present a clear and accurate overview. I also made some minor revisions to Section V ("Comments that did not fit neatly into any of the above categories") that I realized after submitting my original draft of that section made a bit more sense. Again, I've redlined the changes so you can easily see what changed. Please let me know if there are any questions. Thanks, Darcy _______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org<mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3

Sorry Holly, I must have missed the email with your edits. If you could kindly add them into the text, that would be great! RE: the last call, I was referring to the Subteam 3 call... about a week ago, I think. To Todd: I'll be back in touch later tonight. In the midst of packing for a trip to see my parents before the summer is over... Best, Kathy :

Hi Kathy

Great job.

First - I did suggest some changes to the first paragraph - I gather you aren’t happy with them?

Next - you refer to the ‘last call’. Is that the full PPSAI or one just for Subteam 3 Thanks Holly On 27 Aug 2015, at 7:16 am, Kathy Kleiman <Kathy@kathykleiman.com <mailto:Kathy@kathykleiman.com>> wrote:

...

Hi All, Tx to Darcy for the Overview work. I've taken her draft and added to it my work on Section III as promised on the last call. I added more quotes from commenters seeking court orders and the use of existing legal due process mechanisms prior to disclosure of proxied data. There was a wide array of comments on this issue, including from ISPs, individuals, organizations, and companies.

I used Darcy's version as the base. Both her edits (Overview) and my edits (Section III) are shown in "track changes."

Best, Kathy

:

...

Hi, all! In follow up to our call earlier this week, attached is an updated Sub-team 3 analysis draft with the overview added at the beginning. I redlined my changes so you can clearly see what I’ve done. I hope you find that I present a clear and accurate overview.

I also made some minor revisions to Section V (“Comments that did not fit neatly into any of the above categories”) that I realized after submitting my original draft of that section made a bit more sense. Again, I’ve redlined the changes so you can easily see what changed.

Please let me know if there are any questions.

Thanks, Darcy

_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org https://mm.icann.org/mailman/listinfo/gnso-ppsai3

<Summary of Annex E comments - 10 August - consolidated (Darcy's overview added 2015-08-21)(Kathy's Section III added).doc>_______________________________________________ Gnso-ppsai3 mailing list Gnso-ppsai3@icann.org <mailto:Gnso-ppsai3@icann.org> https://mm.icann.org/mailman/listinfo/gnso-ppsai3